Installation & Configuration
This forum is the best way to get up and running with the Nutanix platform
- 1,136 Topics
- 3,091 Replies
AHV Networking | Need to change NIC modes?
Let's say for example we have multiple VLANs in our environment to logically segment the traffic. We need to configure the network interface accordingly as we might need a VM to be VLAN aware. Before understanding the method to configure this, let us understand the difference between trunk and access modes. An access port sends and receives untagged frames (i.e. all frames are in the same VLAN) A trunk port supports tagged frames and thus it allows to switch multiple VLANs. Do we have a method to configure trunk mode in a NIC The following article mentions the steps to safely change a NIC mode of a VM to trunk mode. How to change NIC mode (Access, Trunked)
Medusa Down - Found Cassandra data files with future modify time
I have this same error on 3 nodes - I have checked networking / Time and connectivity and it all seems ok. Running ncc health checks on different services gives me a range of things to check. Not sure where to start with this. The Hosts are Hyper-V.
NCC Health checks SAR command failed to execute
Hi Team, I executed the NCC health checks run_all on two clusters and got the following message (at the end of the run_all script): Detailed information for sar_stats_threshold_check:ERR : Execution terminated by exception IndexError('list index out of range',):Traceback (most recent call last): File "/home/hudsonb/workspace/workspace/ncc-2.0.2-stable_release/builds/build-ncc-2.0.2-stable-release/ncc-python-tree/bdist.linux-x86_64/egg/ncc/ncc_utils/plugin_utils.py", line 128, in handle_exceptions result = fn() File "/home/hudsonb/workspace/workspace/ncc-2.0.2-stable_release/builds/build-ncc-2.0.2-stable-release/ncc-python-tree/bdist.linux-x86_64/egg/ncc/plugins/base_plugin.py", line 740, in result = putils.handle_exceptions(lambda : check(*check_args), cls.canvas) File "/home/hudsonb/workspace/workspace/ncc-2.0.2-stable_release/builds/build-ncc-2.0.2-stable-release/ncc-python-tree/bdist.linux-x86_64/egg/ncc/plugins/health_checks/sar_checks.py", line 358, in check_threshol
Downgrade NOS version
Hi all, I have a upcoming appliance installation and it might be necessary that we need to downgrade the current NOS version. Is there an out-of-the box approach / method available that could be used to downgrade an existing cluster? Or maybe KB-articles that could help me regarding this issue? Thank you and best regards, Andreas
CVM network sementation and vSphere distributed switches
According to the documentation, Backplane traffic segmentation is [u]not[/u] supported in a configuration for "ESXi clusters in which the CVM is connected to a VMware distributed virtual switch" . What I'd like to understand is whether this is related to technical reasons, or it is just a configuration limitation of the CVM installer/Prism management? So far I counldn't find a comprehensive guide/document about setting up a Nutanix cluster with vSphere distributed switches, and nodes with 2x10gbps each. It doesn't seem to make sense to me to set this up with standard swtches (i.e. no Network I/O control) where all traffic (VM, storage, vMotion, ...) use the same physical uplinks.
Setting up cluster with no DNS and no NTP ?
Hi, I'm implementing Nutanix AHV at a customer in a bunker environment. There is no internet access, and the infrastructure will have minimal to no LAN communication outside of the cluster infrastructure. The customer expected to use IP and shot names based on hosts files instead of DNS resolution. Unfortunately, on Foundation, there is no way to setup the cluster with no DNS. And I guess NTP will be the same, but I didn't get there. Any workaround ? Or are NTP and DNS mandatory for the cluster to work ?
Migrate Nutanix Cluster from one vCenter to Another
We are creating a Nutanix cluster and staging/patching before moving to the production site. We don't have time during staging to stand up the whole infrastructure on the new cluster (vCenter, AD, etc) so we are adding the new hardware to an existing vSphere/vCenter environment. We will need to then move the cluster to the new site, and build the new AD/vCenter servers and use the new hosts to create a new Nutanix cluster. Trying to discern the best way to migrate the cluster from one vCenter/AD to a new vCenter/AD that will be built fresh.
