proxmox PCI passthrough with windows, Geforce 1070, Ryzen, and B450 Tomahawk


I set up my first Proxmox implementation on my rebuilt gaming PC.  The goal was to run proxmox on bare metal, then run a windows VM with hardware passthrough so I could play Elite Dangerous in windows with only a 1-3% performance loss. This would also give me a platform to work on automation tools and containerization.

So how did I go about doing it? Well, I started by reading this article:

That did most of the heavy lifting, but it was specific to intel processors. Here’s what my final changes looked like:


I needed to enable 3 main things:

  • WHQL for windows 10
  • UEFI Bios
  • enable virtualization under the Overclocking-> CPU Features panel



/etc/default/grub needs to have the following DEFAULT line:

GRUB_CMDLINE_LINUX_DEFAULT=”quiet amd_iommu=on iommu=pt video=efifb:off”


Modprobe blacklist

/etc/modprobe.d/blacklist.conf needs the following entry:

blacklist radeon
blacklist nouveau
blacklist nvidia
blacklist amdgpu


QEMU Host config



agent: 1 
bios: ovmf 
bootdisk: scsi0 
cores: 8 
cpu: host,hidden=1
hostpci0: 1c:00.0,x-vga=on,pcie=1 
hostpci1: 1c:00.1 
hostpci2: 1d:00.3 
hostpci3: 1e:00.3,pcie=1 
ide2: local:iso/virtio-win-0.1.141.iso,media=cdrom,size=309208K 
machine: q35 
memory: 12000 
name: gamey 
net0: e1000=DE:F7:85:97:FF:22,bridge=vmbr0 
numa: 1 
onboot: 1 
ostype: win10 
scsi0: local-lvm:vm-101-disk-0,size=100G 
scsihw: virtio-scsi-pci 
smbios1: uuid=d0e62ae5-0939-4544-aa2e-7e92f872cc39 
sockets: 1 
usb0: host=1-2 
usb1: host=0c45:7605 
usb2: host=046d:c332 
virtio2: /dev/disk/by-id/ata-CT500MX500SSD1_1817E1395213-part1,size=476937M 
vmgenid: fa74f2e1-46d1-444b-963a-1f0417d18fd0


options vfio-pci ids=10de:1b81,0de:10f0


I apologize that this is super rough and poorly formatted, but I figured that was better than nothing.

Fix for Citrix Receiver SSL Error 61 in Chrome on Linux


Found this here, which fortunately fixed my issue with 3 lines:

sudo mv /opt/Citrix/ICAClient/keystore/cacerts /opt/Citrix/ICAClient/keystore/cacerts_old
sudo cp /opt/Citrix/ICAClient/keystore/cacerts_old/* /usr/share/ca-certificates/mozilla/
sudo ln -s /usr/share/ca-certificates/mozilla /opt/Citrix/ICAClient/keystore/cacerts

Xenoblade Chronicles 2 Review


I bought Xenoblade Chronicles 2 as a fluke- I’d heard the first one was good, and there was an article prior to it coming out suggesting that it was the game to play after Breath of the Wild. Well, I’ve put a week or so into it so far and here are the takeaways.

  • The battle system is an over-complicated mess where you don’t actually battle, you just wait for permission to press buttons. It’s completely chaotic and near impossible to follow and you feel like a spectator rather than a participant.
  • Once a battle is done, all damage is healed. There’s no consequences. other than dying and having to “try again”
  • Oh, each of these battles takes an eternity to finish. Walk from point A to point B, and have 30 battles. But if you die half way through, you get to go back to the beginning and do it all over again.
  • The map system sucks, as does the fast travel. You can’t scroll the overlay map to figure out where you need to go, just follow the stupid compass arrow and hope it’s leading you the right way (it’s led me to solid walls already, resulting in me giving up on that side quest. The fast travel screen is just unintuitive, and the map it shows doesn’t correlate with the overlap map in any meaningful way.
  • The voice acting. My god- I was embarrassed when the first mustashe-twirling govenor guy showed up because it sounded like… I don’t know, like a horrible person doing a Scotty from Star Trek impression.

I’m on chapter 3, and at this point it feels like a trudge. to get through the game. I keep hoping it’ll get better, but it isn’t. and to top it off, I bought the digital download like a fool so I can’t even resell it. I just spent 3 hours grinding my way to the next section only to die and start over.

What a disappointment.


