Re: OpenBSD ESXi VMware image on Soekris Net5501

[Chris Harries]

I know that VMware does all that, I even hear the next release makes you
coffee while you use it and not just instant, as in proper Columbian brewed
coffee...fantastic. But still yes, every once in a while a smart arse pops
his head up and claims he has "heard of this "VMWARE" blah blah blah. It's
nice to know I can bring a little with of laughter to people's lives though,
it sure beats everyone moaning at me as they cannot read e-mails clearly
marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when their
email doesn't work

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Bob Beck
Sent: 26 May 2009 17:35
To: Michal
Cc: misc@openbsd.org
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

* Michal  [2009-05-21 11:01]:

> Oh I didnt realise it was that under-poweredoh now I just feel stupid
> :(

Well, we are all laughing at you. but only because too many of us get hit
with
this bullshit at work.

http://a2.vox.com/6a00d09e512cfdbe2b00f30f5b193a0001-pi

I mean everyone knows Vmware makes everything run faster, use less
power, more securely, gives blowjobs under the table, etc.. And the
great part about your only tool being a hammer is you sure spend less
time deciding what to use so it's more efficient :)

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Bob Beck]

* Michal  [2009-05-21 11:01]:

> Oh I didnt realise it was that under-poweredoh now I just feel stupid
> :(

Well, we are all laughing at you. but only because too many of us get hit
with
this bullshit at work.

http://a2.vox.com/6a00d09e512cfdbe2b00f30f5b193a0001-pi

I mean everyone knows Vmware makes everything run faster, use less
power, more securely, gives blowjobs under the table, etc.. And the
great part about your only tool being a hammer is you sure spend less
time deciding what to use so it's more efficient :)

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ross Cameron]

When you've got something to start with job it up on Sourceforge and pop us
a message on this list.

Maybe some of us have a use for the same application and will want to help.

On Fri, May 22, 2009 at 8:05 PM, Obiozor Okeke wrote:

>
> Thanks Ross/Ed, yes we're going to dump the custom Windows app and use an
> open source solution using Samba's file share capability (with Samba running
> on OBSD of course :).
>
>
> --- On Fri, 5/22/09, Ross Cameron  wrote:
>
> > From: Ross Cameron 
> > Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
> > To: "Ed Ahlsen-Girard" 
> > Cc: misc@openbsd.org
> > Date: Friday, May 22, 2009, 9:05 AM
> > On Fri, May 22, 2009 at 5:56 PM, Ed
> > Ahlsen-Girard 
> > wrote:
> >
> > > On 2009-05-22  Ross Cameron wrote:
> > >
> > > > Certainly the hardware chosen isnt anywhere NEAR
> > potent enough,... and
> > > u're
> > > > leaving ure whole configuration open for attack
> > via the ESXi sub layer.
> > > >
> > > > Why not just port the custom app to OpenBSD and
> > run the configuration
> > > > natively on the hardware?
> > >
> > > There are apps on Windows for which "porting" to
> > OpenBSD would be roughly
> > > equivalent to "porting" to NetWare Virtual Loadable
> > Module.
> > >
> > > Maybe he doesn't mind doing it all over from scratch,
> > but that's about what
> > > it
> > > might turn out to be.
> >
> >
> > True but then again I generally find that rewriting and
> > targeting the code
> > for portability and re-use is worth the efforts in the long
> > run.
> >
> > Painting you're self into a corner with regards to coding
> > standards/languages/host OS are generally just a headache
> > waiting to happen
> > in the years to come.
> >
> >
>
>
>
>


-- 
"Opportunity is most often missed by people because it is dressed in
overalls and looks like work."
   Thomas Alva Edison
   Inventor of 1093 patents, including:
   The light bulb, phonogram and motion pictures.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[SJP Lists]

Hi,

2009/5/21 Obiozor Okeke :
> Hi Diana (and Stuart) thanks for all your advice.
>
> The problem or nut we're
> trying to crack is that we're trying to deploy OpenBSD to remote clients
and
> we wanted an inexpensive but very high reliability system with the
flexibility
> to change configurations (switch in/out different VMs) and add/modify
services
> remotely on-the-fly.  For example we could upgrade a client from 4.4 to 4.5
> along with all the custom apps and client data packaged in a VM.  We would
> grab the old 4.4 VM bring it back to our lab, then upgrade and re-configure
it
> the way we wanted to and drop it back on the ESXi.  Then just change the
> network configs and switch the old for the new all remotely without ever
> visiting the client
>
> Thanks again all.

Even if this were feasible (given the hardware limitations of the
5501), you would still have to maintain ESX in a manner which requires
console access.

Wrapping OpenBSD up in ESX defeats the typical purpose of using
OpenBSD.  ESX and other x86 virtualization software introduces a whole
new vulnerable layer of software which requires patching and
rebooting.

Take it from the horses mouth...


"A critical vulnerability in the virtual machine display function
might allow a guest operating system to run code on the host. The
Common Vulnerabilities and Exposures Project (cve.mitre.org) has
assigned the name CVE-2009-1244 to this issue."

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=disp
layKC&externalId=1009853


"A memory corruption condition might occur in the virtual machine
hardware. A malicious request sent from the guest operating system to
the virtual hardware might cause the virtual hardware to write to
uncontrolled physical memory.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2008-4917
to this issue."

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=disp
layKC&externalId=1007507


"VMware addresses an in-guest privilege escalation on 64-bit guest
operating systems.  VMware products emulate hardware functions
including CPU, memory, and I/O.  A flaw in VMware's CPU hardware
emulation could allow the virtual CPU to jump to an incorrect memory
address. Exploitation of this issue on the guest operating system does
not lead to a compromise of the host system, but could lead to a
privilege escalation on guest operating systems. An attacker would
need to have a user account on the guest operating system.  Affected
guest operating systems include 64-bit Windows, 64-bit FreeBSD, and
possibly other 64-bit operating systems."