Managing Local User Accounts
The Prism Central admin user is created automatically, but you can add more (locally defined) users as needed. To add, update, or delete a user account, do the following:Note: To add user accounts through Active Directory, see Configuring Authentication. If you enable the Prism Self Service feature, an Active Directory is assigned as part of that process (see Prism Self Service Overview).Procedure In the Settings menu available from the gear icon, select Local User Management (see Main Menu Options).The User Management dialog box appears. Figure. User Management Window Click to enlarge To add a user account, click the New User button and do the following in the displayed fields: Username: Enter a user name. First Name: Enter a first name. Last Name: Enter a last name. Email: Enter the user email address. Password: Enter a password (maximum of 255 characters).Note: A second field to verify the password is not included, so be sure to enter the password co
CPU Performance Settigs for AHV
What is the recommended CPU performance setting for AHV? Im curious if AHV has the ability to interract with the Intel throttling or if it's better to just have it run full speed all the time. The CPU power options are: Performance Per Watt DAPC Performance Per Watt OS Performance Acropolis Hypervisor 201602173 Dell xc730xd nodes with 2 X Xeon E5-2630 v3 @ 2.40GHz The Dell Active Power Control (DAPC) mode allows the BIOS to manage the processor power states in order to achieve Performance/Watt maximized at all utilization levels and workload types while still meeting performance requirements. In the OS (Demand Based Power Management (DBPM) mode, the operating system (OS) controls the processor’s power management. In the Maximum Performance mode, the processor runs at the highest frequency all the time. [list] [*]Performance Per Watt Optimized (DAPC) This mode allows the BIOS to manage the processor power states in order to achieve Performance/Watt maximized at all utiliz
Layer2 Issue - AOS 5.5.8 - AHV
I have a problem with arp requests on the bridge for guest traffic In the drawing below the current architecture. If a request arrives from the outside, passing through the firewall, and the firewall is starting to communicate to a VM connected to a NIC to BR1-UP bond of BR1 bridge, the ARP request for the resolution of the VM address stops at the bridge BR1 and do not reach the VM, in this case the firewall and VM ARP tables remain unpopulated and the communications stop. On the other hand, if the communications depart from the VM to the Firewall (for example with a ping) the ARP request is processed by the firewall and the ARP tables of firewall and VM are correctly populated with the respective MAC ADDRs. Firewall IP and VM IP are in the same broadcast domain, no routing. I checked with Wireshark on the windows VM, with tcpdump and ovs-appctl fdb/show on the Nutanix host and when the communications start from the firewall the ARP request goes up to the physical card of the BR1
Foundation with Phoenix - reborn from ashes
Warning: Use of Phoenix to re-image or reinstall AOS with the Action titled "Install CVM" on a node that is already part of a cluster is not supported by Nutanix and can lead to data loss. Use of Phoenix to repair the AOS software on a node with the Action titled "RepairCVM" is to be done only with the direct assistance of Nutanix Support. Use of Phoenix to recover a node after a hypervisor boot disk failure is not necessary in most cases. Please refer to the Hardware Replacement Documentation for your platform model and AOS version to see how this recovery is automated through Prism. What is Phoenix? Phoenix is an ISO-based installer that you can use to perform the following installation tasks on bare-metal hardware one node at a time: Configuring hypervisor settings, virtual switches, and so on after you install a hypervisor on a replacement host boot disk. This option does not require you to include AOS and hypervisor installers in the Phoenix ISO image. Installing the Controller V
Have you secured your IPMI?