Monoprice Maker Select Plus Upgrades


Because I don’t know when to stop, I’m going to start working on upgrades for my printer.


1. Filament Guide

Apparently one of the common problems is that slack in the filament can cause tangles- the best way to work around this is a filament guide. The first filament guide I printed was loose- too loose to use by itself. The second style just didn’t print properly, even trying to print it 2 different ways. I ended up using a command strip to stick the first one in place, and that seems to be working for the time being. Perhaps later I can modify the model and make it a little better fit.

2.  Thumbwheels

Another common problem is that the all-metal thumbwheels will jiggle free over time, causing the bed to unlevel. The Solution is to use nylon locking nuts (nylock nuts) , but they’re so tiny you wouldn’t be able to adjust them- that’s where the 3d printed thumbwheels come in. The nylocks go on the underside of the printed thumbwheel, allowing better control and a more coarse texture than the metal thumbwheels. So far they’re working well.

3. Octoprint

While it’s not a direct mod, I printed a 3d case for a raspberry pi and loaded the pi with a custom OS called Octoprint. It controls the printer over USB so you’re not constantly inserting and removing sdcards. In addition, it gives you a nice web interface where you can upload your gcode files, track the print progress, and tweak configurations. It even lets you time-lapse control a pi camera to see the status and verify things haven’t went off the rails.

4. Allen Wrench and Scraper Hook Support

This is more of a utility modification than anything- with the 3d prints, you usually need to scrape the print off the bed when it’s complete, which means you have a standard scraper always laying around. This gives you a hook to store the scraper on, as well as slots to place the allen wrenches.

5. Fun Fan cooler

My original intention was to go with the Dii cooler, but after some investigation I came across the fun fan cooler, which looks like an earwig’s behind.  it has a few print flaws which I’m going to attempt to fix and re-release it on thingiverse. So far it’s greatly improved the quality of my prints. Update: My attempt to fix the model failed miserably. I still have a lot to learn about organic modelling.

6. Pi Cam Arm

I’ve found a decent arm/camera holster for my raspberry pi camera, which should allow me to create timelapse videos. I still don’t have a great base due to the short cable I’m working with, but that should be remedied tomorrow. In the mean time, here’s a video:  This was my second print of the Earwig vent/ Fun Fan Cooler.

7. Glass Bed

My glass bed has arrived, but the thermal pad won’t be here until Saturday. Between now and then I’ll have to print clips.


Future Plans

Right now I’m planning on the following upgrades:

  1. Z braces. I saw the tower shake a surprising amount during quick y axis movements- Z braces basically add a hypotenuse to the intersecting structure of the printer. The ones I’m looking at will have levelling feet. Update: Unfortunately, these are for the maker select, not the select plus, so they won’t fit. I’ll need to design my own.
  2. Metal Hotend with slotted block. Microswiss makes a nice hotend that supposedly works much better.
  3. Hardened steel nozzle. Another Microswiss upgrade that’ll let me work with a wider array of materials and temperatures.
  4. Machined lever and extruder plate. The existing level that holds the filament in place will warp over time- this one won’t.

Overall this has been an interesting diversion so far.


Time to Print


After finally getting my 3d printer, I thought I should start keeping track of what I’m doing.

Printer: Monoprice Maker Select Plus

Standard Filament: MP Select PLA Plus+ Premium 3D Filament (white)

After Unboxing it and getting everything aligned, I printed 1.gcode and 2.gcode from the SD card that came with it using the yellow PLA filament that came with it. The first was a small elephant, the second was a swan.

Quick Backstory

I had played a bit with FreeCAD while waiting for the print and had followed a tutorial for creating a “lego.”

As you may or may not know, There are 2 steps in designing a 3d part

  • designing the regular 3d object in 3d modeling software like 3DSM, Maya, Blender, FreeCAD, etc to create an STL file.
  • converting the STL with a slicer program like Cura into a gcode file.

The Gcode is basically a set of assembly-like instructions for controlling the printer- move 2mm, extrude, move 3mm, retract, travel 10mm, etc. What’s important to note is that Cura needs to be configured for your specific printer model.

  • The good news is that Monoprice ships with a free copy of Cura
  • The bad news is that they only include the exe version
  • The good news is you can run it with wine
  • The bad news is that it’s not only in chinese(?), but fails to install with an error (that is also not in english).