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=disp
layKC&externalId=1007090


This is just a small sample.  All this will get you extra complexity
and the doubt that a problem with the guest software is really with it
or the host.


Shane

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Thanks Ross/Ed, yes we're going to dump the custom Windows app and use an open
source solution using Samba's file share capability (with Samba running on
OBSD of course :). 


--- On Fri, 5/22/09, Ross Cameron 
wrote:

> From: Ross Cameron 
> Subject: Re: OpenBSD ESXi
VMware image on Soekris Net5501
> To: "Ed Ahlsen-Girard" 
>
Cc: misc@openbsd.org
> Date: Friday, May 22, 2009, 9:05 AM
> On Fri, May 22,
2009 at 5:56 PM, Ed
> Ahlsen-Girard 
> wrote:
> 
> > On
2009-05-22  Ross Cameron wrote:
> >
> > > Certainly the hardware chosen isnt
anywhere NEAR
> potent enough,... and
> > u're
> > > leaving ure whole
configuration open for attack
> via the ESXi sub layer.
> > >
> > > Why not
just port the custom app to OpenBSD and
> run the configuration
> > > natively
on the hardware?
> >
> > There are apps on Windows for which "porting" to
>
OpenBSD would be roughly
> > equivalent to "porting" to NetWare Virtual
Loadable
> Module.
> >
> > Maybe he doesn't mind doing it all over from
scratch,
> but that's about what
> > it
> > might turn out to be.
> 
> 
> True
but then again I generally find that rewriting and
> targeting the code
> for
portability and re-use is worth the efforts in the long
> run.
> 
> Painting
you're self into a corner with regards to coding
> standards/languages/host OS
are generally just a headache
> waiting to happen
> in the years to come.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ed Ahlsen-Girard]

Ross Cameron wrote:
> On Fri, May 22, 2009 at 5:56 PM, Ed Ahlsen-Girard  > wrote:
>
> -(snip)-
> There are apps on Windows for which "porting" to OpenBSD would be
> roughly
> equivalent to "porting" to NetWare Virtual Loadable Module.
>
> Maybe he doesn't mind doing it all over from scratch, but that's
> about what it
> might turn out to be.
>
>
> True but then again I generally find that rewriting and targeting the 
> code for portability and re-use is worth the efforts in the long run.
>
> Painting you're self into a corner with regards to coding 
> standards/languages/host OS are generally just a headache waiting to 
> happen in the years to come.
I am sympathetic with that POV. It's part of why I decided to learn Perl 
instead of VB when I wanted to automate accounts on a Windows web 
server.  When I had to clean up and migrate a Linux web server years 
later (without having meaningful Linux experience), I was very happy 
about my choice.

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of eagirard.26699DEFANGED-vcf]

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ross Cameron]

On Fri, May 22, 2009 at 5:56 PM, Ed Ahlsen-Girard  wrote:

> On 2009-05-22  Ross Cameron wrote:
>
> > Certainly the hardware chosen isnt anywhere NEAR potent enough,... and
> u're
> > leaving ure whole configuration open for attack via the ESXi sub layer.
> >
> > Why not just port the custom app to OpenBSD and run the configuration
> > natively on the hardware?
>
> There are apps on Windows for which "porting" to OpenBSD would be roughly
> equivalent to "porting" to NetWare Virtual Loadable Module.
>
> Maybe he doesn't mind doing it all over from scratch, but that's about what
> it
> might turn out to be.


True but then again I generally find that rewriting and targeting the code
for portability and re-use is worth the efforts in the long run.

Painting you're self into a corner with regards to coding
standards/languages/host OS are generally just a headache waiting to happen
in the years to come.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ed Ahlsen-Girard]

On 2009-05-22  Ross Cameron wrote:

 > Certainly the hardware chosen isnt anywhere NEAR potent enough,... 
and u're
 > leaving ure whole configuration open for attack via the ESXi sub layer.
 >
 > Why not just port the custom app to OpenBSD and run the configuration
 > natively on the hardware?

There are apps on Windows for which "porting" to OpenBSD would be roughly
equivalent to "porting" to NetWare Virtual Loadable Module.

Maybe he doesn't mind doing it all over from scratch, but that's about 
what it
might turn out to be.

--

Ed Ahlsen-Girard

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of eagirard.8621DEFANGED-vcf]

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ross Cameron]

On Thu, May 21, 2009 at 6:53 PM,  wrote:

> Well I'm certainly no expert in all this and I'm happy to be corrected
> before
> I make any more mistakes with my configuration.  Man am I glad I put this
> post
> out because I'm getting such great feedback!
>
> I'll have to re-think this but I
> honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
> running on ESXi as my strong firewall I would be ok.  Basically its just a
> virtualization of my physical environment but all on one box with 3 VM
> images.
> So my idea was to have second OpenBSD image (not the firewall OpenBSD
> image)
> running with Samba as my Domain Controller and File server, and Email
> server
> and then the third Windows VM running just the custom app.  I figured that
> as
> long as all the 'Net traffic hit my first OpenBSD VM and was properly
> filtered
> and controlled by pf, spam greylisting, brute force checked, etc I would be
> ok?  No?


Certainly the hardware chosen isnt anywhere NEAR potent enough,... and u're
leaving ure whole configuration open for attack via the ESXi sub layer.

Why not just port the custom app to OpenBSD and run the configuration
natively on the hardware?

