• NOTES
  • If you already have nginx deployed, skip to the “Add a website for URL redirect” step.
•  Assumptions
  • You have an Ubuntu 22.04 Linux server created
    • 4GB of RAM
    • 30GB of Drive Storage
• Prerequisites
  • You have a DNS “A” record redirecting all subdomains to your machine.
    • For instance, if your domain is “example.com”, you need to create an A record of “*” to redirect everything to anysubdomain.example.com.
• Download openssh (OPTIONAL)
  • This allows the user to ssh into the machine to allow for easier copying and pasting of commands
    • sudo -i
      • This puts the current terminal as a super user (can run commands as an admin).
    • apt-get update
      • Updates the current list of Linux packages.
    • apt-get upgrade
      • Upgrades all of the packages/updates the actual software
    • apt-get install openssh-server
      • This installs openssh so you can ssh to the Linux machine
  • Connect to the Linux machine via SSH (use putty or the cmd)
• Install nginx
  • apt install nginx
    • This installs the nginx software and engine
  • systemctl status nginx
    • this will check the status of nginx, ensuring the it is running
• Add a website for URL redirect
  • cd /etc/nginx/sites-available
  • nano yourwebsite.example.com
    • You will want this to actually be the URL you are redirecting. For instance, test.nationaltrail.us. “test” is the subdomain and “nationaltrail.us” is the domain we own.
  • Add the following configuration to the file
    • server {
      server_name test.nationaltrail.us;location / {
      proxy_pass http://10.10.8.112; # Point to test web server
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      }
      }
      • This redirects “test.nationaltrail.us” to “http://10.10.8.112”
  • Link sites-available to sites-enabled
    • ln -s /etc/nginx/sites-available/test.nationaltrail.us /etc/nginx/sites-enabled
      • This creates a link from sites-available to sites-enabled to allow nginx to start redirecting/have access to the configuration
  • Test the configuration
    • nginx -t
      • This should have an output such as “the configuration is OK”
  • Restart the nginx service
    • systemctl reload nginx
  • You should now ab able to go to “test.nationaltrail.us” to go to the website located at “10.10.8.112”
• Add Certbot and secure the site
  • At this point, you are only redirecting traffic, not adding an SSL certificate. This will add encryption to secure the site.
  • Install certbot and the nginx plugin
    • apt install certbot python3-certbot-nginx
  • Secure your website
    • certbot –nginx -d test.nationaltrail.us
  • Go through the installation process. This includes adding a notification email for certificate expiration AND choosing the option for REDIRECTING traffic to HTTPS. This is the second option if you are prompted for it.
  • Restart nginx
    • systemctl reload nginx
• Connect to your website! It should be secured unless the web app requires further proxy configuration (refer to the webpages documentation for this possibility).

• NOTE: You can do other commands such as copy files from the container to your VM, install tools in the container, and anything that can be done on a regular Ubuntu install. For more information, look in the DOCKER DOCUMENTATION.
•  Assumptions
  • You are using Ubuntu/Debian-based OS
  • You have Docker installed
  • You have a running container
  • You have access to the docker environment
• Get the docker ID and list the containers
  • Open Ubuntu Terminal
    • docker ps
      • This allows you to get a list of all docker containers
  • The docker ID is the first string of numbers and letters before your container
    • 
  • Enter the docker container
    • docker exec -it <your container ID> bash
      • docker exec -it 175cb158268e bash
• You can now execute commands in the container just as you could in a regular Ubuntu Server.

Here at school, and at my home, we use an SSD for the OS and programs, and a traditional HDD for user files and data.  This requires a registry edit before a user logs on, and has worked great to save SSD space for those items that need SSD speed.

However, it appears to cause issues with major updates in Windows.  While minor updates happen frequently, major ones always fail.  I needed the major upgrade to 21H2 to make Starfall work, so it was a priority!  🙂

To fix this issue I had to do the following.

1.  Logon with the admin account that was originally setup with windows.  This account is stored in the User folder where windows was installed.
2. Undo the registry hack to put user folders on the D: Drive.
   1. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList] should be returned to %SystemDrive%\Users
3. Run the following in an administrator command prompt.  In short, it repairs the Windows installation folder.
   1. DISM.exe /Online /Cleanup-image /Restorehealth
4. Now I ran an upgrade from a flash drive with the current Windows release…and it worked!

Hope this helps anyone else with Windows upgrade issues, or more importantly, Starfall issues!

