Installing Windows Management Framework 5 with Chocolatey via Ansible

You want to install WMF5 so you can manage your Windows machine with Ansible and the win_chocolatey package manager. Here’s a bit of a missing detail:

You have to “become” the SYSTEM user in order to install hotfix install files via Chocolatey. Like this (in a playbook:

– name: Install WMF5 and Powershell5… Note, we have to runas SYSTEM account in order to install hotfixes, like this ( in full playbook form):

– name: Ensure Windows Management Framework v5 is installed, along with Powershell 5
hosts: all
gather_facts: no


– name: Install WMF5 and Powershell5… Note, we have to runas SYSTEM account in order to install hotfixes
name: powershell
state: present
register: install_response
become: yes
become_user: SYSTEM
become_method: runas

– name: Reboot the machine if it just installed WMF5, since it requires a reboot after installation
reboot_timeout: 180
when: install_response.changed == true and install_response.rc == 3010

Here’s the issue thread that filled in that detail for me:

Minecraft – Can’t see Shared Multiplayer Games on the Network?

In your router, enable “IGMP Snooping”, particularly if one of the affected machines is connected via wireless.

Minecraft uses IGMPv2 multicast to tell other computers on the network that it’s hosting a server. In my router, it was in the “Professional” tab of the “Wireless” configs page.

Enable configurations named something like “IGMP Snooping”, “Multicast”, “IGMPv2”. That’s your foot in the door to solving what I’m sure is a most frustrating problem 😉

Some more info:

How to Disable ipv6 in Ubuntu

You may not need or want ipv6 in your Ubuntu install. Here’s how to disable it *well*

Shell commands to run:

# create the long-life config file
echo “net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1” | sudo tee /etc/sysctl.d/99-my-disable-ipv6.conf

# ask the system to use it
sudo service procps reload

# check the result (should read “1”):
cat /proc/sys/net/ipv6/conf/all/disable_ipv6

Some Cygwin Notes on installing Ansible in Cygwin on Windows

I wanted to install Ansible on Cygwin running in Windows. I also wanted to interact with AWS, so I needed to install boto. “six” just for kicks as well. Here’s what finally worked, along with some notes on the experience:

This step-by-step is valid on Windows Server 2012r2 machines as of 9/29/2017. It is the cleanest way of working with Cygwin that I’ve seen.

Install Cygwin
Download here:
Install to c:\cygwin64 for everything you have to specify a path for (use that for the source, it’s always fast, at least in the US)
Basic install, no additional packages
Add a shortcut to the desktop
– Shortcut points to mintty.exe, interestingly… never knew that
– C:\cygwin64\bin\mintty.exe -i /Cygwin-Terminal.ico –

Open up the Cygwin shell:
echo ‘alias cyg-get=”/cygdrive/c/cygwin64/setup-x86_64.exe -q -P”‘ >> ~/.bash_profile
– This makes it so installing more cygwin-specific packages is just like using apt-get, all from within Cygwin
– Doing it this way makes cygwin even more portable 🙂
Close and reopen the Cygwin shell
– To get that alias thing from above

Install all the dependencies using our nifty apt-get-like approach
– cyg-get cygwin32-gcc-g++,gcc-core,gcc-g++,git,libffi-devel,nano,openssl,openssl-devel,python-crypto,python2,python2-devel,python2-openssl,python2-pip,python2-setuptools,python2-devel,tree,wget,zip,make,openssh
– You have to use a comma-delimited list. Some internet blog posts use spaces…. Those don’t cut it

Use pip2 to install:
– pip2 install boto six ansible==1.9.4
— Running bdist_wheel for pynacl
— That takes forever… you have to just wait…. Forever

At this point, you should be all set. And… you should be able to copy-paste the cygwin64 folder into any other Windows machine and everything will “just work”

– This approach is the cleanest, most portable way to work with Cygwin. Really, it’s completely self-contained, not affecting anything else on the host… All things Ansible, boto, gcc, etc live entirely in that cygwin64 folder. Delete the folder; they’re all gone, as though they were never there.
– At the time of this writing, the world is kind of between Python 2.7 and Python 3.x. As such, this is a case where we have to explicitly say we want to install pip2 and python2.
– Note that the permissions and execution bits on files can kind of get scrubbed out when checking things out from GitHub (other vcs too?), so in the case of Ansible and boto, the hosts file and the ec2 file may need to have their execution bits updated after a checkout – hosts should not be executable; ec2 should be executable. It’s possible other .sh files you check out from, say, GitHub may need their execution bits changed as well

Installing ESXi on Unsupported Hardware

You have an old computer. You want to put ESXi on it. You get errors like stalling at “Initializing IOV”, “failed loading nfs41client”, or “No Network Adapters”. Here’s how I worked around all three of those.