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Stuart Henderson]

On 2009-05-21, Diana Eichert  wrote:
> On Thu, 21 May 2009, Obiozor Okeke wrote:
>
>>
>> Hi Diana (and Stuart) thanks for all your advice.
>>
>> The problem or nut we're trying to crack is that we're trying
>> to deploy OpenBSD to remote clients and we wanted an inexpensive
>> but very high reliability system with the flexibility to change
>> configurations (switch in/out different VMs) and add/modify services
>> remotely on-the-fly.  For example we could upgrade a client from
>> 4.A4 to 4.5 along with all the custom apps and client data packaged
>> in a VM.  We would grab the old 4.4 VM bring it back to our lab, then
>> upgrade and re-configure it the way we wanted to and drop it back on
>> the ESXi.  Then just change the network configs and switch the old for
>> the new all remotely without ever visiting the client
>>
>> Thanks again all.
>
> If you want to stick with the Soekris you might want to consider
> basing your solution on flashboot,
> http://lists.mindrot.org/pipermail/flashboot/2009-May/000223.html .
>
> Using a CF with multiple partitions would allow you to upgrade
> remotely the flashboot kernel.  Of course this would take some work
> to fine tune the upgrade procedure to minimize failure mechanisms.

with flashboot, it's reasonably ok on a single partition too,
just point boot.conf at the right one after downloading. failure
recovery would usually involve a serial port, resetting, and typing
at the boot prompt, but if it's not too disastrous a failure you
might get away with setting the bios to turn the reset button over
to software control and having some daemon check the gpio pin and,
when the button's detected, revert to a previous boot.conf.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Many, many  thanks to all who responded!  

I now plan to run my OpenBSD
firewall *stand-alone* on directly on a Soekris box for sure (no VM) and
isolate all else on a separate box running the ESXi that fully supports the
ESXi HCL.

Many thanks to all the developers and especially Theo for creating
IMHO the world's greatest OS!!

--- On Thu, 5/21/09, Kevin Wilcox
 wrote:

> From: Kevin Wilcox 
> Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
> To:
obiozorok...@yahoo.com
> Cc: misc@openbsd.org
> Date: Thursday, May 21, 2009,
11:39 AM
> 2009/5/21  :
> 
> > I'll have to re-think
this but I
> > honestly thought (I guess I'm wrong) that if I my
> first
OpenBSD VM image
> > running on ESXi as my strong firewall I would be ok. B
>
Basically its just a
> > virtualization of my physical environment but all on
> one box with 3 VM
> images.
> > So my idea was to have second OpenBSD image
(not the
> firewall OpenBSD
> image)
> > running with Samba as my Domain
Controller and File
> server, and Email
> server
> > and then the third
Windows VM running just the custom
> app. B I figured that
> as
> > long as
all the 'Net traffic hit my first OpenBSD VM
> and was properly
> filtered
> >
and controlled by pf, spam greylisting, brute force
> checked, etc I would be
> > ok? B No?
> 
> There are some strategic issues with virtualising a
>
firewall.
> 
> What should be the simplest, most rock solid member of your
>
network is
> now on the same hardware as  virtual machines.
> If one of
the
> application servers is compromised then it's *possible*
> that the
>
VMWare server itself could be compromised, rendering the
> firewall VM
> under
the control of The Bad Guys. If one of the VMs screws
> the pooch
> and takes
down the server then you've not only lost the
> ability to
> communicate with
those servers, you've lost the ability to
> communicate
> with your firewall.
If one of the application VMs isn't
> configured
> with proper resource limits
then performance on the
> firewall will drop
> under periods of heavy traffic.
For that matter, you've
> already
> introduced overhead on throughput of the
firewall by
> forcing traffic
> to be received by the VM OS before it's
received by
> OpenBSD. If the VM
> server is compromised then the things that
can be done to
> traffic
> without ever actually disrupting the firewall are
almost
> certainly fun
> fun fun (in all fairness, I haven't tried mucking
with
> traffic on
> ESX/i, this is based entirely in speculation).
> 
> I'm
sure there are obvious things that I'm missing but
> these are the
> ones that
blast the loudest through my brain when I think
> about
> virtualising a
firewall. As I stated before, I have done it
> and there
> are a few that I
maintain - and they do their job well -
> but that
> doesn't mean I condone
the practice in general and it
> surely doesn't
> suggest that I think it's
something that should be done on
> a whim or
> with a light attitude. It is
dangerous and unsupported and
> you need to
> understand there is significant
risk in doing so.
> 
> kmw
> 
> --
> To take from one, because it is thought
that his own
> industry and that
> of his fathers has acquired too much, in
order to spare to
> others,
> who, or whose fathers have not exercised equal
industry and
> skill, is
> to violate arbitrarily the first principle of
association,
> bthe
> guarantee to every one of a free exercise of his
industry,
> & the
> fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[eagirard]

Dag Richards wrote:

> Jason Dixon wrote:
> > On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
> > > Well I should have mentioned that the ESXi is also running a Windows 
> > > server VM \
> > > for a custom app that requires it.  So the idea was to have one box 
> > > running ESXi \
> > > and reduce hardware costs.
> > 
> > 
> > BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
> > 
> > 
> > *whew*
> > 
> > Thanks, I needed that.
> 
> 
> Er yes, you will not be able to get there from here.
> 
> Re-think.
> 
> 
> Don't run vmware on your firewall.
> 
> If you virtualize your entire DC in to a single box, still don't run 
> your firewall as a vm.
 
 
Run a firewall on *hardware* that is not doing anything else.  The firewall is 
practically by definition the thing that is NOT protected by something else; 
have no additional holes in it or in what it relies on.  Like VMWare, or a 
Windows application server.

