Matt's blog
... oh, yes, i am blogging too :)
Monday, November 7, 2016
Monday, March 28, 2016
Gedünsteter Lachs mit Ingwer/Zitrone und scharfen Süsskartoffel Fritten
Super einfaches, schnelles Lachsrezept, hier wie es geht:
Zutaten:
- grosses Lachsfilet
- Süsskartoffel(n)
- Knoblauch
- Ingwer
- Olivenöl
- Gewürze: Salz, Pfeffer, Chilli, Paprika, geriebene Muskatnuss
schälen ...
in Scheiben schneiden ...
grob würfeln ...
und den Knoblauch pellen ...
alles in eine Schüssel geben ...
und kräftig würzen, mit gut Chilli anmachen, dann ordentlich Olivenöl dazu...
und ein bisschen Muskatnuss drüber reiben ...
umrühren, und auf ein Backblech geben ...
Den Lachs auf ein Stück Alufolie geben ...
und mit dem Ingwer und Zitronen belegen, Pfeffer, Salz und ...
etwas Olivenöl ...
einpacken und mit dem Backblech Süsskartoffeln in den
auf 200 C vorgeheizten Backofen packen.
nach 15 Minuten die Süsskartoffeln wenden, nach 25 Minuten
nochmal wenden und den Ofen auf "Grillen/Überbacken" stellen.
Nach insgesamt 30 Minuten ist alles fertig
Und jetzt ab auf den Teller und schmecken lassen.
Guten Appetit!
2 Portionen, ungefähr 10 Minuten Zubereitungszeit plus 30 Minuten Backofen.
Wednesday, June 17, 2015
Leckere Polenta Pfannekuchen mit Waldbeeren-Quark und Minze #postworkout #foodporn
Leckere Polenta Pfannekuchen mit Waldbeeren-Quark und Minze #postworkout #foodporn
Heute möchte ich ein leckeres
Rezept mit Euch teilen. Lecker, sehr Gehaltvoll und in ca. 10 Minuten
fertig zubereitet. Super als Postworkout-Mahlzeit.
Pfannekuchenteig (für ca. 3 Pfannekuchen):
- 2 Eier
- eine Prise Salz
- ein halbes Tütchen Backpulver
- einen Esslöffel Stevia Süsse (wer will kann auch Honig nehmen)
- 3 Esslöffel Polenta Maismehl (ist einfach nur feiner gemahlener Maisgries, besser zum backen, gibts im Bio Laden)
- 1 Esslöffel Vollkorn Weizenmehl
- nach belieben 1 Esslöffel Whey (Protein Pulver Deiner Wahl)
- ca. 1/4 Liter fettarme Milch
- ein bisschen Kokosöl zum ausbacken in der Pfanne
Quark:
- Waldbeeren Mix (Tiefkühl oder besser noch frisch)
- 250 gr Magerquark
- 1 Esslöffel Stevia Süsse (wer will kann auch Honig nehmen)
- ein Schuss Milch
- ein paar frische Minzblätter zur Garnitur
Gerätschaften:
- Schüssel
- Stabmixer
- (Schüttel-) Shaker
Zubereitung:
Den Quark in eine Schüssel geben. Eine handvoll Waldbeeren Mix dazu. Stevia Süsse.
Mit dem Stabmixer und ein bisschen Milch cremig mixen. Dann in den Kühlschrank stellen.
Für den Teig die 2 Eier in den Shaker aufschlagen. Backpulver, Salz, Süsse, Whey, Polentamehl+Vollkornmehl mit der Milch zusammengeben und kräftig 5 Minuten lang schütteln bis ein glatter, recht flüssiger Teig einstanden ist.
Den kann man dann direkt aus dem Shaker in die Pfanne portionieren.
Die Kochplatte für die Pfanne auf höchste Heizstufe einstellen (bei mir ist das 9). Dann die Pfannekuchen hellbraun von beiden Seiten ausbacken.
Mit dem Beeren-Quark und der Minze auf einem Teller anrichten. Fertig und SUPER lecker. Genau das richtige nach einem intensiven Workout.
Viel Spass beim nachkochen! Lasst es euch schmecken :)
Tuesday, May 27, 2014
Install and run a full functional VMware ESX Hypervisor within a KVM virtual machine
This post is about how to setup and configure a VMware ESX Hypervisor within a KVM virtual machine. The resulting ESX Host is going to be fully functional allowing to create (nested) virtual machines with a working network connection.
Some (funny) facts:
- Running VMware ESX within a KVM virtual machine allow memory over-commitment. That means even if your KVM Host system only has 2 GB memory you can assign e.g. 4 GB memory to the ESX Host VM.
- KVM provides the hardware requirements for VMware ESX even if ESX does not supports the KVM Hosts hardware e.g. it allows to install and run a VMware ESX system on almost any kind of Desktop hardware which is normally not supported by ESX e.g. because of an unsupported network card model.