This makes it really hard to configure Cura properly. My first attempts did not go great, but after doing a bit of research, I found that the  “Prusa i3 Mk2” model was “close enough” with some minor modifications:

Monoprice Maker Select Plus Cura Settings, Mostly correct


Back to the Real Story

The Lego

After some tinkering and trial and error, I was able to print my self-designed lego sliced with my own copy and configured version of Cura, however somewhere along the way it became supersized. It fits roughly 3 regular lego pegs to every 2 on my block. I’m not sure where things fell apart, but I need to re-examine the FreeCad file and get the calipers out to figure out if the instructions were wrong or if I did something incorrect.

Anyways, the Lego used up almost the last of my sample yellow, so I opened my new standard filament, the white PLA from monoprice.

The Drow Wizard

The first thing I printed was a Drow Wizard from Shapeways. it was fairly complex, and so-far the printer is completely untuned, so it’d give me a good idea of what I’m working with.

It was pretty rough. There were a lot of strings between the staff and the figure, and the face had no detail. After a bit of cleanup, it’d be passable for kids, but it was still lower quality than I was hoping for

The Filament Guide

The next thing I printed was the filament guide upgrade for the printer itself. This was my first time using a support, and man did it waste a lot of filament. After some cleanup, it came out decent, but still had some print flaws- namely a hole in the top of the guide arm where the top layer wasn’t think enough and inside the “C” at the top, the edges pulled away from the rest of the print. It’s probably still usable, but I’ll eventually print a better one.

The first “real use” part was a Raspberry Pi 3 case I found on Thingiverse. The Top came out rather nice (but still has some flaws), and I’m waiting for the bottom to finish as I type this.

While waiting, I’ve done a bit of research on some of the flaws I’ve noticed and am coming up with a list of things to try. Before I make any further adjustments, I’m going to print a 3dSketchy boat that is commonly used for calibration tests. Once I do that, I’ll probably print 3 or 4 more, trying different configurations and tweaks.


3d Printer Ahoy!


I’ve finally gotten the go-ahead to get a 3d printer. It’s something I’ve wanted for a long time, but I’m just now at the point where I can get into it. As I wait for my tax return, I’ve started learning how to use Freecad.


So far I’ve finished the following tutorials:

  • (2017-03-26)

It’s taken a bit of time, but I’m slowly getting there. With any luck I’ll be fabricating parts with relative ease, then can move on to sculpting with blender.


A Brief Review of Ansible Redis Modules


I’m currently investigating the best ansible module to manage redis for my server. The good news is that ansible galaxy has plenty of options; the bad news is that most of them are terrible. This is my first attempt to find the best of the bunch.


For the sake of simplicity, I’m limiting my search to roles that support Enterprise_Linux (e.g. Redhat, Centos, etc). In addition, I’m going to be examining the github repos rather than the galaxy entries.


It’s important to note that I’m not judging the authors, only their usefulness to me.

Last Commit: Sept 15th, 2015

Commits: 2    Contributors: 1

Branches: 1    Releases: 0


  • Default values used
  • Remi repo used
  • config templatized
  • vars used


  • Installs its own Remi repo config
  • docker stuff included
  • extensive template hardcodeds content
  • README example is limited.

Last Commit: May 25th, 2016

Commits: 15    Contributors: 3

Branches: 1    Releases: 0

Redis versions supported explicity: 2.4, 2.6, 2.8


  • Extensive defaults
  • simple tasks and template
  • Estensive README


  • overly simplistic module, complex variables
  • uses default redis package

Last Commit: September 8th, 2016

Commits: 5    Contributors:1

Branches: 1  Releases: 0


  • includes spec file
  • enables remi and epel repos


  • includes docker for tests
  • doesn’t include repos as requirements

Last Commit: September 27th, 2016

Commits: 7    Contributors: 1

Branches: 1    Releases: 3


  • Good Defaults
  • Excellent README
  • multilayer vars configuration
  • includes test playbook and inventory
  • Supports multiple distributions


  • complex vars configuration
  • default packages only, no repo support

Last Commit: June 20th, 2016

Commits: 5    Contributors: 3

Branches: 1     Releases: 3


  • includes good repo dependencies


  • Poor defaults
  • Bad formatting with redirects
  • Bad README

Last Commit: June 7th, 2016

Commits: 18    Contributors: 1

Branches: 1     Releases: 0


  • includes performance tweaks


  • includes docker file
  • bad defaults
  • mentions epel, no include or dependencies
  • no repo dependencies
  • Poor vars