--
Ed Ahlsen-Girard
Ft. Walton Beach FL

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

2009/5/21  :

> I'll have to re-think this but I
> honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
> running on ESXi as my strong firewall I would be ok. B Basically its just a
> virtualization of my physical environment but all on one box with 3 VM
images.
> So my idea was to have second OpenBSD image (not the firewall OpenBSD
image)
> running with Samba as my Domain Controller and File server, and Email
server
> and then the third Windows VM running just the custom app. B I figured that
as
> long as all the 'Net traffic hit my first OpenBSD VM and was properly
filtered
> and controlled by pf, spam greylisting, brute force checked, etc I would be
> ok? B No?

There are some strategic issues with virtualising a firewall.

What should be the simplest, most rock solid member of your network is
now on the same hardware as  virtual machines. If one of the
application servers is compromised then it's *possible* that the
VMWare server itself could be compromised, rendering the firewall VM
under the control of The Bad Guys. If one of the VMs screws the pooch
and takes down the server then you've not only lost the ability to
communicate with those servers, you've lost the ability to communicate
with your firewall. If one of the application VMs isn't configured
with proper resource limits then performance on the firewall will drop
under periods of heavy traffic. For that matter, you've already
introduced overhead on throughput of the firewall by forcing traffic
to be received by the VM OS before it's received by OpenBSD. If the VM
server is compromised then the things that can be done to traffic
without ever actually disrupting the firewall are almost certainly fun
fun fun (in all fairness, I haven't tried mucking with traffic on
ESX/i, this is based entirely in speculation).

I'm sure there are obvious things that I'm missing but these are the
ones that blast the loudest through my brain when I think about
virtualising a firewall. As I stated before, I have done it and there
are a few that I maintain - and they do their job well - but that
doesn't mean I condone the practice in general and it surely doesn't
suggest that I think it's something that should be done on a whim or
with a light attitude. It is dangerous and unsupported and you need to
understand there is significant risk in doing so.

kmw

--
To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry, & the
fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Bret S. Lambert]

On Thu, May 21, 2009 at 09:53:16AM -0700, obiozorok...@yahoo.com wrote:
> Well I'm certainly no expert in all this and I'm happy to be corrected before
> I make any more mistakes with my configuration.  Man am I glad I put this post
> out because I'm getting such great feedback!
> 
> I'll have to re-think this but I
> honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
> running on ESXi as my strong firewall I would be ok.  Basically its just a
> virtualization of my physical environment but all on one box with 3 VM images.
> So my idea was to have second OpenBSD image (not the firewall OpenBSD image)
> running with Samba as my Domain Controller and File server, and Email server
> and then the third Windows VM running just the custom app.  I figured that as
> long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered
> and controlled by pf, spam greylisting, brute force checked, etc I would be
> ok?  No?

No. The traffic doesn't hit your vm first; it hits the host os first.
Any and all network stack issues there are still in play.

> 
> --- On Thu, 5/21/09, Dag Richards  wrote:
> > From: Dag Richards 
> > Subject: Re: OpenBSD ESXi
> VMware image on Soekris Net5501
> > To: misc@openbsd.org
> > Date: Thursday, May
> 21, 2009, 9:24 AM
> > Jason Dixon wrote:
> > > On Thu, May 21, 2009 at 08:05:52AM
> -0700, Obiozor
> > Okeke wrote:
> > >> Well I should have mentioned that the ESXi
> is also
> > running a Windows server VM for a custom app that requires
> > it.  So
> the idea was to have one box running ESXi and
> > reduce hardware costs.
> > > 
> >
> > 
> > > BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
> > > 
> > > 
> > > *whew*
> > > 
> > >
> Thanks, I needed that.
> > 
> > 
> > Er yes, you will not be able to get there from
> here.
> > 
> > Re-think.
> > 
> > 
> > Don't run vmware on your firewall.
> > 
> > If you
> virtualize your entire DC in to a single box, still
> > don't run your firewall
> as a vm.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Henry Sieff]

On Thu, May 21, 2009 at 11:06 AM, Diana Eichert  wrote:

> SNIP
.  Virtualization is really cool, you
> could own the virtual hardware and the O/S would never know.  It
> takes the issue related to binary blobs to a whole new level.

Entire machine as binary blob - never thought of it that way, but its
sort of true.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, obiozorok...@yahoo.com wrote:
SNIP

I'll have to re-think this but I
honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
running on ESXi as my strong firewall I would be ok.  Basically its just a
virtualization of my physical environment but all on one box with 3 VM images.
So my idea was to have second OpenBSD image (not the firewall OpenBSD image)
running with Samba as my Domain Controller and File server, and Email server
and then the third Windows VM running just the custom app.  I figured that as
long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered
and controlled by pf, spam greylisting, brute force checked, etc I would be
ok?  No?


Yes, you could do this (please NOT on a Soekris) but your system
won't be any more secure than the weakest link.  We haven't really
seen the exploits for ESX, yet.  Virtualization is really cool, you
could own the virtual hardware and the O/S would never know.  It
takes the issue related to binary blobs to a whole new level.

diana

Re: OpenBSD ESXi VMware image on Soekris Net5501

[obiozorokeke]

Well I'm certainly no expert in all this and I'm happy to be corrected before
I make any more mistakes with my configuration.  Man am I glad I put this post
out because I'm getting such great feedback!

I'll have to re-think this but I
honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image
running on ESXi as my strong firewall I would be ok.  Basically its just a
virtualization of my physical environment but all on one box with 3 VM images.
So my idea was to have second OpenBSD image (not the firewall OpenBSD image)
running with Samba as my Domain Controller and File server, and Email server
and then the third Windows VM running just the custom app.  I figured that as
long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered
and controlled by pf, spam greylisting, brute force checked, etc I would be
ok?  No?