Steps to setup VMware ESX within a KVM VM
- Install Linux on a physical system (I used latest Ubuntu 14.04)
- Install the qemu/kvm package
- Edit /etc/modprobe.d/kvm-intel (or kvm-amd for AMD cpus) and add
options kvm ignore_msrs=1
options kvm-intel nested=y ept=y
- Download qemu-2.0.0 from http://wiki.qemu.org/Download and apply the following patch to hw/i386/pc_piix4.c line 206. Change
0x4);
to
pc_basic_device_init(isa_bus, gsi, &rtc_state, &floppy, TRUE,
0x4);
- Configure the qemu 2.0.0 source with the following command:
- Create /usr/local/etc/qemu/bridge.conf
- Install the bridge-utils package
- Configure a network bridge in /etc/network/interfaces as following:
iface br0 inet static
address 192.168.88.135
netmask 255.255.255.0
network 192.168.88.0
broadcast 192.168.88.255
gateway 192.168.88.1
dns-nameservers 192.168.88.1
bridge_ports eth0
bridge_fd 0
bridge_hello 2
bridge_maxage 12
bridge_stp off
Please notice that your ip-configuration may be different
- Choose a directory for the KVM virtual machine and create the virtual machine harddisk with the following qemu-img command:
- Download VMware ESX Hypervisor 5.5 from the VMware website and put the install iso file (VMware-VMvisor-Installer-5.5.0.update01-1623387.x86_64.iso) into the same directory as the harddisk file was created a step before
- Start the KVM virtual machine with:
Please notice the "vmxnet3" virtual network device type!
- Go through the (normal) VMware ESX installation procedure
- After the installation enable the SSH service on the ESX Host with is now running with the KVM VM. Then ssh into the ESX Host and set the following two parameters in /etc/vmware/config:
hv.assumeEnabled="TRUE"
Now please reboot the ESX Host system to activate the new configuration!
- When creating a virtual machine on the (nested virtualized) ESX Host please make sure to add the following two parameters to the VM's vmx configuration file:
vhv.enable = "TRUE"
vmx.allowNested = "TRUE"
Congratulations!
You have successfully virtualized a VMware ESX Hypervisor with KVM!
I hope you now enjoy your fully functional VMware ESX Host
Additional informations on the VMware parameters used in this howto
- vhv.allow = "TRUE" does nothing on ESX 5.1 and later
- vhv.enable = "TRUE" is only going to be useful if you want to run VMs under the VMs running under ESXi running under kvm
- You can add vmx.allowNested = "TRUE" to /etc/vmware/config in the ESXi VM to avoid having to put it in every nested VM's configuration file.
This quick howto was created with informations from https://communities.vmware.com/thread/451412
Special thanks to jmattson for the additional details on the VMware parameters
Special thanks to jmattson for the additional details on the VMware parameters
Friday, April 4, 2014
A working OpenStack configuration for a single network card
After some longer trouble to get OpenStack running on a system which just has one network card I found a proper solution.
Here it is:
- Install a fresh Ubuntu 12.04 LTS
- Install bridge-utils and configure a br100 bridge on your single network card eth0
- Here the config part for br100 in /etc/network/interfaces
# Internal Network
auto br100
iface br100 inet static
address 192.168.0.1
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
bridge_ports eth0
bridge_fd 0
bridge_hello 2
bridge_maxage 12
bridge_stp off
- Create a VLAN network interface on eth0 using VLAN ID 0
- Run:
modprobe 8021q
vconfig add eth0 0
ifconfig eth0.0:1 10.11.12.1 netmask 255.255.255.0 up
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- This creates a eth0.0 device with the ip 10.11.12.1
- Check that the new eth0.0 device got created with "ifconfig -a"
- Now follow the regular Devstack instructions
- Add a stack user with sudo permissions
- Check out OpenStack with git
- Create a /home/stack/devstack/localrc as following
HOST_IP=192.168.0.1
FLOATING_RANGE=192.168.0.0/24
FIXED_RANGE=10.11.12.0/24
FIXED_NETWORK_SIZE=256
FLAT_INTERFACE=eth0
ADMIN_PASSWORD=password
MYSQL_PASSWORD=password
RABBIT_PASSWORD=password
SERVICE_PASSWORD=password
SERVICE_TOKEN=password
LOGFILE=/home/stack/stack.sh.log
- Now run stack.sh
su - stack
cd devstack
./stack.sh
Shortly after that OpenStack will be up + running and you can connect to the OpenStack Horizion Dashboard at http://192.168.0.1
With this network configuration this setup allows to successfully launch OpenStack instances which are then reachable from the controller.
Devstack, a documented shell script to build complete OpenStack development environments. More about Devstack at: http://devstack.org
Sunday, February 23, 2014
Ultra secure remote access to home network with a raspberry pi
This post is about setting up an ultra secure remote access to home- (or a cooperated) network with a raspberry pi.
We have all heard of the security holes in many DSL routers. Because of that it is important to keep the firmware up2date. Anyway I personally do not really trust the "remote-access" capabilites and the eventual built-in VPN functionalities of those DSL boxes.