Last Commit: March 10th, 2016

Commits: 36    Contributors: 1

Branches: 2    Releases: 6


  • includes build status


  • No repo dependencies
  • Weird tasks layout
  • Configuration not really EL specific (more debian than Redhat)


Wow…. that was, uh, painful. The good news is a lot of them are still active, though the number of commits is relatively low. across the board. The low commit numbers could mean one of two things:

  1. Ansible roles are easy to get right the first time, or
  2. they’re slapped together and not really polished.

There’s a few we can rule out straight away: mrlesmithjr, dgnest, AerisCloud- there just wasn’t a lot of useful content.


That leaves hostclick, jtyr, officel, and sbaerlocher with useful content. I think the right answer will be to roll my own taking parts from each. I’ll give it a closer look tomorrow.


Update: AAAND I feel dumb. I didn’t notice during my first search that those were the first 10 results- 3 rows of 3 and one row of 1 made it look like that was the end of the list.


I’ll have to re-evaluate, probably based on “most downloaded.”

Puppet Enterprise + firewall = pain.


I’ve been tasked with setting up puppet enterprise. For numerous reasons it’s shaping up to be the project from hell (some the fault of puppet, but many that aren’t), but I’d like to share this little tidbit for posterity.

The main issue I’ve run into is that our puppet server is in a highly restricted vlan with no internet access. Since puppet pulls its modules from puppetforge, this becomes problematic.  The solution we came up with is to explicitly state the git repo to use for each module in the Puppetfile.

Problem 1: Naming conventions.

I can’t keep 100% fidelity on the projectnames when we migrate them over- for the puppetmodule KyleAnderson/consul, I don’t want to create a KyleAnderson user, so I have to mangle it to merge the user and project name together (since project names alone may not be unique; e.g. if bob/ntp wrote his module for windows and kevin/ntp wrote his module for linux, we can’t just call either puppet/ntp or we’ll get a collision.

We go from this:

forge ""
mod "KyleAnderson/consul", :latest
mod "arioch/redis", :latest


forge ""
mod "KyleAnderson/consul", :latest
  :git => 'https://internalgit/puppet/KyleaAderson-consul'
mod "arioch/redis", :latest
  :git => 'https://internalgit/puppet/arioch-redis'

In order to do this, we needed to get the git repo for each and mirror it. Well, that was the intent.

Problem 2: Names don’t match

KyleAnderson/consul does not exist on github. After manually searching the forge, I see his URL is actually solarkennedy/consul. So this means we need to get the project URL for each module to be able to clone the git repo. After much experimentation with puppet help module, I realized I can search for the module name, export as yaml and grep out the project name. I end up using the following command to check out the 51 modules I need:

for i in `cat .file |sed -e 's/.*"\(.*\)".*/\1/'`; do puppet module search ${i} --render-as=yaml |grep project_url |sed -e 's/.*: //' |xargs git clone ; done;

Problem 3: Inconsistent project URLs

…except that only works for about 80% of the modules- the rest have bad urls. Oh well, 43 is better than nothing.

ok, I have the modules now, time to check them into my git repo…

Problem 4: can’t check modules into git without the project existing first.

I have to create all 43 projects in the github enterprise web interface; that’s painful. I search and find documentation that eventually leads me to this little nugget:

for i in `ls` ; do curl -u "jmorgan3:$token" http://internalgit/api/v3/orgs/puppet/repos -d '{"name": "'${i}'"}' ; done

which creates 43 glorious repos. Then, I set the origin URL to my server:

for i in `ls` ; do cd $i ; echo $i ; git remote set-url origin git@internalgit:puppet/${i}.git ; cd ~/Projects/puppetmods/ ; done

and finally push them up

for i in `ls` ; do cd $i ; echo $i ; git remote -v ; cd ~/Projects/puppetmods/ ; done
for i in `ls` ; do cd $i ; echo $i ; git push ; cd ~/Projects/puppetmods/ ; done

Now I have all 43 modules checked into my internal git server.


I need to match up repos with modules (since the names may not match).

Problem 5: Repos were horribly named.

By using the repo names from the project URL, I still ended up with names like realmd, puppet-wordpress, and sssd. Hopefully this won’t bite us later.