--- On Thu, 5/21/09, Dag Richards  wrote:
> From: Dag Richards 
> Subject: Re: OpenBSD ESXi
VMware image on Soekris Net5501
> To: misc@openbsd.org
> Date: Thursday, May
21, 2009, 9:24 AM
> Jason Dixon wrote:
> > On Thu, May 21, 2009 at 08:05:52AM
-0700, Obiozor
> Okeke wrote:
> >> Well I should have mentioned that the ESXi
is also
> running a Windows server VM for a custom app that requires
> it.  So
the idea was to have one box running ESXi and
> reduce hardware costs.
> > 
>
> 
> > BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
> > 
> > 
> > *whew*
> > 
> >
Thanks, I needed that.
> 
> 
> Er yes, you will not be able to get there from
here.
> 
> Re-think.
> 
> 
> Don't run vmware on your firewall.
> 
> If you
virtualize your entire DC in to a single box, still
> don't run your firewall
as a vm.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, Michal wrote:


Oh I didnt realise it was that under-poweredoh now I just feel stupid
:(


No needed to feel stupid, you added to the entertainment value of this thread.  
;-)

diana

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Michal]

Oh I didnt realise it was that under-poweredoh now I just feel stupid
:(

-Original Message-
From: Edho P Arief [mailto:edhopr...@gmail.com]
Sent: 21 May 2009 17:54
To: Michal
Cc: misc@openbsd.org
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

On Thu, May 21, 2009 at 11:35 PM, Michal  wrote:
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Jason Dixon
> Sent: 21 May 2009 17:08
> To: Obiozor Okeke
> Cc: misc@openbsd.org; Diana Eichert
> Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
>
> On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
>>
>> Well I should have mentioned that the ESXi is also running a Windows
> server VM for a custom app that requires it.  So the idea was to have one
> box running ESXi and reduce hardware costs.
>
>
> BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
>
>
> *whew*
>
> Thanks, I needed that.
>
> --
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net/
>
>
>
> What a helpful e-mail that was. Thanks for helping the community with that
> one
>
>

just think, a system with 500mhz and 512MB ram running two VMs. One of
them is Windows (nt4? 98? 3.1?) , no less

--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Edho P Arief]

On Thu, May 21, 2009 at 11:35 PM, Michal  wrote:
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Jason Dixon
> Sent: 21 May 2009 17:08
> To: Obiozor Okeke
> Cc: misc@openbsd.org; Diana Eichert
> Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
>
> On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
>>
>> Well I should have mentioned that the ESXi is also running a Windows
> server VM for a custom app that requires it. B So the idea was to have one
> box running ESXi and reduce hardware costs.
>
>
> BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
>
>
> *whew*
>
> Thanks, I needed that.
>
> --
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net/
>
>
>
> What a helpful e-mail that was. Thanks for helping the community with that
> one
>
>

just think, a system with 500mhz and 512MB ram running two VMs. One of
them is Windows (nt4? 98? 3.1?) , no less

--
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Michal]

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Jason Dixon
Sent: 21 May 2009 17:08
To: Obiozor Okeke
Cc: misc@openbsd.org; Diana Eichert
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501

On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
> 
> Well I should have mentioned that the ESXi is also running a Windows
server VM for a custom app that requires it.  So the idea was to have one
box running ESXi and reduce hardware costs.


BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


*whew*

Thanks, I needed that.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/



What a helpful e-mail that was. Thanks for helping the community with that
one

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Dag Richards]

Jason Dixon wrote:

On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:

Well I should have mentioned that the ESXi is also running a Windows server VM 
for a custom app that requires it.  So the idea was to have one box running 
ESXi and reduce hardware costs.



BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


*whew*

Thanks, I needed that.



Er yes, you will not be able to get there from here.

Re-think.


Don't run vmware on your firewall.

If you virtualize your entire DC in to a single box, still don't run 
your firewall as a vm.

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Jason Dixon]

On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
> 
> Well I should have mentioned that the ESXi is also running a Windows server 
> VM for a custom app that requires it.  So the idea was to have one box 
> running ESXi and reduce hardware costs.


BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA


*whew*

Thanks, I needed that.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Well I should have mentioned that the ESXi is also running a Windows server VM
for a custom app that requires it.  So the idea was to have one box running
ESXi and reduce hardware costs.

--- On Thu, 5/21/09, Jason Dixon
 wrote:

> From: Jason Dixon 
>
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
> To: "Obiozor
Okeke" 
> Cc: misc@openbsd.org, "Diana Eichert"

> Date: Thursday, May 21, 2009, 7:19 AM
> On Thu, May
21, 2009 at 06:47:08AM
> -0700, Obiozor Okeke wrote:
> > Hi Diana (and Stuart)
thanks for all your advice.
> > 
> > The problem or nut we're
> > trying to
crack is that we're trying to deploy OpenBSD
> to remote clients and
> > we
wanted an inexpensive but very high reliability
> system with the flexibility
> > to change configurations (switch in/out different VMs)
> and add/modify
services
> > remotely on-the-fly.  For example we could
> upgrade a client
from 4.4 to 4.5
> > along with all the custom apps and client data
> packaged
in a VM.  We would
> > grab the old 4.4 VM bring it back to our lab, then
>
upgrade and re-configure it
> > the way we wanted to and drop it back on the
>
ESXi.  Then just change the
> > network configs and switch the old for the new
all
> remotely without ever
> > visiting the client
> 
> No offense, but
that's a terrible design.  Get
> yourself two inexpensive
> systems (5501's
are ok) and run them in a failover
> configuration.  You
> have redundancy and
the flexiblity to alternate between
> releases.
> Without the headache of
middleware patches, an unsupported
> configuration, etc.
> 
> -- 
> Jason
Dixon
> DixonGroup Consulting
> http://www.dixongroup.net/

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, Obiozor Okeke wrote:



Hi Diana (and Stuart) thanks for all your advice.