• Assumptions
  • You already have a vCenter virtual environment with permission to create virtual machines.
    • This environment is fully licensed.
  • You have prior knowledge of how to create a virtual machine (Can make a Windows Server 2022 machine).
• Prerequisites
  • On Personal Machine
    • Download and install the Tanzu Grid CLI tools from the VMWare website
      • DOWNLOAD LINK HERE
      • 
    • Download, install, and open Docker Desktop on your machine
      • DOWNLOAD LINK
      • 
  • On vCenter
    • You need to download the Tanzu base image (OVA file) from the VMware website, upload it to your server and convert it to a template. (When you do the initial setup on the Tanzu you will know what version you need)
      • DOWNLOAD LINK HERE
• Create an SSH Public key on your vCenter environment
  • Generate a public key using Puttygen or other key-generation softwares
  • SSH to the vCenter server using Putty or another SSH service
  • Enter the following commands and change the following lines
    • vi /etc/ssh/sshd_config
      • CHANGE: PermitRootLogin no” to “PermitRootLogin yes”
    • vi /etc/ssh/keys-root/authorized_keys
      • Add the key you created
    • /etc/init.d/SSH restart
• Do the Tanzu Installation
  • Enter the following commands into the command line
    • tanzu init
    • tanzu mc create -u
  • You will be presented with a web GUI for the Tanzu installation
    • Select “Deploy” under the VMware vSphere option
    • 
  • Under the IaaS Provider Option
    • IP or FQDN
      • Enter the IP address/DNS name of your virtual environment
    • Username
      • Enter the username of an administrator account for vCenter
    • Password
      • The password to the account name you provided
    • Disable verification
      • Unchecked
    • SSL Thumbprint Verification
      • Check “Disable Verification”
    • Click Connect
    • Select the datacenter you have set up in vCenter
    • SSH Public Key
      • Enter the same public key you put in your vCenter config files
  • Under Management Cluster Settings Tab
    • Deployment 
      • Select the desired instance type; I used small
    • Management Cluster Name 
      • Give your new cluster a name
    • Control Plane Endpoint Provider
      • Kube-vip (for simplicity’s sake)
    • Worker Node Instance Type
      • I used small
    • Control Plane Endpoint
      • Give your cluster an unused IP address
  • VMware NSX Advanced Load Balancer
    • LEAVE THIS BLANK
  • Metadata
    • LEAVE THIS BLANK
  • Resources
    • VM Folder
      • Select the folder that you want your VMs to be a part of.
    • Datastore
      • Select the datastore you want your machines to be stored
  • Kubernetes Network
    • Network Name
      • Select the port group/vCenter network you want to use.
    • Cluster Service CIDR
      • Leave Default 
        • CLUSTER SERVICE CIDR
          • 100.64.0.0/13
        • CLUSTER POD CIDR
          • 100.96.0.0/11
  • Identity Management
    • DISABLE THE CHECKBOX TO BLANK THIS OUT
  • OS Image
    • Select the template you made earlier in the installation process
  • Select “Review Configuration” and finish the installation
• Deploy an Azure DevOps machine
  • Create a Windows Server VM (I used 2022)
    • Download the Azure DevOps Server Tools
      • DOWNLOAD LINK HERE
    • This is a very typical setup wizard (basically just clicking next 5 times). It will install Java and SQL for you if you do not have them already.
  • After an uneasy amount of time, the installation will be complete (you may need to restart). You can then open the Azure DevOps Server Administration Console.
    • You can then connect to the web GUI through a web browser
      • http://azure-devops OR http://SERVER _IP_ADDRESS
  • The username and password are the same as the Admin user account on the Windows Server 2022 server
    • You can add other users in the administration console under the “Application Tire” tab under “Administration Console Users”
• Connecting Everything Together – The Finale
  • In the Azure-DevOps web GUI, go to “Collection Settings” located at the bottom left.
  • Go to the “Agent Pools” tab toward the bottom left
  • Select the Default Agent pool
    • Select “New Agent” at the top right
    • Follow the instructions prompted to you on the screen (downloading a zip file, making a few directories, and such).
    • I HAVE USED THE SAME 2022 SERVER FOR BOTH HOSTING THE DEVOPS WEBSITE AND THE AGENT TOOLS.
      • Run “config.cmd”
        • Enter Server URL
          • https://AZURE_DEVOPS_IP_ADDRESS
        • Press enter for the integrated authentication type
        • Run this as a service so it starts when the machine starts
  • Go to the “Agents” tab in the Default Agent Pool section
    • 
  • There should now be an Agent that is currently online
  • Connect the Kubernetes cluster to a pipeline
    • In the Azure DevOps console, create a new Project on the main screen
      • Go to the “pipelines” selection on the left
      • Select “Environments”
      • Create Environment
        • Give it a name
        • Select Kubernetes as the Resource
          • Provider 
            • Leave Default
          • Cluster Name
            • This will be what you named your cluster when you created the Tanzu Cluster
          • Namespace
            • You can use the “default” namespace for simplicity’s sake
          • Server URL
            • https://YOUR_CLUSTER_IP_ADDRESS_YOU_ASSIGNED
          • Secret
            • In a command line interface, connect to your Tanzu Cluster
              • tanzu init
              • tanzu login
                • Select your cluster and hit enter
              • Create a new service account
                • Download the file located HERE 
                • Change your directory to your downloads folder in the command line
                • Execute a command to run the YAML file
                • kubectl apply -f azure-devops-service-account.yaml
            • Get the token for the service account
              • kubectl get serviceAccounts <service-account-name> -n <namespace> -o=jsonpath={.secrets[*].name}
            • Use the token to get the secret
              • kubectl get secret <service-account-secret-name> -n <namespace> -o json
                • Replace the <Service Account Secret Name> with the token you got from the previous command
            • Enter the output you got from that in the Azure DevOps “Secret” textbox.
          • Check the “Accept untrusted certificates” checkbox
          • Finish by clicking “Validate and Create”