I’ve commented out the remaining 7 unmatched projects, committed and pushed my Puppetfile changes, and am now rerunning “r10k deploy environment -pv”


Fingers crossed that this will work.


Problem 6: Bad syntax, I guess?

There were 100 little syntax issues with the Puppetfile. While I fixed most, this one was not resolvable:

# r10k deploy environment -pv
INFO -> Deploying environment /etc/puppetlabs/code/environments/master
INFO -> Environment master is now at 2481f9677469711705bcdb20dd9f0260466b955d
ERROR -> Failed to evaluate /etc/puppetlabs/code/environments/master/Puppetfile
Original exception:
wrong number of arguments (3 for 1..2)
INFO -> Deploying environment /etc/puppetlabs/code/environments/production
INFO -> Environment production is now at a6a7d5eda88334b0293d8534de81191a1375cf06
ERROR -> Failed to evaluate /etc/puppetlabs/code/environments/production/Puppetfile
Original exception:
wrong number of arguments (3 for 1..2)

Problem 7:  The control Repo changed!

Between originally checking this out 3 weeks ago and now, they have gutted and rebuilt the example I was using. The rationale makes total sense (it was over-opinionated previously), but now the new version is incomplete, so I’m left twisting in the wind.


I have a call with our puppet reps scheduled shortly and will pick up there.

The Pain and Fury of vmware-cli on CentOS 7, Part 4


Once more into the breach? Sure. Lets see what else we can remove, and destroy some dependencies as well. Our changelist includes:

  • removing “-d perl-Devel-StackTrace -d perl-Class-Data-Inheritable -d perl-Convert-ASN1 -d perl-Exception-Class -d perl-Compress-Raw-Zlib -d perl-Try-Tiny -d perl-Crypt-SSLeay -d perl-XML-NamespaceSupport -d perl-Archive-Zip “
  • adding -x “**Digest/MD5**” -x “**Crypt/OpenSSL/RSA**”  -x “**/Module/**” -x “**/Test/**”  -x “**/ExtUtils/**” \
  • updating iteration to 3
  • Adding perl-Crypt-OpenSSL-RSA perl-Digest-MD5 as a tentative rpm dependencies
  • removing symlinks via vmunlinker script

And here’s what I’m going to run.

echo '#!/bin/bash'> /tmp/ ; echo 'cd /opt/vmwarecli/bin/ ; for i in * ; do rm /usr/bin/$i ; done' >>/tmp/
chmod 755 /tmp/

fpm -f --pre-uninstall /tmp/ --post-install /tmp/ -s dir -a noarch --rpm-user root --rpm-group root -t rpm -n vmware-cli -v '6.0.0_2503617' --iteration=3 -C / \
-x "**Devel/StackTrace**" -x "**Class/Data/Inheritable**" -x "**Convert/ASN1**" -x "**Exception/Class**" -x "**Compress/Raw/Zlib**" -x "**Try/Tiny**" -x "**Crypt/SSLeay**" -x "**XML/NamespaceSupport**" -x "**Archive/Zip**" \
-x "**Class/MethodMaker**" -x "**Devel/CheckLib**" -x "**Compress/Raw/Bzip2**" -x "**Encode/Locale**" -x "**Env**" -x "**IO/HTML**" -x "**Import/Into**" -x "**IO/Socket/INET6**" -x "**Locale/Maketext/Simple**" -x "**Mozilla/CA**" -x "**Net/SSLeay**" -x "**Perl/OSType**" -x "**Params/Check**" -x "**Path/CLass**" -x "**Socket6**" -x "**Sub/Uplevel**" -x "**Task/Weaken**" -x "**Test/Warn**" -x "**autodie**" -x "**/version**" \
-x "**Digest/MD5**" -x "**Crypt/OpenSSL/RSA**" -x "**/Module/**" -x "**/Test/**" -x "**/ExtUtils/**" \
/etc/vmware-vcli /opt/vmwarecli /usr/lib64/perl5/auto/Locale /usr/lib64/perl5/auto/Params /usr/lib64/perl5/perllocal.pod /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/share/perl5/Locale/Maketext /usr/share/perl5/Params /usr/share/perl5/VMware /usr/share/perl5/WSMan


once that finishes, create a snapshot as “v3 built”, revert back to the raw build. I installed the RPM and:

  • Confirmed “-d perl-Archive-Zip -d perl-Data-Dumper -d perl-Crypt-SSLeay” are the only dependencies needed to make vmware-cmd work.
  • Confirmed symlinks worked

then removed rpm and:

  • confirmed symlinks were removed

It seems like we have all of the relevant information. revert to “v3 built” and run this hopefully final command:

fpm -f --pre-uninstall /tmp/ --post-install /tmp/ -s dir -a noarch --rpm-user root --rpm-group root -t rpm -n vmware-cli -v '6.0.0_2503617' --iteration=3 -C / \
-d perl-Archive-Zip -d perl-Data-Dumper -d perl-Crypt-SSLeay \
-x "**Devel/StackTrace**" -x "**Class/Data/Inheritable**" -x "**Convert/ASN1**" -x "**Exception/Class**" -x "**Compress/Raw/Zlib**" -x "**Try/Tiny**" -x "**Crypt/SSLeay**" -x "**XML/NamespaceSupport**" -x "**Archive/Zip**" \
-x "**Class/MethodMaker**" -x "**Devel/CheckLib**" -x "**Compress/Raw/Bzip2**" -x "**Encode/Locale**" -x "**Env**" -x "**IO/HTML**" -x "**Import/Into**" -x "**IO/Socket/INET6**" -x "**Locale/Maketext/Simple**" -x "**Mozilla/CA**" -x "**Net/SSLeay**" -x "**Perl/OSType**" -x "**Params/Check**" -x "**Path/CLass**" -x "**Socket6**" -x "**Sub/Uplevel**" -x "**Task/Weaken**" -x "**Test/Warn**" -x "**autodie**" -x "**/version**" \
-x "**Digest/MD5**" -x "**Crypt/OpenSSL/RSA**" -x "**/Module/**" -x "**/Test/**" -x "**/ExtUtils/**" \
/etc/vmware-vcli /opt/vmwarecli /usr/lib64/perl5/auto/Locale /usr/lib64/perl5/auto/Params /usr/lib64/perl5/perllocal.pod /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/share/perl5/Locale/Maketext /usr/share/perl5/Params /usr/share/perl5/VMware /usr/share/perl5/WSMan


You now have your final product vmware-cli RPM.


Note that I have only been testing vmware-cmd; it’s possible the other 95% of the functionality may be borked.

The Pain and Fury of vmware-cli on CentOS 7, Part 3


So a bit of followup since my last post; I’ve begun reinstalling icinga and my other plugins and have already ran into some resistance- perl-net-SNMP is required by morgnagplug, and has a dependency on perl-Socket6, which conflicts with the vmware-cli rpm.

The Plan

I’m going to do the following:

  1. snapshot my current “production-run” version of the server
  2. jump back to my “package-created” snapshot
  3. add modules listed below to the exclude list
  4. rebuild the RPM
  5. save newest RPM locally
  6. revert to the raw snapshot
  7. upload the newest version of the RPM
  8. install it
  9. test vmware-cmd
  10. If I get an error, install corresponding RPM, then repeat until it runs properly.
    1. If this doesn’t work, revert back to the package-created snapshot
    2. exclude all EXCEPT the troublesome module
    3. rebuild RPM and repeat test.

In addition to Socket6, I will attempt to replace at the same time:

  • Class::MethodMaker with perl-Class-MethodMaker
  • Compress::Raw::Bzip2 with perl-Compress-Raw-Bzip2
  • Devel::CheckLib with perl-Devel-CheckLib
  • Encode::Locale with perl-Encode-Locale
  • Env with perl-Env
  • IO::HTML with perl-IO-HTML
  • Import::Into with perl-Import-Into
  • IO::Socket::INET6 with perl-IO-Socket-INET6.noarch
  • Locale::Maketext::Simple with perl-Locale-Maketext-Simple and perl-Locale-Maketext
  • Mozilla::CA with perl-Mozilla-CA
  • Net::SSLeay with perl-Net-SSLeay
  • Perl::OSType with perl-Perl-OSType
  • Params::Check with perl-Params-Check
  • Path::CLass with perl-Path-Class
  • Socket6 with perl-Socket6
  • Sub::Uplevel with perl-Sub-Uplevel
  • Task::Weaken with perl-Task-Weaken
  • Test::Warn with perl-Test-Warn
  • autodie with perl-autodie
  • version with perl-version

Once I’ve reached a stable point where I can install the newest RPM and it’s dependencies:

  • I’ll rebuild the module with the proper excludes and add the new dependence
  • copy it locally
  • revert to my “production-run” snapshot
  • uninstall the old RPM
  • install the new RPM
  • verify the new dependencies install
  • verify vmware-cmd works as well as

It’s also worth nothing that I’ll be updating FPM to use –iteration 2 since this is such a big departure from the last one.