The problem or nut we're trying to crack is that we're trying
to deploy OpenBSD to remote clients and we wanted an inexpensive
but very high reliability system with the flexibility to change
configurations (switch in/out different VMs) and add/modify services
remotely on-the-fly.  For example we could upgrade a client from
4.A4 to 4.5 along with all the custom apps and client data packaged
in a VM.  We would grab the old 4.4 VM bring it back to our lab, then
upgrade and re-configure it the way we wanted to and drop it back on
the ESXi.  Then just change the network configs and switch the old for
the new all remotely without ever visiting the client

Thanks again all.


If you want to stick with the Soekris you might want to consider
basing your solution on flashboot,
http://lists.mindrot.org/pipermail/flashboot/2009-May/000223.html .

Using a CF with multiple partitions would allow you to upgrade
remotely the flashboot kernel.  Of course this would take some work
to fine tune the upgrade procedure to minimize failure mechanisms.

diana

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, Jason Dixon wrote:


No offense, but that's a terrible design.  Get yourself two inexpensive
systems (5501's are ok) and run them in a failover configuration.  You
have redundancy and the flexiblity to alternate between releases.
Without the headache of middleware patches, an unsupported
configuration, etc.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/


Jason has a very valid point, if you are making money from this endeavor
following the KISS principle is the path of least resistance.  Labor and
customer satisfaction have value.  Since I don't know your business model
I can't tell if you can absorb the cost of an extra piece of hardware up
front.  However I also can't tell if you can afford the extra cost of
labor to develop a system based upon the method you describe.

diana

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Thu, 21 May 2009, Obiozor Okeke wrote:


Wow!!  Thanks guys for all your advice and the vm-help.com site!
The OpenBSD community is fantastic!!!


FWIW, I've run ESXi on run of the mill desktops, you just have to
know the various boot options to get the ESXi kernel to boot.

But to sound like a broken record, I hate running higly customized 
configurations for production systems.  Just because you can do

something doesn't mean you should do something.  However it's
ultimately up to you, try it out and let us know how it worked.

g.day

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Wow!!  Thanks guys for all your advice and the vm-help.com site!  The OpenBSD 
community is fantastic!!!

--- On Wed, 5/20/09, Kevin Wilcox  wrote:

> From: Kevin Wilcox 
> Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
> To: "David Talkington" , misc@openbsd.org
> Date: Wednesday, May 20, 2009, 7:44 PM
> David, I'm currently mobile and
> unable to track down the HCL for ESX/i
> myself - thus my mentioning them to the original poster
> with what I
> could remember off the top of my head about supported
> machines. If
> that was an insufficient response then the OP is more than
> welcome to
> ignore it. On the other hand, the OP could always say, "oh,
> ESXi HCL,
> I wonder..." and google 'vmware esxi hardware
> compatibility'.
> 
> kmw
> 
> On 20/05/2009, David Talkington 
> wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> >
> > This is way OT for this list, but:
> >
> > Kevin Wilcox wrote:
> >
> >> My understanding is that it has a strict HCL,
> >
> > Yes it does.
> >
> >> that practically necessitates IBM, Sun, HP or Dell
> hardware.
> >
> > No it doesn't.
> >
> >> Skip the virtualisation cruft and install
> natively.
> >
> > That isn't a helpful or enlightened answer (not that
> one should expect
> > help with this topic here).
> >
> > O.P., you should start here for detailed ESXi hardware
> support info:
> >
> > http://www.vm-help.com/
> >
> > Cheers -d
> >
> > - --
> > David Talkington
> > dt...@flyingjoke.org
> > - --
> > PGP key: http://www.flyingjoke.org/keys/801E3976.asc
> > (What's this? http://en.wikipedia.org/wiki/Digital_signature)
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v2.0.11 (GNU/Linux)
> >
> >
> iQEcBAEBAgAGBQJKFKpkAAoJEO7jL1CAHjl2+YgH/jwqmzLTgAGD1wDkxBPbJGZC
> >
> qOQkT2lYoyy0obJ66777wfh/BRcZt88jIpnBVxPfprfnE3h4HUVw/0pP4xtriWcK
> >
> nOQp+dWQeuhGYmV9QycWXAWvhRIrSwgmB3LagKPPYUQ4eR0aVz8NJ/LzkJpzwRb1
> >
> 4kdxc4KXYxDG+HdaQ/mhQ4yGeY2AiTs41zs0oEjBQraeBb/FUwdXzKfFmK9brFxd
> >
> kOEuKYUW9QAFnpzAmkKcFHM7QOQ8zIhLNIs7K/jTmLPVYycU14eutUUR+Q+SoI9W
> >
> YriQmxcZ2PTxHIXA2hjvORM9FZiy0NwyDU8H9NHl2gA34rq1vheuVUnsHRJVH4U=
> > =eE8z
> > -END PGP SIGNATURE-
> >
> 
> --
> Sent from my mobile device
> 
> To take from one, because it is thought that his own
> industry and that
> of his fathers has acquired too much, in order to spare to
> others,
> who, or whose fathers have not exercised equal industry and
> skill, is
> to violate arbitrarily the first principle of association,
> bthe
> guarantee to every one of a free exercise of his industry,
> & the
> fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Jason Dixon]

On Thu, May 21, 2009 at 06:47:08AM -0700, Obiozor Okeke wrote:
> Hi Diana (and Stuart) thanks for all your advice.
> 
> The problem or nut we're
> trying to crack is that we're trying to deploy OpenBSD to remote clients and
> we wanted an inexpensive but very high reliability system with the flexibility
> to change configurations (switch in/out different VMs) and add/modify services
> remotely on-the-fly.  For example we could upgrade a client from 4.4 to 4.5
> along with all the custom apps and client data packaged in a VM.  We would
> grab the old 4.4 VM bring it back to our lab, then upgrade and re-configure it
> the way we wanted to and drop it back on the ESXi.  Then just change the
> network configs and switch the old for the new all remotely without ever
> visiting the client

No offense, but that's a terrible design.  Get yourself two inexpensive
systems (5501's are ok) and run them in a failover configuration.  You
have redundancy and the flexiblity to alternate between releases.
Without the headache of middleware patches, an unsupported
configuration, etc.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Obiozor Okeke]

Hi Diana (and Stuart) thanks for all your advice.