This is a blog post focusing on creating an ISCSI share on Ubuntu Linux on an Icebreaker 4936 Server. This will act as a mass storage ISCSI store for a Windows file and video server. I will describe the process of creating the ISCSI server, connecting it to Windows, and ensuring a stable connection through a series of scripts on Windows.

OS: Ubuntu Linux 22.04

• Assumptions
  • You have already completed the “Quick Start Guide” by connecting the raid controller components to each other inside of the case.
  • The hard drives have already been slotted into the hot swap bays.
  • The system is able to be powered on and is capable of entering BIOS.
  • You have created an Ubuntu Linux bootable USB drive.
  • You know how to install Windows 10/Windows Server and Ubuntu 22.04.
• Connect a keyboard, mouse, and monitor to the server.
• Create a bootable disk to Windows 10/Windows Server 2016 or newer to do drive testing.
  • Download the Seatools drive testing software.
  • Download the StorCLI command line tools.
  • Open the command prompt and navigate to the directory where the storclt.exe executable is.
  • List all RAID controllers
    • storcli show
  • There should be a list of two raid controllers, one with no PDs, and one with 36.
    • 
  • Put the RAID controller in JBOD mode.
    • storcli /c1 set jbod=on
    • 
  • Put disks in JBOD mode
    • storcli /c1/eall/sall set jbod
    • 
      • It WILL say that each disk failed to go to jbod mode. This is not true, the operation worked.
  • Restart the server
  • Open the Seatools software. There should be all 36 drives + the OS drive.
  • Select every drive you want to test. This can be done by doing “Ctrl + Left Click” to select multiple drives at once.
  • Perform a Long Generic Test by clicking the button as shown in the photo below.
    • 
  • After multiple days pass, you should be left with an outcome of what drives are good/bad. Replace the bad ones if necessary.
• Restart on the machine to boot to the RAID controller.
  • After the initialization screen and the HDD check screen, there will be a brief moment where you can press “ctrl + R” to boot to the RAID controller. This will appear shortly after the following boot screen.
    • 
  • Once on the controller interface, you can select your RAID configuration. This includes the RAID level, which drives you to want to use, setting up hot failover, and how many physical drives you want for each logical drive. In my case, I used RAID 10 with 18 drive logical drives (18 striped, 18 mirrored).
    • The RAID card included with this server supports RAID 0, 1, 5, 6, 10, and 50. For more information and visualizations of the different raid levels, visit the link HERE.
  • The main screen of the RAID controller should look like the photo below.
    • 
    • You then need to select the “Controller 1: LSI MegaRAID SAS” card to configure the drives.
  • You will be greeted with a mostly-empty screen that looks like the following.
    • 
  • Press “Crtl + N” to go to the “PD Mgmt” page where you will be a list of disks in “JBOD” mode.
    • Select each disk one at a time
    • Press “F2”
    • Select “Make Unconfigured Good”
    • Say “Yes” to the warning about losing data.
    • Repeat until all disks are in “UG” mode like the one shown below.
    • 
  • Press “Ctrl + P” to go back to the “VD Mgmt” page.
    • There should be a large list of unconfigured drives that are “Ready”.
    • 
  • Scroll up to where it says “No Configuration Present!”
    • 
  • Next, press “F2” to enter the Raid Setup menu.
    • Here, select “Raid-10” for the RAID Level.
    • “PD per Span” should be 18.
    • Next, go through and press enter to select 32 total drives, leaving 4 to be HotSpares.
    • The size should be around 87TB and you can name the drive what you wish.
    • 
    • Next, enter the “Advanced” options
    • Here, you need to check “Initialize” and “Configure HotSpare”
    • 
    • After selecting the “Configure HotSpare” option, you will be asked to select which drives to use. You will select all 4 drives left that you didn’t select to be a part of the RAID volume and select “Ok” once done.
    • 
  • Once you are done with configuring your RAID setup, you can save and power off the machine using “Ctrl + Alt + Del”.