The Implementation

Reverted back to package-created snapshot

fpm -f --post-install /tmp/ -s dir -d perl-Data-Dumper -a noarch --rpm-user root --rpm-group root -t rpm -n vmware-cli -v '6.0.0_2503617' --iteration=2 -C / \
-d perl-Devel-StackTrace -d perl-Class-Data-Inheritable -d perl-Convert-ASN1 -d perl-Exception-Class -d perl-Compress-Raw-Zlib -d perl-Try-Tiny -d perl-Crypt-SSLeay -d perl-XML-NamespaceSupport -d perl-Archive-Zip \
-x "**Devel/StackTrace**" -x "**Class/Data/Inheritable**" -x "**Convert/ASN1**" -x "**Exception/Class**" -x "**Compress/Raw/Zlib**" -x "**Try/Tiny**" -x "**Crypt/SSLeay**" -x "**XML/NamespaceSupport**" -x "**Archive/Zip**" \
-x "**Class/MethodMaker**" -x "**Devel/CheckLib**" -x "**Compress/Raw/Bzip2**" -x "**Encode/Locale**" -x "**Env**" -x "**IO/HTML**" -x "**Import/Into**" -x "**IO/Socket/INET6**" -x "**Locale/Maketext/Simple**" -x "**Mozilla/CA**" -x "**Net/SSLeay**" -x "**Perl/OSType**" -x "**Params/Check**" -x "**Path/CLass**" -x "**Socket6**" -x "**Sub/Uplevel**" -x "**Task/Weaken**" -x "**Test/Warn**" -x "**autodie**" -x "**version**" \
/etc/vmware-vcli /opt/vmwarecli /usr/lib64/perl5/auto/Locale /usr/lib64/perl5/auto/Params /usr/lib64/perl5/perllocal.pod /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/share/perl5/Locale/Maketext /usr/share/perl5/Params /usr/share/perl5/VMware /usr/share/perl5/WSMan

As I typed that out, I became nervous about those regexex- specifically version and autodie- they felt too generic.

I confirmed my fears by comparing the filelist from iteration 1 and iteration 2:

rpm -qlp vmware-cli-6.0.0_2503617-1.noarch.rpm >/tmp/1
rpm -qlp vmware-cli-6.0.0_2503617-2.noarch.rpm >/tmp/2
vimdiff /tmp/1 /tmp/2

That sloppy regex got rid of /opt/vmwarecli/lib/vmware-vcli/apps/general/, which I did NOT want.

Inserting a slash into that wildcart to change it to -x “**/version**” seemed to do the trick, but it made me curious what else I’d missed. I decided to remove ALL of the excludes and package it as iteration 0, then compare it to my new iteration 2 (with **/version**):

fpm -f --post-install /tmp/ -s dir -d perl-Data-Dumper -a noarch --rpm-user root --rpm-group root -t rpm -n vmware-cli -v '6.0.0_2503617' --iteration=0 -C / \
-d perl-Devel-StackTrace -d perl-Class-Data-Inheritable -d perl-Convert-ASN1 -d perl-Exception-Class -d perl-Compress-Raw-Zlib -d perl-Try-Tiny -d perl-Crypt-SSLeay -d perl-XML-NamespaceSupport -d perl-Archive-Zip \
/etc/vmware-vcli /opt/vmwarecli /usr/lib64/perl5/auto/Locale /usr/lib64/perl5/auto/Params /usr/lib64/perl5/perllocal.pod /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/share/perl5/Locale/Maketext /usr/share/perl5/Params /usr/share/perl5/VMware /usr/share/perl5/WSMan