The problem or nut we're
trying to crack is that we're trying to deploy OpenBSD to remote clients and
we wanted an inexpensive but very high reliability system with the flexibility
to change configurations (switch in/out different VMs) and add/modify services
remotely on-the-fly.  For example we could upgrade a client from 4.4 to 4.5
along with all the custom apps and client data packaged in a VM.  We would
grab the old 4.4 VM bring it back to our lab, then upgrade and re-configure it
the way we wanted to and drop it back on the ESXi.  Then just change the
network configs and switch the old for the new all remotely without ever
visiting the client

Thanks again all.

--- On Wed, 5/20/09, Diana Eichert
 wrote:

> From: Diana Eichert 
>
Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501
> To:
misc@openbsd.org
> Date: Wednesday, May 20, 2009, 7:16 PM
> On Wed, 20 May
2009, Obiozor Okeke
> wrote:
> 
> > Hi I am hoping to run an ESXi OpenBSD 4.5
image on a
> Soekris Net5501
> > appliance and I was wondering if anyone has
already
> tried successfully
> > running ESXi on the Soekris Net5501 before I
order the
> hardware?
> >
> > Any advice or comments is appreciated.
> >
> >
Thanks in advance
> 
> The better question is, What nut are you trying to
>
crack?  Why would
> you even consider running a virtualization system on what
> is
> effectively a 486? Okay, a 500MHz 586, but still, it's slow
> to
>
start with.
> 
> diana
> 
> Past hissy-fits are not a predictor of future
hissy-fits.
> Nick Holland(06 Dec 2005)

OFF TOPIC: Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

David - it looks like my mobile device did a horrendous job of
displaying your email so I apologise for coming off a bit half-cocked
in the last email (and despite it being so much more OT conversation
on the list, I still wanted to do it publicly).


2009/5/20 David Talkington :

> Kevin Wilcox wrote:

>> that practically necessitates IBM, Sun, HP or Dell hardware.
>
> No it doesn't.

That was based on my last review of the .pdf we received from our
VMWare rep that was, admittedly, some time ago. I just checked the
ESXi HCL and I'm glad to see that support has grown *substantially*,
particularly with them offering ESXi. So, my apologies for outdated
information.

>> Skip the virtualisation cruft and install natively.
>
> That isn't a helpful or enlightened answer (not that one should expect help
> with this topic here).

Agreed. A better reply (though perhaps less relevant) would be,

O.P. - I do not have experience with OBSD on VMWare ESXi on a Soekris.
I do have quite a bit of experience with OpenBSD on VMWare ESX on
officially supported hardware and the results vary depending on load
and how much tweaking you may or may not have to do with your
configuration. For certain storage backends we have to do some minor
voodoo to the disk configuration before the VM is made aware of the
disk - this has caused several of our OpenBSD VMs to panic, an issue
that in no way, shape, form or fashion am I blaming on OpenBSD - that
problem lies with VMWare. On the other hand, I have virtualised
OpenBSD firewalls on plain configurations sitting in front of
virtualised servers (yes, it works for our needs) that never hiccup.
The latest I am using is 4.4 as I've been unable to take any of those
machines down for upgrade since receiving the 4.5 cds.

Because of the quirks that are introduced with running on top of
VMWare, if you have the hardware and this is a single use machine, I
can't stress highly enough that, if at all possible, you should skip
the virtualisation cruft and install natively. Performance *will* be
better, as will reliability and the chance of finding some form of
community assistance.

> O.P., you should start here for detailed ESXi hardware support info:
>
> http://www.vm-help.com/

And the official VMWare HCL here should you ever decide to move to
supported hardware:

http://www.vmware.com/resources/compatibility/search.php?action=base&deviceCa
tegory=server

kmw

--
To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry, & the
fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Ed Ahlsen-Girard]

I ran OpenBSD on ESXi on a Dell 905 at my old job and it worked quite 
well.  It wasn't really fast, but it didn't need to be.  All it did was 
mail web forms.  The security auditors didn't even mention it in their 
report.


Ed Ahlsen-Girard

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

David, I'm currently mobile and unable to track down the HCL for ESX/i
myself - thus my mentioning them to the original poster with what I
could remember off the top of my head about supported machines. If
that was an insufficient response then the OP is more than welcome to
ignore it. On the other hand, the OP could always say, "oh, ESXi HCL,
I wonder..." and google 'vmware esxi hardware compatibility'.