Did you know you can secure your IMPI Web Interface with an SSL Certificate? Securing the IPMI Web interface is recommended to help reduce susceptibility to attacks. You can further enhance security by installing your own customized certificate or a CA-signed certificate. Nutanix recommends strong keys and signature algorithms. The IPMI module supports SHA2 and RSA 2048 bit SSL. Avoid long certificate chains or large certificates. If the IPMI module shows the default or previously-installed certificate after you install a new one, or you are unable to log in to the IPMI web interface, the chain is too long (chain length longer than one) or certificate too large. As a test, create a simple self-signed certificate and install it to ensure the IPMI is working correctly before attempting to install larger certificates. You can use openssl or keytool to generate keys, certificates, and signing requests. Similarly to any other certificate deployment, the process consists of two steps
Issues with Ubuntu and Debian Kernels corrupting due to SSDs.
We have an NX-3050 and we frequently have to re-build linux VM's due to their ext4 filesystems corrupting and goin into read only. Our research has pointed us to articles where the linux kernel has issues with SSD's. Has anyone else experienced this and if so, how did you solve it? Edit: We created a container that bypassed the SSD's and we have not yet see the issue there, but we would love to re-engage the SSD's on our servers. The linux version/distro is Ubuntu 12.04.3 LTS. One of the articles we found relating to this is: [url=http://askubuntu.com/questions/262717/ubuntu-12-04-ssd-root-frequent-random-read-only-file-system]http://askubuntu.com/questions/262717/ubuntu-12-04-ssd-root-frequent-random-read-only-file-system[/url] I hope this helps if any of you have experienced this issue.
AFS - Home directory permissions allow ALL users to read ALL home folders?
We just set up AFS. On the home directories, we expected that like a Windows home directory setup, the user would be the only person able to view their home folder. (and Domain Admins of course). But, on AFS per this doc https://portal.nutanix.com/#/page/docs/details?targetId=Acropolis-File-Services-Guide-v20:Acropolis-File-Services-Guide-v20 and also per our experience it seems like ALL USERS can view everybody's folder and contents. This seems like a security problem since HOME directories are typically expected to allow only the user to view their data. Is this by design? It seems like a significant security challenge and much different from how this would typically be set up on a Windows file server.
Designing, Optimizing and Scaling Microsoft SQL Server
Executive SummaryThis document makes recommendations for designing, optimizing, and scaling Microsoft SQL Server deployments on the Nutanix enterprise cloud. Historically, it has been a challenge to virtualize SQL Server because of the high cost of traditional virtualization stacks and the impact that a SAN-based architecture can have on performance. Businesses and their IT departments have constantly fought to balance cost, operational simplicity, and consistent predictable performance.Nutanix removes many of these challenges and makes virtualizing a business-critical application such as SQL Server much easier. The Nutanix distributed storage fabric is a software-defined solution that provides all the features one typically expects in an enterprise SAN, without a SAN’s physical limitations and bottlenecks. SQL Server particularly benefits from the following storage features: Localized I/O and the use of flash for index and key database files to lower operation latency. A highly dist
LDAP login without the domain name
We have a very long domain name and with the current config we are using the UPN (firstname.lastname@example.org) name to login. This is becoming very irritating for me to enter the domain name each time I login. Can we configure a default domain for all the login users to use if the user didn’t mention any domain and of course if we don’t have local user by the same name?
Cerebro http on port 2020 and security
Hi all, A network security audit on a customer infrastructure reported a vulnerability on the cerebro http (port 2020) who is open on http in every CVM and without any security prompt.Some sensitives informations are visible : - AOS version : el7.3-release-euphrates-5.10.7-stable-... - VM Names - Protection Domain names - Witness ip address - ... Is there’s a way to secure this component ?
Now we encounter a problem, after A node with ipmi remote connection address connection, set the vlan from disable error into able, then even not ipmi remote management address, in the local service of esxi host execution ipmi commands, prompt invalid orders, is there other ways to enable remote management of ipmi address.
Already have an account? Login
Login to the community
Login with your account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.