fpm -f --post-install /tmp/ -s dir -d perl-Data-Dumper -a noarch --rpm-user root --rpm-group root -t rpm -n vmware-cli -v '6.0.0_2503617' --iteration=2 -C / \
-d perl-Devel-StackTrace -d perl-Class-Data-Inheritable -d perl-Convert-ASN1 -d perl-Exception-Class -d perl-Compress-Raw-Zlib -d perl-Try-Tiny -d perl-Crypt-SSLeay -d perl-XML-NamespaceSupport -d perl-Archive-Zip \
-x "**Devel/StackTrace**" -x "**Class/Data/Inheritable**" -x "**Convert/ASN1**" -x "**Exception/Class**" -x "**Compress/Raw/Zlib**" -x "**Try/Tiny**" -x "**Crypt/SSLeay**" -x "**XML/NamespaceSupport**" -x "**Archive/Zip**" \
-x "**Class/MethodMaker**" -x "**Devel/CheckLib**" -x "**Compress/Raw/Bzip2**" -x "**Encode/Locale**" -x "**Env**" -x "**IO/HTML**" -x "**Import/Into**" -x "**IO/Socket/INET6**" -x "**Locale/Maketext/Simple**" -x "**Mozilla/CA**" -x "**Net/SSLeay**" -x "**Perl/OSType**" -x "**Params/Check**" -x "**Path/CLass**" -x "**Socket6**" -x "**Sub/Uplevel**" -x "**Task/Weaken**" -x "**Test/Warn**" -x "**autodie**" -x "**/version**" \
/etc/vmware-vcli /opt/vmwarecli /usr/lib64/perl5/auto/Locale /usr/lib64/perl5/auto/Params /usr/lib64/perl5/perllocal.pod /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/share/perl5/Locale/Maketext /usr/share/perl5/Params /usr/share/perl5/VMware /usr/share/perl5/WSMan

rpm -qlp vmware-cli-6.0.0_2503617-0.noarch.rpm >/tmp/0
rpm -qlp vmware-cli-6.0.0_2503617-2.noarch.rpm >/tmp/2
vimdiff /tmp/0 /tmp/2

The first thing I noticed was that while I excluded Locale/Maketext/Simple, it did not remove the Local/Maketext directory, leaving it empty. I dislike including empty directories, but it’s relatively minor. Perhaps I’ll explicitly remove them in a future iteration.


  • copied iteration2 of the RPM to my local machine
  • time to revert to the Raw snapshot.
  • upload iteration2
  • yum install rpm with it’s original 10 dependencies.
  • test vmware-cmd
/opt/vmwarecli/bin/vmware-cmd --server -l -h esxhost1 --username --password 'somethingsecure'

By some miracle, it works! This means that all of the packages we’ve excluded are not actually needed (at least for vmware-cmd). Our final test is to bounce back to our “production run” snapshot and swap out the iteration1 RPM for iteration2.

yum remove vmware-cli
yum install vmware-cli-6.0.0_2503617-2.noarch.rpm 
ln: failed to access ‘/usr/bin/dcli’: Too many levels of symbolic links
ln: failed to access ‘/usr/bin/esxcfg-advcfg’: Too many levels of symbolic links
ln: failed to access ‘/usr/bin/esxcfg-authconfig’: Too many levels of symbolic links
ln: failed to access ‘/usr/bin/esxcfg-cfgbackup’: Too many levels of symbolic links
ln: failed to access ‘/usr/bin/esxcfg-dns’: Too many levels of symbolic links
ln: failed to access ‘/usr/bin/esxcfg-dumppart’: Too many levels of symbolic links
ln: failed to access ‘/usr/bin/esxcfg-hostops’: Too many levels of symbolic links

Whoops. Remember that script we made? It didn’t clean up after itself on uninstall. Yes, that’s sloppy on my part; I should include a pre-uninstall script to remove those symlinks. It turns out the links were broken anyways (damnit). If I have to repackage this RPM, I’ll include the uninstaller and fix the symlinks. For now, at least the package is installed. (I’ve also changed the example in the last article to function properly.)


The important thing is vmware-cmd is functional, as is Now to get all of my other checks functional.


One thing I am bothered by though. Despite not requiring that third round of dependencies, I still have a bunch from the first and second rounds:

-d perl-Data-Dumper
-d perl-Devel-StackTrace -d perl-Class-Data-Inheritable -d perl-Convert-ASN1 -d perl-Exception-Class -d perl-Compress-Raw-Zlib -d perl-Try-Tiny -d perl-Crypt-SSLeay -d perl-XML-NamespaceSupport -d perl-Archive-Zip \

The only one I’m *sure* I need (as in it failed without it) was perl-Data-Dumper; the rest I inferred. Perhaps I should verify those as well. Perhaps another time.

I should also consider another round at the CPAN modules left behind- things Digest::MD5 might not need to be in there.


Go to Top