Connecting to the IBM Cloud VPN

IBM Cloud offers a VPN service for your account which you can use to access your dedicated IBM Cloud network. The VPN access is available from your browser using a Java applet, but is also available using a standalone VPN application for Windows, Linux, or macOS.

Unfortunately, I’ve found that the version 2.0 update of the MotionPro Plus application for macOS has broken my VPN access. Not only has it lost all of the passwords I had previously saved, but when I do enter my password and attempt to connect to the IBM Cloud, it immediately disconnects.

While we await a fix from Array Networks, it is possible to revert to an older version of MotionPro:

  1. View the macOS Launchpad and find the MotionPro+ icon
  2. Click and hold the icon until it begins to jiggle, then release. Note that this will delete your MotionPro configuration.
  3. Click the X to uninstall MotionPro+
  4. From the Array Networks support site, download the MacOS MotionPro client corresponding to AG-OS
  5. Open the disk image and run the MotionPro installer package within the image. The installer will also install some command line tools
  6. Recreate your MotionPro configuration

See also: managing SoftLayer VPN subnet access.

Monitoring your IBM Cloud vSphere servers

The IBM Cloud for VMware Solutions architecture specifies that vSphere (ESXi) servers should be attached to the public network, but should be configured not to enable their own public IP address. This ensures that workloads running on the servers can access the public network as necessary (e.g., using an NSX Edge Services Gateway), but that the hosts themselves cannot be reached over the internet.

When IBM Cloud (a.k.a. SoftLayer) provisions a bare metal server, the default monitoring configuration for that server is to ping its public IP address. This means that by default all of your ESXi hosts are reported by the IBM Cloud infrastructure portal to be down:


You can correct this by re–configuring the monitor for each server to test the private IP address rather than the public IP address. Since you cannot change the IP address of a monitor, you will have to remove the existing monitor and create a new monitor for the private IP address.

If you have many bare metal servers in this situation, you’ll want to automate the re–configuration. To help with this, I wrote a Python script to reconfigure your bare metal server monitors. You’ll have to fill in your SoftLayer username and API key, and the script will reconfigure the monitors for all servers that are (1) marked down, and (2) have a monitor configured for their public IP but not their private IP. The new monitor for the private IP will retain the same attributes as the existing monitor for the private IP. Voila:


Managing SoftLayer VPN subnet access

The IBM SoftLayer VPN only supports connection to 64 of your private subnets. If you have more than 64 private subnets in your SoftLayer account, you need to switch your VPN’s subnet management from Automatic to Manual, and select the specific subnets to which you want to connect.

The process for selecting subnets in the UI is not simple, especially if your account has hundreds of subnets. The subnets are not sorted, the dialog is small, and the pagination is slow.


However, it is possible to manage your VPN subnets programmatically using the SoftLayer API. I have created a Python script that allows you to manage your SoftLayer VPN subnet access. The script requires your SoftLayer username, API key, and a list of private IP addresses to which you want to connect. The script locates the subnets in your account that match your selected IP addresses, and assigns exactly these subnets to your SoftLayer VPN account.

You should wait a few minutes after running the script for it to take effect.

Ansible Playbook for Wekan

Ansible Playbook for Wekan

My team is experimenting with using open-source tools deployed internally for Kanban cards.

One tool we are exploring is Wekan, formerly known as Libreboard.

I deployed a Wekan instance to a RHEL 7 virtual machine for our testing. For this deployment, I wrote a simple Ansible playbook with a few additional configuration files (nginx config, Node PM2 configuration), in case there is ever a need to re-deploy the instance.

You can find my playbook and associated files on Github: wekan-setup. The files are as follows:

  • purekan.yml—Ansible playbook
  • wekan.yml—Node PM2 configuration
  • wekan.conf—nginx proxy configuration

You’ll need to customize things slightly based on your domain name or if you are using a distribution other than RHEL.


I bought a basic Kindle recently and I’m enjoying it. I don’t currently plan to buy many e-books, but rather use the Kindle as a better tool for existing reading compared to my computer and phone. Here’s what I’ve discovered so far:


PDF’s aren’t the best format for reading on Kindle. I’ve found two tools for converting PDFs to e-books and uploading them to my Kindle. For simple PDFs (e.g., single column, and not a scanned image), Calibre is great for converting and uploading. However, Calibre does a poor job with PDFs that are scanned copies of books (this applies to many of the books linked above). For these I use a two-step process: first, I run the PDF through the K2PDFOpt tool (at the time of this writing, version 1.63 crashes for me on some books, but 1.51 is stable). This increases the size of the PDF file significantly, but it organizes it in a form that Calibre is much better able to handle. Then I use Calibre to convert these PDFs to e-books, and upload them to my Kindle.


Until now, I saved longer articles and blog posts for later reading using open tabs in my browser. This quickly grows unwieldy. The Instapaper service allows you to save web pages for later reading, and it integrates with Kindle. Now when I run across a longer article, I click a button to send it to Instapaper, and by the next morning the article is ready to read on my Kindle.


The Kindlefeeder service allows you to send blog and news feeds to your Kindle. I’ve selected several of the blogs I read (ones that tend to have longer articles) to be sent to my Kindle, and now I read them there rather than on my computer.


If you have any other tips and tricks I’d appreciate hearing about them.

All of the above should work with e-readers other than Kindle. In the case of Instapaper and Kindlefeeder, you may need to upload a file manually to your reader instead of having it automatically sent there.