• Install Ubuntu Linux 22.04 onto the boot drive.
  • Make the root account possible to log into
    • sudo passwd root
      • set your password
    • sudo passwd -u root
    • su
    • gedit /etc/pam.d/gdm3/custom.conf
      • Under “[Security]” add “Allow=True
      • 
    • gedit /etc/pam.d/gdm-password
      • Comment out “auth required pam_succeed_if.so user != root……..”
      • 
    • gedit /root/.profile
      • Delete the last row and add in the following lines of code
      • if ‘tty -s’; then
      •   mesg n
      • fi
      • 
    • Restart the server. After the restart, you can choose “not listed” and log in as “root” with the password you set at the first command
  • Update and Upgrade your server
    • apt-get update
    • apt-get upgrade
  • Install xfs tools
    • apt-get install xfsprogs
  • Open the “Disks” app
    • Select the 87TB RAID volume you are using as the iscsi storage
    • Select the cog wheel on the left of the volume to make a partition
    • 
  • Give the volume a name
  • Select “other” and “next:
    • 
  • Select “XFS” as the file system to format as and click next to start formatting.
    • 
  • Make the partition persistent.
    • Find the UUID of the partition
      • blkid
      • 
    • Add the UUID to fstab
      • gedit /etc/fstab
        • Add “UUID=<your_uuid_here> /path/to/mount/location xfs defaults 0 2”
        • 
      • mount -a
    • Create ISCSI Share
      • apt install tgt
      • dd if=/dev/zero of=/path/to/mount/location/share.img bs=1M count=90000000
        • THIS WILL TAKE A DAY TO COMPLETE
      • tgtadm –lld iscsi –mode target –op new –tid 1 –targetname your_disk_name
      • tgtadm –lld iscsi –mode logicalunit –op new –tid 1 –lun 1 -b /path/to/mount/location/share.img
      • tgtadm –lld iscsi –mode target –op bind –tid 1 -I ALL
      • gedit /etc/tgt/targets.conf
        • Add this to the bottom of the file
          • <target your_disk_name>
          •   backing-store /path/to/mount/location/share.img
          •   initiator-address ALL
          • </target>
        • 
      • systemctl enable tgtchat
• Add ISCSI Share to Windows Server/Machine
  • Open “ISCSI Initiator” in windows search
  • Go to “Discovery” and “Discover Portal”
    • 
  • Enter the IP address of your Linux server in the IP address field and click “OK”
  • Go back to the “Targets” page and see if your disk is listed. If so, click “Connect”.
    • 
  • Navigate to “Volumes and Devices” to set up auto-connecting. Just click “Auto-Configure”
    • 
  • Make the drive in Disk Manager
    • Open “Disk Manager”
    • Right-click the offline drive and click “Online” to bring it online
    • Right-click the empty volume and select “New Simple Volume”
    • Go through the drive wizard. Give it a volume name, drive letter, etc.
  • Create a script to Auto-Connect the drive when it falls offline
    • Create a script called “connect.bat” anywhere on your server and edit it to have the following contents; it will need to be edited slightly to connect to your Linux server’s IP address.
      • Powershell.exe -Command “& {Disconnect-IscsiTarget -cf:$false}”
        @echo off
        REM Connect to iSCSI Target Portal
        echo Connecting to iSCSI Target Portal 192.168.1.xxx
        iscsicli QAddTargetPortal 192.168.1.xxx

        REM List the available targets
        echo List of Available Targets:
        iscsicli ListTargets

        REM Connect to a specific iSCSI target “your_share_name”
        echo Connecting to target “your_share_name”
        iscsicli QLoginTarget disk1

        echo Connection Successful!
        rem pause

    • Save the file and open “Task Scheduler”
    • Right-click “Task Scheduler (Local)” and Select “Create Task”
      • 
    • Give the task a name, select “Run whether user is logged on or not” and check the “Do not store password” checkbox”
      • 
    • Go to the “Triggers” tab and select “New”. Configure it the same as the image below (the start date will be different of course).
      • 
      • Click “OK” when configured to your liking.
    • Navigate to the “Actions” tab and click “New”
      • Keep it on “Start a Program”
      • Browse for the connect.bat file you made earlier
      • 
    • Click “OK” to finish the task scheduling