Docker is becoming the “today standard” of lxs linux containers.
I think I will avoid learning Kubernetes to handle dockerized hosts, and I will study Docker Engine, Docker Swarm and Docker Machine and its REST APIs instead.
I started from here: https://docs.docker.com/machine/overview/
If you need to resize a iSCSI volume you need to:
I’ll skip the resize procedure on the target, because it depends on how it’s made (lvresize, dd, etc).
The procedure to rescan the volume on the initiator (open-iscsi) is very simple and can be accomplished online.
iscsiadm -m node -R
Then, you can grow the filesystem, if any (xfs_grofs, resize_reiserfs, resize2fs, depending on your fs type).
If you need to check which SSL/TLS protocol version is implemented by your webserver, you can issue the following command:
dino@dam2knb:~$ echo | openssl s_client -connect 10.38.46.137:8443 2>&1 | grep Protocol
Protocol : TLSv1.2
On one of the servers of one of my clients, a Solaris 5.8 sparc host, apache did not want to start.
It wrote the following error message on the error_log file:
cojo1@myserver $ cat error_log
[Wed Sep 30 12:24:11 2015] [error] (13)Permission denied: Cannot create SSLMutex
The problem, in my case, was about the permissions on /tmp.
Since these machines can be accessed by hundred people, someone thought well to change /tmp permissions to 0775. Everybody knows that if whould be 1777 instead.
The lack of both the sticky bit and write permissions to other did not make apache starting for non root users.
Hope this help someone.
Ciao, Dino.
This is how to get the device mapper name (dm-1, dm-2, etc) associated to each LVM logical volume:
lvdisplay|awk '/LV Name/{n=$3} /Block device/{d=$3; sub(".*:","dm-",d); print d,n;}'
Sometimes you may need to copy data from a block device (or LVM logical volume or snapshot) from one server to another., but you don’t want to dump the image to disk, move to the other server, then import. You may need (or just want) to copy on the fly, transfering data on the net.
To do this, and have ETA on the operation you need the pv executable. The command nc is used to stream data on the network, while pigz is used to compress data (gzip uses just one CPU, while pigz uses all available CPU, and it’s much faster).
On the origin server (server1) you have a block device (lvm logical volume in this case) called /dev/vg0/vm-111-disk-1, while on the destination server (server2) you want to overwrite a LVM logical volume called /dev/vg0/vm-112-disk-1 with data coming from the origin server.
To do this, assuming the device is big 20GB, you may run those commands:
Server side (destination server, server2, ip 192.168.0.2):
nc -l -n -p 2102 -q 2 | pigz -d | pv -pre –size=20G | dd iflag=fullblock bs=512k of=/dev/vg0/vm-112-disk-1
Client side (origin server, server1, 192.168.0.1):
dd if=/dev/vg0/vm-111-disk-1 bs=512k | pv -pre –size=20G | pigz | nc -q 2 192.168.0.2 2102
Data will be read, compressed, transfered on the network on (port TCP 2102 on our case, from 192.168.0.1 to 192.168.0.2), uncompressed on the destination server and restored on disk, and you’ll have ETA and progress indication:
Output server side (destination server, server2):
root@server2 ~ # nc -l -n -p 2102 -q 2 | pigz -d | pv -pre –size=20G | dd iflag=fullblock bs=512k of=/dev/vg0/vm-112-disk-1
[71.2MB/s] [=========================================================================================================================================>] 100%
40960+0 records in
40960+0 records out
21474836480 bytes (21 GB) copied, 296.436 s, 72.4 MB/s
Output client side (origin server, server1):
root@server1 ~ # dd if=/dev/vg0/vm-111-disk-1 bs=512k | pv -pre –size=20G | pigz | nc -q 2 192.168.0.2 2102
[72.2MB/s]
[=========================================================================================================================================>]
100%
40960+0 records
40960+0 records out
21474836480 bytes (21 GB) copied, 283.531 s, 75.7 MB/s
This is a memo that I can use to remember how to enable WPA2 protected WiFI connections with debian without using NetworkManager.
All that you have to do is:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=0
country=IT
ap_scan=2network={
ssid=”My WiFI SSID”
psk=”mysupersecret password”
bssid=””
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=TKIP
}
iface wlan0 inet static
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
address 192.168.100.7
netmask 255.255.255.0
network 192.168.100.0
broadcast 192.168.100.255
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
ifup wlan0
ifdown wlan0
If you want to mirror a remote directory via SSH, you may want to use the wonderful rsync command.
The rsync executable has many options, so, which is the correct option list to make an exact copy of a remote directory, maintaining permissions, ownerships, timestampts, copying only the modified files, and updating only the pieces of modified files?
Let me begin with an example. We want to full mirror the directory /mystuff on server 1.2.3.4 into /mystufflocal. The files deleted on 1.2.3.4 from the previous rsync will be removed locally too, so pay attention! If you don’t want to locally remove deleted files you can remove the “–delete” option.
If you want to compress the stream in transit you can add the “-z” option.
All we have to do is:
rsync -vartuh –inplace –delete –progress –stats -e “ssh -carcfour128”
root@1.2.3.4:/mystuff/ /mystufflocal/
The trailing slashes are important because are used by rsync to understand precisely what should be transferred and where.
If you check your squid forward (transparent or not) proxy log files you may found errors like those:
WARNING: All url_rewriter processes are busy.
WARNING: up to 6 pending requests queued
This is true if you use the directive “url_rewrite_program”, for example with SquidGuard.
In this case, squid tells you that it cannot spawn more helper processes to externally scan your requests in parallel, so it’s queuing your requests.
This is not a great problem, but you may be annoyed to see this stuff in your log files, or there are cases in which the default may be too low!
You may raise this limit with the parameter called url_rewrite_children.
To solve, add something like this to your squid.conf configuration file, and restart squid:
url_rewrite_children 32
Ciao, Dino.