“Initializing IOV”
– Means your hardware doesn’t support something. When ESXi is starting up press “tab” or “shift+o” to get to the boot command line options. Then simply put in a space followed by “noIOMMU” at the end of that line.
– from

During install or loading of the installer you see “failed loading nfs41client” or “failed loading nfs4lclient”… one of those two. And then you get a “No network adapters” at the end.
– Means you have some network card or chipset that’s not officially supported by the ESXi installer.
– Create a custom install image:
– I did this:
In Powershell:
– Install-Module -Name VMware.PowerCLI -Scope CurrentUser
– download this:
– run this to find what network card you have (mine was the Realtek 8168, mentioned here:
– run this: .\ESXi-Customizer-PS-v2.5.1.ps1 -v60 -vft -load net55-r8168,net51-r8169,net51-sky2
– Use rufus to create a bootable USB with the resulting ISO
– Install ESXi with that bootable USB (I had to use the “noIOMMU” additional boot option)

Hopefully it helps you 🙂

Self-Signed SSL Certs on Ubuntu and Apache2

Simple step-by-step on how to create a self-signed SSL cert in Ubuntu and then some notes on how to use it (some specific mentions of Perforce Swarm, so just update things to reflect your own site name:

1. Enable SSL for Apache2
sudo a2enmod ssl
2. Create directory to save certificates
sudo mkdir /etc/apache2/ssl

3. Create the required certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Note: Ensure the ‘Common Name’ you provide matches your Swarm servers FQDN exactly.

4. Follow the on screen prompts adding organization information as required.

5. Backup the current HTTP virtual host configuration:
cp /etc/apache2/sites-available/perforce-swarm-site.conf /etc/apache2/sites-available/perforce-swarm-site.conf.BAK

6. Edit the Apache site config file for the Swarm virtual host:
sudo nano /etc/apache2/sites-available/perforce-swarm-site.conf
We’ll continue to listing on port 80 for plain HTTP requests and on port 443 for HTTPS. See below, replacing SWARM-SERVER_HOSTNAME with the FQDN of your Swarm server.

ErrorLog “/var/log/apache2/swarm.error_log”
CustomLog “/var/log/apache2/swarm.access_log” common
DocumentRoot “/opt/perforce/swarm/public”

AllowOverride All
Require all granted

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

ErrorLog “/var/log/apache2/swarmssl.error_log”
CustomLog “/var/log/apache2/swarmssl.access_log” common
DocumentRoot “/opt/perforce/swarm/public”

AllowOverride All
Require all granted

Note: Please check with your security team to ensure the permissions provided in this setup are suitably restrictive for your environment.

5. Restart Apache to pickup the changes
sudo service apache2 restart
6. Now try your new HTTPS URL from a web browser.

Now, in Ubuntu, here’s how to add that client-side certificate file you created above when you made the self-signed SSL cert (run alls steps as the root user):

Given a CA certificate file foo.crt, follow these steps to install it on Ubuntu:

Create a directory for extra CA certificates in /usr/share/ca-certificates:
sudo mkdir /usr/share/ca-certificates/extra

Copy the CA .crt file to this directory:
sudo cp foo.crt /usr/share/ca-certificates/extra/foo.crt
– I’d suggest renaming that .crt file to include the full domain name

Let Ubuntu add the .crt file’s path relative to /usr/share/ca-certificates to /etc/ca-certificates.conf:
sudo dpkg-reconfigure ca-certificates

In case of a .pem file on Ubuntu, it must first be converted to a .crt file:
openssl x509 -in foo.pem -inform PEM -out foo.crt

You can redirect http traffic to https by adding the below to the end of the section on your server:
– Redirect / https://

From 2 great finds:

Can’t create a new datastore on ESXi 5.5 when using an existing disk

I got this error when trying to create a datastore on a local SSD I had just installed:

A specified parameter was not correct.

This blog post reported it’s a problem with having an existing MBR partition on the disk.