Still, eventually I would like to get remote access to e.g. my home network. The idea is to use a raspberry pi as secure bridge into the remote network.
Sure, we can setup VPN on the raspberry pi, anyway most raspberry related VPN howtos require a "logmein" account for an easy VPN setup. I personally prefer to use standard utilities without the need to create an account on a commercial site with all my traffic routed to that site. Also, for me pure "ssh" access is completely sufficiant. This enables the capability for remote-port-forwarding through ssh which is enough for me.
But for any "port-forwarding" on the DSL router at least one open TCP port would be required, how bad!
... but wait, here the "better" idea:
We can use an "active port forwarder" (such as "afp-server/afp-client) to forward the ssh port of the raspberry pi to a remote server (accessible in the internet) through the outgoing connection/communication.
Here how this basically looks like :
Please see also http://gray-world.net/images/af.gif
The raspberry pi creates a outgoing connection (allowed through the firewall) to the remote server using "afclient". On the remote server "afserver" picks up this connection and uses it to actively foward the ssh port of the raspberry pi to a port on the remote server.
-> This setup does not even require a single open port on the DSL router!
Howto configure the raspberry pi for "Ultra secure remote access":
- Setup a raspberry pi with the standard raspian OS image.
- install "apf-client"
- make the apf-client (afclient is the binary name) automatically at startup.
afclient --ignorepkeys -m 50001 --pass [secure-password] -n [remote-public-server] -p 22 --ar-start --ar-quit
I am using the port 50001 for the af-communication in this example.
This will connect to a "afserver" on [remote-public-server] via port 50001 using a SSL encryted comminication secured by [secure-password]
Please notice:
The "--ar-start --ar-quit" parameters allowing the afclient to start even when the afserver on the remote server is not accessible or not started yet. In case the network the raspberry pi is located in does not allow direct internet access the afclient/afserver also supports tunneling the af-connection to standard http/https proxy server. For more options please check http://manpages.ubuntu.com/manpages/precise/man1/afserver.1.html
Now the setup on the remote (public accessible) server:
- Install "apf-server" (afserver is the binary name)
- Start "afserver" to allow and pick up the connection from the client
afserver -m 50001 --pass [secure-password] -l 40001
This picks up the afclient on port 50001 and forwards the ssh port from the raspberry pi to port 40001 on the remote (public accessible) server using the same password as given for the afclient.
-> you can now ssh to port 40001 on the remote (public accessible) server which will login to the raspberry pi!
From there you can e.g. use "wakeuponlan" to power on systems in the remote network.
More security for this setup:
- install "failtoban" on the raspberry pi to harden the ssh login - http://www.fail2ban.org/
- disable "root" ssh-access to the raspberry pi and only permit to use ssh-keys (not passwords)
- use "iptables" to secure the remote forwarded ssh port on the remote (public accessible) server.
/sbin/iptables -A INPUT -p tcp -m tcp -s [the-IP-address-from-where-you-come-from] --dport 40001 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 40001 -j DROP
- only start the "afserver" when you need it. When it is not start the forwarded ssh port of the raspberry pi won't be picked up so it won't be accessible.
Hope its useful for you! Security IS important!
Wednesday, January 22, 2014
What a MP3 player and Cloud Computing have in common
When thinking of IaaS Cloud Computing most of the time it is like a MP3 player. You can easily let users create and start, stop and destroy their own VMs and ... not really much more.
If this is not enough for you
or
If you like Cloud but still would like to deploy your systems (VMs and "bare-metal") in a regular (non-AMI) way
or
If you are looking for 100% IT service automation including automatic highavailability, automatic monitoring, automatic backup+restore, automatic IT-documentation, automatic DNS/Network/DNS/DHCP/VLAN management, automatic out-of-band management (including Green IT), automatic application deployment and configuration etc.
... then you should take a look at the openQRM Enterprise datacenter infrastructure and IaaS Cloud Computing solution!
Compared to the MP3 player you can think of openQRM as a full featured Music-Studio application. It can play all kinds of music files (not just MP3s), it lets you record, cut, paste and re-arrange different tracks and song parts, it gives you full control and lets you adjust every bit and pinch of the songs you play and provides you with "super hero power" for your complete music collection.
openQRM Enterprise Datacenter Infrastructure is the "magic potion" for system administrators. It provides a generic Server deployment work-flow which integrates and combines common and custom system administration tools and solutions into a powerful single management console for your complete IT-service Infrastructure; from "A" as in Ansible to "Z" as in Zabbix.
On top of that openQRM Enterprise IaaS Cloud Automation turn your existing openQRM Enterprise Datacenter Infrastructure into a flexible and 100% automated private, public and hybrid Cloud Computing environment including an user-friendly "VM and Bare-Metal Server" Self-Service - no matter which virtualization, storage or network technologies you use.
More infos at http://www.openqrm-enterprise.com/
Subscribe to:
Posts (Atom)