kmw

On 20/05/2009, David Talkington  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
> This is way OT for this list, but:
>
> Kevin Wilcox wrote:
>
>> My understanding is that it has a strict HCL,
>
> Yes it does.
>
>> that practically necessitates IBM, Sun, HP or Dell hardware.
>
> No it doesn't.
>
>> Skip the virtualisation cruft and install natively.
>
> That isn't a helpful or enlightened answer (not that one should expect
> help with this topic here).
>
> O.P., you should start here for detailed ESXi hardware support info:
>
> http://www.vm-help.com/
>
> Cheers -d
>
> - --
> David Talkington
> dt...@flyingjoke.org
> - --
> PGP key: http://www.flyingjoke.org/keys/801E3976.asc
> (What's this? http://en.wikipedia.org/wiki/Digital_signature)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.11 (GNU/Linux)
>
> iQEcBAEBAgAGBQJKFKpkAAoJEO7jL1CAHjl2+YgH/jwqmzLTgAGD1wDkxBPbJGZC
> qOQkT2lYoyy0obJ66777wfh/BRcZt88jIpnBVxPfprfnE3h4HUVw/0pP4xtriWcK
> nOQp+dWQeuhGYmV9QycWXAWvhRIrSwgmB3LagKPPYUQ4eR0aVz8NJ/LzkJpzwRb1
> 4kdxc4KXYxDG+HdaQ/mhQ4yGeY2AiTs41zs0oEjBQraeBb/FUwdXzKfFmK9brFxd
> kOEuKYUW9QAFnpzAmkKcFHM7QOQ8zIhLNIs7K/jTmLPVYycU14eutUUR+Q+SoI9W
> YriQmxcZ2PTxHIXA2hjvORM9FZiy0NwyDU8H9NHl2gA34rq1vheuVUnsHRJVH4U=
> =eE8z
> -END PGP SIGNATURE-
>

--
Sent from my mobile device

To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry, & the
fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Diana Eichert]

On Wed, 20 May 2009, Obiozor Okeke wrote:


Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501
appliance and I was wondering if anyone has already tried successfully
running ESXi on the Soekris Net5501 before I order the hardware?

Any advice or comments is appreciated.

Thanks in advance


The better question is, What nut are you trying to crack?  Why would
you even consider running a virtualization system on what is
effectively a 486? Okay, a 500MHz 586, but still, it's slow to
start with.

diana

Past hissy-fits are not a predictor of future hissy-fits.
Nick Holland(06 Dec 2005)

Re: OpenBSD ESXi VMware image on Soekris Net5501

[David Talkington]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


This is way OT for this list, but:

Kevin Wilcox wrote:


My understanding is that it has a strict HCL,


Yes it does.


that practically necessitates IBM, Sun, HP or Dell hardware.


No it doesn't.


Skip the virtualisation cruft and install natively.


That isn't a helpful or enlightened answer (not that one should expect 
help with this topic here).


O.P., you should start here for detailed ESXi hardware support info:

http://www.vm-help.com/

Cheers -d

- --
David Talkington
dt...@flyingjoke.org
- --
PGP key: http://www.flyingjoke.org/keys/801E3976.asc
(What's this? http://en.wikipedia.org/wiki/Digital_signature)
iQEcBAEBAgAGBQJKFKpkAAoJEO7jL1CAHjl2+YgH/jwqmzLTgAGD1wDkxBPbJGZC
qOQkT2lYoyy0obJ66777wfh/BRcZt88jIpnBVxPfprfnE3h4HUVw/0pP4xtriWcK
nOQp+dWQeuhGYmV9QycWXAWvhRIrSwgmB3LagKPPYUQ4eR0aVz8NJ/LzkJpzwRb1
4kdxc4KXYxDG+HdaQ/mhQ4yGeY2AiTs41zs0oEjBQraeBb/FUwdXzKfFmK9brFxd
kOEuKYUW9QAFnpzAmkKcFHM7QOQ8zIhLNIs7K/jTmLPVYycU14eutUUR+Q+SoI9W
YriQmxcZ2PTxHIXA2hjvORM9FZiy0NwyDU8H9NHl2gA34rq1vheuVUnsHRJVH4U=
=eE8z
-END PGP SIGNATURE-

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Stuart Henderson]

On 2009-05-20, Obiozor Okeke  wrote:
> Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501 
> appliance and I was wondering if anyone has already tried successfully 
> running ESXi on the Soekris Net5501 before I order the hardware? 
>
> Any advice or comments is appreciated.  

It's slow enough on a dual core xeon with VT enabled and sufficient ram.
Even if this did work on a Geode (highly unlikely since the latest version
doesn't even work on some HP ML servers properly) it would be so horribly
painful you wouldn't want to do it anyway.

What problem are you trying to solve?

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Kevin Wilcox]

This is doomed to failure, mostly because I am *almost* certain that
you'll never get ESXi to install on a Soekris. My understanding is
that it has a strict HCL, very similar if not identical to the HCL for
ESX, that practically necessitates IBM, Sun, HP or Dell hardware.

Skip the virtualisation cruft and install natively.

kmw

On 20/05/2009, Obiozor Okeke  wrote:
> Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501
> appliance and I was wondering if anyone has already tried successfully
> running ESXi on the Soekris Net5501 before I order the hardware?
>
> Any advice or comments is appreciated.
>
> Thanks in advance
>
>

--
Sent from my mobile device

To take from one, because it is thought that his own industry and that
of his fathers has acquired too much, in order to spare to others,
who, or whose fathers have not exercised equal industry and skill, is
to violate arbitrarily the first principle of association, bthe
guarantee to every one of a free exercise of his industry, & the
fruits acquired by it.'

Re: OpenBSD ESXi VMware image on Soekris Net5501

[Jim Razmus]

* Obiozor Okeke  [090520 19:40]:
> Hi I am hoping to run an ESXi OpenBSD 4.5 image on a Soekris Net5501 
> appliance and I was wondering if anyone has already tried successfully 
> running ESXi on the Soekris Net5501 before I order the hardware? 
> 
> Any advice or comments is appreciated.  
> 
> Thanks in advance
> 

So in other words, you plan to run OpenBSD on top of ESXi.  Moreover,
you plan to run ESXi on a Soekris.  This doesn't smell like a recipe for
success.  It may be possible, but the light weight nature of a Soekris
would preclude ESXi and anything as a VM in my opinion.  I don't know if
you can even boot/run ESXi on a Soekris.

Better to just to install OpenBSD natively on the Soekris and skip
VMWare altogether.

HTH,
Jim