Apparently, VMFS5 doesn’t like that scenario. Usually, you’d have to manually delete the partition via some shell commands on the ESXi host. But, one of the comments mentioned they were able to create a VMFS3 partition first, and then upgrade it to VMFS5. Worked for me 🙂

2006 Honda Odyssey with misfires reported on cylinders 4 and 5 – started after a head gasket and timing belt replacement

Had to change out the head gasket, particularly on the bank with cylinders 4,5, and 6 (the front-most 3 cylinders). That process, while cumbersome, worked out fine. I had to get the front cylinder head machined, since it was low in one point by around 8 thousandths. Everything went back together relatively smoothly. Once done, the engine started up on the first try, and it ran smoothly.

And then, while making sure the coolant and other fluids were filled correctly, the engine died. It turned out that the auto tensioner pully’s bearings blew up, complete with ball bearings all over in the timing belt cover area. Luckily, the belt didn’t break, but as best as I can tell it jumped one or more teeth.

After redoing the timing belt, complete with a timing belt kit – just do yourself and your car a favor and buy a timing belt kit – the engine started up, but it ran pretty rough. The codes reported misfires, especially in cylinders 4 and 5 (the front left and center cylinders when viewing the engine from the front of the car). However, it also reported random cylinder misfires. It also reported the bank 2 sensor 2 oxygen sensor heater circuit was bad somehow (this is the O2 sensor on the bottom of the front three-way-prewarm-catalytic converter… something like that).

I replaced the bank 2 sensor 2 oxygen sensor, but that didn’t chnage anything. Then I started unplugging ignition coil plugs one at a time to see which cylinders were misfiring. Sure enough, it was cylinders 4 and 5. I got new spark plugs and new ignition coils (for all cylinders). That seemed to help a bit, but it was not all the way. The engine was still misfiring on cylinders 4 and 5 (wet spark plugs that smelled like fuel).

I did a compression test on cylinders 4 and 5 to see if the valves hit the pistons when the incident with the auto tensioner pulley happened. compression was fine – 130psi or so. It’s relatively easy to test this if you have the tool.

Then, I did the CKP sensor relearn procedure. That’s “CranKshaft Position” sensor. And it worked. No more misfires, and the engine idles smoothly now – more more rough idling, it now starts easily, and it doesn’t almost die at idle.

I didn’t have a tool that would reset anything, so here’s what I did (based on what the Honda service manual outlined):

Started the engine in the driveway from cold, and ran it at 3000RM until it got up to temperature. Drove it around in 2nd gear (automatic transmission), getting up to 2,500RPM and then letting it coast down to around 1,000RPM (keeping it in the same gear). I did this about 5 times in either 1st or 2nd gear. I then went on a larger road and ran it in 2nd gear up to 5,000RPM and then let it coast down to 3,000RPM (keeping it in 2nd gear). I did this around 3 times. Then, I found a spot to park it and turned it off, then turned the key to position II (not starting the engine) and let it sit like that for 30-40 seconds, then turned it off. Then, when I started the engine up, it idled notably more smoothly. And it’s stayed that way. Further checks with a code reader showed no new codes being through, though the engine light is still on – I presume it will turn off after 100 miles or so (part of the buffer it needs to have so you can’t cheat the smog check so easily).

I hope this helps.

Perforce Proxy – uses and notes

Here’s the lowdown on the Perforce Proxy (aka P4P):

– You can use *any* version of it. Just use whatever the most recent one is on

– It’s as simple as you might hope. Install it, make it run all the time, point it at your main perforce instance, and then have all your p4 clients just point at the proxy instead of the main perforce server.

– Yeah, having all the clients point at a p4 proxy instance instead of the main perforce server means you can lock down your perforce server better.

– The proxies cache all the big files and pass along all the commands from the client to the main perforce server. All the proxy does is make it so the main server doesn’t have to read and transfer the big files.

– If you run a p4 proxy on your own computer, it means your computer is storing all the versioned files locally, so when you switch between branches or streams, you don’t have to wait for the big files to transfer from the main perforce server. Yes, it’s great for VPN connections.

– You can’t point a p4 proxy at a p4 proxy 🙂 It says something about a version not being new enough, at least in my brief tests.

– P4 Proxy is easiest to install on Windows. Pretty no-brainer stuff. Really, the installer is an .msi that includes the p4 server and client. You can install just the proxy though, so no worries.

– P4 Proxy just uses disk space. CPU and memory is negligible.

– If you have people in all kinds of locations, just have them set up a p4 proxy instance in a relatively secure manner on their own computer (or if they’re fancy, in some VM in their own environment).

– If you go fancier that a P4 proxy, you’re looking at setting up some perforce edge and read-or-whatever replicas. Just don’t go there…. unless you’re HUGE and you have people (not “person”) in your dedicated IT infrastructure team.

Download it here: