Generally most containers are by default set not to start automatically.
Ther eare 3 settings for the "RestartPolicy" of containers:
No: Do not automatically restart the container (default).
Always: Always restart the container regardless of the exit status.
Unless-stopped: Always restart the container unless it is explicitly stopped.
On-failure:........
Although it is well-known that pptp is not secure and is subject to many forms of attacks, the reality is that a lot of legacy and embedded devices use pptp. I argue that if it is being used for routing or remote access or over an already secure connection (eg. another VPN like ikev2) then this is still acceptable. Or in a LANor in a public environment where no private data is exchanged. However, if the nature of the data is extremely sensitive, you should do whatever........
If you just have 1 disk per node/testing/POC then you can reduce the overall disk usage during install as below:
1.) Click on "Options" on the HDD that you want to install to.
2.) Under "hdsize" Set the Maximum Size smaller than the disk size.
In this example the disk is 60G and I set max size as 20G. This then........
This is mainly for if you've done something silly like trying to clone a Live, running VM image. In this example, the VM initially finds grub and tries to boot but is kicked straight into initramfs rescue mode/busybox right after this.
If you've done this "silly" thing, you could have dataloss but a lot of times just using fsck will fix it as you are guaranteed at best to have some corruption and inconsistencies in the filesystem. My theory is that some files wer........
Assign way more replicas than you have of memory on all nodes and watch the Swarm crash which can easily reproduce in a small VMfor testing.
root@Deb11Docker01:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAM........
The error below can be caused by a gateway that is unpingable:
docker swarm join --token SWMTKN-1-1kogg8da68gtb1j7ezaddowyy9s0an5s9tue758o20k18liskw-5h3f61hrrmv3u6agshvbtcklf 172.16.1.80:2377
Error response from daemon: manager stopped: can't initialize raft node: rpc error: code = Unknown desc = could not connect to prospective new cluster member using its advertised address: rpc error: code = DeadlineExceeded desc = context deadline exceeded........
Even today we see a lot of servers that have different services and ports open for rpc and this creates not only potential inward vulnerabilities but perhaps more common, the abuse of your network resources in reflective rpc queries.
To stop this problem, you should disable and remove all services relating to rpc or at least block all relevant ports for the service.
Surprisingly, there are still some providers and OS installs in Linux that install these services and leave them........
Have you ever tried mounting a partition that you exists but you get this error?
mount: /mnt: can't read superblock on /dev/sda1.
The superblock in this example was bad because the physical disk had corruption and bad blocks/sectors. However, the data was generally accessible and you can always try this trick below (with caution and no warranty).
This is specifically for filesystems that place superblocks in multiple locations, which........
A lot of companies are unsure which solution to choose and many may not be aware of Docker Swarm as an alternative to Kubernetes. One thing that many Sysadmins find is that Docker Swarm is simply easier, quicker to setup and maintain by far than Kubernetes.........
Proxmox's documentation shows the following here.
Which mainly just says change /etc/hosts and /etc/hostname with your new hostname.
Here's what happens if you only do that:
If you just do the above, you will find you have an inaccessible original hostname that contains those VMs and you cannot........
If you have swarm services and dockerd is creating a high load even with the containers just being idle, the easiest solution is to upgrade to a newer docker version.
For example an identical config of 3 nodes, with Redis 5 with 30 replicas produces a load of about 1.45 in Debian 10 with Docker18.09.1
If I create the same setup on Debian 11, with Docker 20.10.5+dfsg1 then the CPU usage is low.
One other difference I wondered is the kernel. In my test setup........
In this example we install debian 10 with --variant=minbase which gives us a minimal/tiny install. Don't use variant if you want the full size install.
mkdir /tmp/deb10files
debootstrap --variant=minbase buster /tmp/deb10files/
Did you get an error?
debootstrap --variant=minbase buster /home/theuser/VMs/deb10files/
You'll get this error if you make a directory in your home........
This can be used on almost anything, since Gluster is a userspace tool, based on FUSE. This means that all Gluster appears as to any application is just a directory.
Applications don't need specific support for Gluster, so long as you can tell the application to use a certain directory for storage.
One application can be for redundant and scaled storage, including for within Docker and Kubernetes, LXC, Proxmox, OpenStack, etc or just your image/web/video files or even da........
How To Install Ceph
If you stopped an install of Ceph midway you will need to manually restart it with "pveceph install"
Remember that your VM needs to have working internet (gateway) and DNS in order to connect to the apt repo to download all of the packages that Ceph requires.
Remember to repeat these steps for each node that you want Ceph on.
........
There are many reasons why Proxmox services may not start, but one common one, is if you have changed your /etc/hostname or /etc/hosts and don't have a valid FQDN (eg. proxmox01 instead proxmox01.com).
Failed to start The Proxmox VE cluster filesystem.
Failed to start Proxmox VE firewall.
Failed to start PVE Status Daemon.
Failed to start Proxmox VE scheduler.
Failed to start PVE Cluster HA Resource Manager Daemon.
Failed to star........
Kubernetes Easy Beginners Tutorial/Architecture Guide
Kubernetes is known as container orchestration and we should start at explaining the container part of it.
A Container is what runs the actual application and based on an Image, and are more comparable to something like an LXC Container, Virtuozzo/OpenVZ using the Linux Kernel Namespaces feature. Containers run these images as independent, isolated operating environments under the O........
Enable "cli" mode equivalent in JunOS
cli
Configure Mode
configure
So rather than going to the console on a Cisco switch and typing "enable" and then "conf t", the equivalent in JunOS is "cli" and "configure".
How Do You Apply Changes You've Made?
You can make all kinds of changes to the switch, but remember they are not........
-?????????? ? ? ? ? ? shadow
----------. 1 root root 748 Jul 10 04:35 shadow-
cat: shadow: Input/output error
If you see this you are probably in big trouble, it could be a physical error or if it's a VM image that it is corrupted due to a physical error on the underlying disk/array/NAS or it could a........
Occasionally my whole screen locks up and I cannot even swith to the console and I find this in my syslog:
*-display
description: VGA compatible controller
product: Mullins [Radeon R3 Graphics]
vendor: Advanced Micro Devices, Inc. [AMD/ATI]
 ........
This is all controlled by /etc/issue
You can basically enter anything in there that you like, but there are preset variables that are mentioned at the end of the page that discuss this.
Some examples of /etc/issue:
Centos 7:
S
Kernel r on an m
Ubuntu 16.04:
Ubuntu 16.04.6 LTS n l
You can also insert any of t........
The strange thing is that usually the first install or two will work on any new machine but then it suddenly won't. I had this experience on QEMU 2.13 on a different machine. There is something finicky or buggy about the CUCM installer even when choosing the same virtual hardware specs.
qemu-kvm command:
/usr/libexec/qemu-kvm -version
QEMU PC emulator version 0.12.1 (qemu-kvm-0.12.1.2-2.506.el6_10.1), Copyright (c) 2003-2008 Fabrice Bellard
........
Idid a systemctl restart networking and it broke Proxmox VM connectivity!
#proxmox is the problem after restarting the network the tap devices go to disabled state
[2230884.919905] vmbr0: port 7(tap118i0) entered disabled state
[2230884.948864] vmbr0: port 8(tap122i0) entered disabled state
[2230884.972748] vmbr0: port 6(tap119i0) entered disabled state
[2230885.004745] vmbr0: port 5(tap117i0) entered disabled state
[2230885.03673........
Do you hate how Centos 7 defaults to allocating most of your valuable space to /home even though it is a production server?
Here is a quick guide on how to take back that space live, while online (of course make sure you have backups just in case something goes wrong!):
First we will reduce our home dir by 100G:
lvreduce -L -100G /dev/mapper/centos-home
WARNING: Reducing active and open logical volume to ........
In a RAID array I had a have periodically lost a drive here and there over the past several months. Iwas always able to readd and resync without losing data. However at some point it looks like some minor corruption happened and this makes DRBD unhappy.
Using fsck did not help either.
Dec 19 06:01:45 storageboxtest4 kernel: [19005.945890] EXT3-fs error (device drbd0): ext3_get_inode_loc: unable to read inode block - inode=22184379........
Cisco's CUCM (Cisco Unified Communication Manager) is a system that combines voice, video, data and mobile products into a single unified management suite. At its core, the CUCMis like a "Super PBX" that controls the flow of all communications through an organization even single or multiple site deployments.
Cisco's CUCMmakes communication more effective and simple through centralized management and unification of communications resources.........
systemd is like the service manager for your Centos and other modern Linux distributions (including Debian/Mint/Ubuntu) allows you to enable services, stop them, restart them, check their status and even reboot your system.
The key commands or arguments you will use with systemctl are the following:
Unit Commands:
list-units [PATTERN...] List loaded units
&nbs........
sudo apt-get install hwloc-nox
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
hwloc-nox
0 upgraded, 1 newly installed, 0 to remove and 530 not upgraded.
Need to get 151 kB of archives.
After this operation, 453 kB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubunt........
yes it does create its own json
============================================
cat /tmp/vcsaUiInstaller/ovftool-20180809-175238948-20180809-175603497.log |grep -i json
2018-08-09T17:56:04.238-07:00 verbose OVFTool[30966] [Originator@6876 sub=Default] Manifest file entry: SHA1(VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10-file1.json) = 1deb658c724767697587d5909c4051c01813e6a1
--> ........
INFO [07-19|12:11:51] Imported new block receipts count=590 elapsed=8.440s bytes=74117699 number=4870906 hash=6bc60b…934753 ignored=0
INFO [07-19|12:11:57] Imported new state entries count=499 elapsed=9.963ms processed=71076 pending=1526 retry=2&nbs........
https://yarnpkg.com/lang/en/docs/install/#centos-stable
curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo
If you need node.js:
curl --silent --location https://rpm.nodesource.com/setup_6.x | bash - yum install nodejs yarn........
Ialready have the caja-image-converter option installed but it shows nothing.
Weirdly enough if you install nemo and nautilus converter it does show and work inside caja:
The solution is to install *-image-converter
sudo apt-get install *-image-converter
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'n........
I've never seen this before in all of my years. Ihave some very old CDs and DVDs 12-15 years old that seem not to work in this BD-R/DVD-R/CD-R Asus drive.
The discs are fine actually and ironically they even work fine on a normal LG USB based BD-R drive!
Here are the errors in Linux:
[2914936.884924] attempt to access beyond end of device
[2914936.884927] loop1: rw=0, want=730424, limit=688384
[2914954.556873] attempt to........
Iam not sure why this is happening neither the hostnode or VM changed. All I did was reboot the hostnode and startup the Centos VM again, also note it happened with the original kernel on the VM and also the latest 6.9 kernel as of this writing as shown below.
Host Node: Centos 6.9
Kernel:2.6.32-696.6.3.el6.x86_64
Kernel: 2.6.32-042stab123.9
Same result in any kernel above........
user@box:~$ sudo tune2fs -l /dev/md99
[sudo] password for user:
tune2fs 1.42.9 (4-Feb-2014)
Filesystem volume name:
Last mounted on: /mnt/md50
Filesystem UUID: 976a8655-2619-4587-878c-dab07f7b7652
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Fi........
This is a 8TB Seagate external USB 3.0 device apparently newer kernels use a module called "UAS" instead of "USB Storage" which causes issues as a lot of devices are not properly supported in UAS mode by the kernel driver. The solution some say is to disable UAS specifically for your USB device but I'd rather just disable UAS altogether.
Solution blacklist UAS: *do not do this it does not work and just causes your USB 3.0........
Does this mean? [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
Basically it means you created your SSL Certificate as a CA the wrong way, usually with this command:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
How can you fix it and do it properly?
Step 1.) Make a new Private KeyCreate server pass key:........
This was a surprising bug but I unplugged all drives for an array md127. At first it was just 1 drive and mdadm seemed to notice this. I unplugged the second drive taking the array offline but mdadm did not realize it was offline and still showed a non-existent disk as being part of it. This created problems trying to unmount it or even to stop this array with mdadm freezing.
As for how to fix it I can only think of making sure you are not in a mounted path of........
Uh oh
[17925926.174277] block drbd0: Handshake successful: Agreed network protocol version 96
[17925926.174325] block drbd0: conn( WFConnection -> WFReportParams )
[17925926.174342] block drbd0: Starting asender thread (from drbd0_receiver [1682])
[17925926.174432] block drbd0: data-integrity-alg:
[17925926.174581] block drbd0: drbd_sync_handshake:
[17925926.174586] block drbd0: self 2AAE66AF9252D6DB:2815BF........
It is already known this is not possible
mdadm --create /dev/md3 --level 10 --layout=f2 --raid-devices=2 /dev/sdc1 /dev/sdd1
mdadm: /dev/sdc1 appears to be part of a raid array:
level=raid10 devices=2 ctime=Sat Dec 24 18:44:29 2016
mdadm: /dev/sdd1 appears to be part of a raid array:
level=raid10 devices=2 ctime=Sat Dec 24 18:44:29 2016
Continue creating ar........
forcedeth 0000:00:08.0: irq 25 for MSI/MSI-X
forcedeth 0000:00:08.0: eth0: MSI enabled
forcedeth 0000:00:08.0: eth0: no link during initialization
ADDRCONF(NETDEV_UP): eth0: link is not ready
forcedeth 0000:00:08.0: eth0: link up
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Dec 1 18:21:32 box15 kernel: forcedeth: Reverse Engineered nForce ethernet driver. Version 0.64.
Dec 1 18:21:32 box15 kernel........
migrating from an old OpenVZ (Centos 5) to new OpenVZ (Centos 6)
Also if migrating from 32-bit HN to 64-bit your RAM will probably be much bigger than it should be!
16x bigger
eg. 32bit HN:
total used free shared buffers cached
Mem:&nb........
Syncing private
Live migrating container...
Syncing 2nd level quota
11000: invalid option -- F
Usage: vzdqload quotaid [-c file] commands
Loads user/group qouta information from stdin into quota file.
-c file use given quota file
Commands specify what user/group information to load:
-G grace time
-U disk limits........
I do not understand why heartbeat would try to communicate with another system not considered part of the node:
heartbeat: [8280]: WARN: string2msg_ll: node [otherbox.com] failed authentication
........
This happened while an mdadm array was syncing, all access from writing a new blank file to opening a small .txt file was very slow:
[222117.312078] kjournald starting. Commit interval 5 seconds
[222117.685060] EXT3-fs (md0): using internal journal
[222117.685096] EXT3-fs (md0): mounted filesystem with ordered data mode
[222122.376847] kjournald starting. Commit interval 5 seconds
[222122.602825] EXT3-fs (md2): using internal jour........
vzctl set 2 --devnodes fuse:rw --save
Where "2" is the ctid........
Here is the scenario you or a client have a remote machine that was installed as a standard/default minimal Centos 6.x machine on a single disk with LVM for whatever reason. Often many people do not know how to install it to a RAID array so it is common to have this problem and why reinstall if you don't need to? In some cases on a remote system you can't easily reinstall without physical or KVM access.
So in this case you add a second physical or disk or already ha........
vzctl set $CTID --devnodes net/tun:rw --capability net_admin:on --save........
Use netstat with the -anpe option. The e option shows the inodes and I do not know if it will always work or if it was by fluke but I was dealing with dozens of SSHsessions and needed to know which session was related to which forward (the PIDs of the SSHand SSHD did not match etc...)
Notice the "59560675" and "59560762" those are almost identical, if you find two sets that are nearly identical except for the last 3 digits they may match (in my ca........
Message from syslogd@server at Sep 14 11:35:59 ...
kernel:[Hardware Error]: MC4 Error (node 1): DRAM ECC error detected on the NB.
Message from syslogd@server at Sep 14 11:35:59 ...
kernel:[Hardware Error]: Error Status: Corrected error, no action required.
Message from syslogd@server at Sep 14 11:35:59 ...
kernel:[Hardware Error]: CPU:6 (10:8:0) MC4_STATUS[Over|CE|MiscV|-|AddrV|CECC]: 0xdc00400021080813........
If a service is not working and resetting it to defaults is not working and you get bizarre error messages it is probably a broken update and possibly duplicate package.
Take in this case "exim" not working even after resetting to defaults.
Check for duplicates:
rpm -aq|grep exim
........
It is a permissions issue that is hard to fix.
All but one USB device is greyed out.
I am already a member of "vboxusers"
I have already enabled and disabled USB support for the guest.
I have already reinstalled the latest VBOx guest editions
If running as root it all works fine
Changing........
iptables -t nat -A PREROUTING -p tcp -m tcp -d 192.168.2.1/32 --dport 3389 -j DNAT --to-destination 192.168.5.2:3389
iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
The above is often because you don't have the correct modules loaded on the hostnode or enabled for the container but in some cases it's actually a weird openvz setting.
Che........
2014-08-12T19:05:55-0400 vzctl : CT 391801 : Unable to start init, probably incorrect template
2014-08-12T19:05:55-0400 vzctl : CT 391801 : Container start failed
This was caused by trying to run a 64-bit template on a 32-bit kernel hostnode which is obviously impossible.
The solution is to use a 32-bit template or upgrade the hostnode to 64-bit.........
Apr 17 11:55:47 Cluster01 heartbeat: [1426]: WARN: ha_msg_add_nv_depth: line doesn't contain '='
Apr 17 11:55:47 Cluster01 heartbeat: [1426]: info: >>>
Apr 17 11:55:47 Cluster01 heartbeat: [1426]: ERROR: NV failure (msgfromsteam): [>>>
]
I have never been able to reproduce the above but it happened on heartbeat-3.04-2 when Itook a node down for testing.
One thing Ibelieve caused it was by configuring ha.cf........
On primary node
drbdadm connect all
On secondary node
drbdadm -- --discard-my-data connect all
........
This server has been running for weeks without issue, it's currently only using 1 of 2 CPUs as it is running in the office as a test bed (mainly due to the handle 12 bay storage/great for testing HDDs). The errors below seem to mainly be from AMD CPUs, it's only happened a single time and in the days since Igot that error it hasn't occurrred.
Interestingly enough /proc/cpuinfo still shows all 4 cores of the CPU (Opteron 2373 Quadcore HE) and the functionality doesn't seem........
Linux box13. 2.6.32-042stab076.5 #1 SMP Mon Mar 18 20:41:34 MSK 2013 x86_64 x86_64 x86_64 GNU/Linux
even setting privvmpages to a specific setting DOES not affect "free -m" in containers.
This is probably a kernel issue
23:36:29 up 159 days, 7:12, 4 users, load average: 0.42, 0.44, 0.33
[root@box13 ~]# free -m
total&n........
Sep 26 16:56:21 box kernel: 00 00 00 00 00 00 00 00
Sep 26 16:56:21 box kernel: [37007.155690] d_alias libdl-2.12.so d_count=9 d_flags=8
Sep 26 16:56:21 box kernel: [37007.155697] 09 00 00 00 08 00 00 00 9f 05 9f 05 00 00 00 00 c0 71 1d 18 04 88 ff ff 00 00 00 00 00 00 00 00 a0 7e 48 00 00 c9 ff ff 78 a9 21 18 04 88 ff ff 3a 7b fa 4e 0d 00 00 00 98 5c 2d 18 04 88 ff ff 18 5c 2d 18 04 88 ff ff 18 5c 2d 18 04 88 ff ff 00 01 10 00 00 00 ad de 00 02 20 00 00 00 ad de f8........
mkdir: cannot create directory 'test': Disk quota exceeded
You are out of inodes usually:
df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/simfs 200000 200000 0 100% /
none ........
Jun 12 10:30:53 kernel: [724514.291670] EXT4-fs error (device md20): ext4_add_entry: bad entry in directory #2552670: rec_len % 4 != 0 - offset=216, inode=2553603, rec_len=94, name_len=84
Jun 12 10:30:53 kernel: [724514.292400] EXT4-fs error (device md20): ext4_add_entry: bad entry in directory #2552670: rec_len % 4 != 0 - offset=216, inode=2553603, rec_len=94, name_len=84
This happened when an unprivileged user was backing up a Windows filesystem, once they ha........
I have iptable_filter loaded on the hostnode so I don't understand this issue.........
The best way I could figure out is to use another guest of some sort to do this, while assigning the disk that needs to be resized to the same guest.
So say we have /dev/xvda as the guests drive and we've booted it up.
We also have /dev/xvdb (this is going to be the image/disk to be resized).
In this case it's based on an ext3/4 image.
Run e2fsck on it to ensure there are no filesystem errors.
e2fsck /dev/xvdb........
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
This solution applies to all other iptables modules/problems for OpenVZ, you'll just need to add them to both lists/lines below if you have modules other than what I have below.
The modules need to be enabled in both iptables and the OpenVZ hostnode itself and then the containers which need it must be restarted.
How To Enable IPTables Modules in OpenVZ........
It's really silly how DA doesn't enable SSL by default but is otherwise a stable, fast and secure control panel.
Here's a copy and paste way of enabling SSL for Directadmin in just a few seconds:
*setup SSL
openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes
That creates the public certificate and private key pair in the location Directadmin expects to fi........
fdisk -lu VPS.img
last_lba(): I don't know how to handle files with mode 81ed
You must set cylinders.
You can do this from the extra functions menu.
Disk VPS.img: 0 MB, 0 bytes
255 heads, 63 sectors/track, 0 cylinders, total 0 sectors
Units = sectors of 1 * 512 = 512 bytes
Device Boot Start End ........
This is one in a series of weird things whichIthought was motherboard related (I RMA'd the motherboard), the RAM tests fine with memtest86 and I used badblocks on both RAID 1 members with no errors and smartctl is happy with them.
Basically the array crashes the kernel a lot and has issues when writing.
[112322.723465] md0: rw=0, want=14958668696, limit=1887460480
[112322.731077] attempt to access beyond end of device
[112322.731087] md........
These were caused by a bad stick of Corsair RAM
[] free_hot_cold_page+0xfc/0x150
[] __pagevec_free+0x14/0x1a
[] release_pages+0x127/0x12f
[] __pagevec_release+0x15/0x1d
[] __invalid_mapping_pages+0x120/0x156
[........
This may not apply to everyone but here is what happened to me.
One day my IP connectivity for one container went dead, I could ping the hostnode from it and the hostnode could ping it but there was no external routing. I restarted the network service but it didn't help.
I checked the routing table inside the VPS and the host and everything looked normal. Iadded another different IPon the same subnet to the container and it worked. Right away I st........
Starting online migration of CT 25000 to 192.168.5.1
Preparing remote node
Initializing remote quota
Syncing private
Live migrating container...
Error: Failed to suspend container
CPT ERR: f68cf000,25000 :foreign process 15755/14731(vzctl) inside CT (e.g. vzctl enter or vzctl exec).
CPT ERR: f68cf000,25000 :suspend is impossible now.
CPT ERR: f68cf000,25000 :foreign process 15755/14731(vzctl) inside CT (e.g. vzctl enter or........
I like dd, although it only reads it, usually a read test of the entire disk will uncover if your hard drive is bad in some parts. This is a good thing to do at least once a month, a lot of times bizarre program behavior, laginess and crashing/unnmounting problems etc.. are due to a failing disc and SMART won't know it or indicate a problem:
We must also remember there's never a guarantee, I've found that ever since we moved to larger and more platters per drive with 1TB drives........
I don't expect this to be solved soon but some of Yahoo's DNS servers are out of whack. I changed the IPs of some nameservers of some domains and now most Yahoo users can't e-mail to those domains!
As you can see below by the "No MX or A records for mychangedomain.com", now Yahoo's DNS/mailserver DNS cache is wrong. You would think they would at least have cached the old incorrect records, but instead for some reason their DNS cache has no entry and doesn't seem........
high IO wait
424 root 39 19 1900 848 552 D 0.0 0.0 0:00.91 updatedb
root 424 0.0 0.0 1900 848 ? DN Mar11 0:00 /usr/bin/updatedb -f sysfs?rootfs?bdev?proc?cpuset?binfmt_misc?debugfs?sockfs?usbfs?pipefs?anon_inodefs?futexfs?tmpfs?inotifyfs?eventp........
yum -y install openssl* gcc-c++ gcc flex g++ make;wget http://www.directadmin.com/setup.sh;chmod +x ./setup.sh;./setup.sh
#enable SSL
/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem
sed -i "s/SSL=0/SSL=1/g" /usr/local/dire........
Make sure the module "tun" is loaded on the host.
vzctl set 2000 --devnodes net/tun:rw --save
*Note what's below is what OpenVZ says you need (but I've never had to do it)
vzctl exec 2000 mkdir -p /dev/net
vzctl exec 2000 mknod /dev/net/tun c 10 200
vzctl exec 2000 chmod 600 /dev/net/tun
On the container test the device:
when Something is wrong:........
Dovecot enable SSL (by default it uses an old expired cert if you choose pop3s and imaps as protocols)
===================
Create Cert & Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl
Edit /etc/dovecot.conf
ssl_cert_file = /etc/mailssl/server.crt
s........
Create Cert & Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
mkdir /etc/mailssl
chmod 700 /etc/mailssl
cp server.* /etc/mailssl
Postfix SSL config
Edit /etc/postfix/main.cf:
#SSL stuff
smtpd_tls_cert_file = /etc/mailssl/server.crt
smtpd_tls_key_file = /etc/mailssl/server.key
To make smtps w........
I think this will be useful to others because I have a server that kept crashing mysteriously during intense disk usage/RAID checks. It would only crash during the weekly RAID integrity check.
ThenI noticed during a reboot that not all CPUs were being brought up, as a result this actually creates much higher temperatures with the output I got from sensors, just booting the system produced higher than normal temperatures.
You can imagine that a full blown RAID check........
Openvz problem, it is confusing because it's an inode issue and there is enough free space.
cp: cannot create regular file `forums/memberlist.php': Disk quota exceeded
/dev/simfs 60G 20G 41G 33% /
none 2.0G 4.0K 2.0G 1% /dev........
Jan 16 04:02:03 centosbox syslogd 1.4.1: restart.
Jan 16 04:07:34 centosbox kernel: INFO: task updatedb:20771 blocked for more than 300 seconds.
Jan 16 04:07:34 centosbox kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Jan 16 04:07:34 centosbox kernel: updatedb D F78BE050 6476 20771 20766&n........
CPU/Kernel/MB/RAID problem?
Jan 5 12:45:05 testbox kernel: [653298.890004] BUG: soft lockup - CPU#0 stuck for 61s! [hal-acl-tool:4168]
Jan 5 12:45:05 testbox kernel: [653298.890005] Modules linked in: vmnet vmci vmmon binfmt_misc drbd video output input_polldev ocfs2_stackglue ocfs2_dlmfs ocfs2_dlm ocfs2_nodemanager configfs k8temp hwmon_vid lp snd_hda_intel snd_pcm_oss snd_mixer_oss snd_pcm snd_seq_dummy snd_seq_oss snd_seq_midi snd_rawmidi........
I've only used it on Centos, soI thought I'd make a quick Debian guide:
Install the DRBD Package
apt-get install drbd8-utils
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libswfdec-0.8-0
Use 'apt-get autoremove' to remove them.
The following........
The Xen VPSI had was not working properly and when they asked for the login information I found the support was coming directly from India:
whois 122.178.148.*
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-5]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 122.178.128.0 - 122.178.191.255
netname:&........
Nov 29 20:17:58 ubuntu kernel: [ 1157.180789] md: md1 stopped.
Nov 29 20:17:58 ubuntu kernel: [ 1157.180829] md0: unknown partition table
filesystem not responding/reading properly with du or rsync (this needed an fsck).
[ 2571.489217] EXT3-fs error (device md2): ext3_lookup: deleted inode referenced: 35923106
[ 2571.942299] EXT3-fs error (device md2): ext3_lookup: deleted inode referenced: 35923110
[ 2571.9568........
Initializing quota ...
Error: Not enough parameters, diskinodes quota not set
vzctl set $veid --diskinodes 90000:91000 --save
New versions of OpenVZ seem to have some strange diskinodes parameter which is required.........
This has stumped me a few times because I keep forgetting that Centos 5.5 comes with a default iptables configuration that ends up blocking DRBD traffic,I tried all the normal things and couldn't understand why I couldn't make my normal DRBD config work. So if you have WFConnection problems and have tried the normal "mailing list" fixes, check your firewall status first!
Both Nodes Say the Following:
version: 8.3.8 (api:88/prot........
Adding IP address(es): 192.168.5.8 192.168.5.9
Setting CPU units: 1000
Error: undump failed: Invalid argument
Restoring failed:
Error: iptables-restore exited with 2
Error: Most probably some iptables modules are not loaded
Error: rst_restore_net: -22
Container start failed
Stopping container ...
Container was stopped
Container is unmounted
Error: Failed to undump VE
Resuming...
vzquota : (erro........
I shared a directory on my hostnode/local system (running Ubuntu 10.04) with my Guest system running Windows XP. I have no idea why it's not mentioned or documented in an obvious way, but in the Windows client you just access it with "\Vboxsvr"
Once you access that share you'll have access to all of the VBOX shares on your local host. I think it should indicate it somewhere when you enable the sharing. Yes, I'm sure it's buried so........
This error is annoying, in a Virtuozzo KB entry about this ip tables nat problem they say the kernel needs to be ugpraded:
Symptoms
The node runs 2.6.18-x kernel older than 2.6.18-028stab053.10.
NAT module does not work in container, you get "can't initialize iptables table 'nat'" error:
# iptables -t nat........
This is a great way to use your ftp server space, for example on your web hosting account (althoughI believe many hosts don't allow storage like this), but if you have a VPS/Dedicated Server etc.., this would be perfect. Imagine how easy it is to work with an ftp account that you can just mount as a normal partition or directory in Linux, it would be great for backups etc..
Name
curlftpfs - mount a ftp host as a local directory
Synopsis........
The default options for iptables are very basic. Here is what you need to do in order to enable them in OpenVZ.
1.) Add the modules to iptables and restart iptables:
vi /etc/sysconfig/iptables-config
Edit the line as so:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
2.........
This was unbelievable how much the Xen kernel slows things down, keep in mind both tests were done on the hostnode, one was with the Openvz-Xen hybrid kernel and the other was just OpenVZ. You can see the performance difference is nearly 300% better when not using the Xen kernel.
OpenVZ-Xen Kernel Test Results (I was wondering what was wrong/so slow with my Core i5!)
# # # # # #&n........
Starting online migration of CT 300 to 192.168.5.45
Error: vzcpt module is not loaded on the source node
Error: Can't continue online migration
Error: vzcpt module is not loaded on the source node
Error: Can't continue online migration
This is a very easy fix, you just load the appropriate modules on the source and target node (althoughI don't know why the vzmigrate tool can't do that for the user on both ends):........
Before we start I take no responsibility for this, you should have a backup and if you make a mistake during this process you could wipe out all of your data. So backup somewhere else before starting this as a precaution, or make sure it's data you could afford to lose.
The RAID 1 Setup (Hardware Wise)
I've already setup my 2 x 1TB (Seagate) drives with identical partitions, make sure your new hard drive (the empty one) is setup like your curr........
I have no idea why but mkfs.ext3 defaults to a patheticlly small blocksize of 1024 bytes/1KB (kilobyte). That means the maximum filesize is ONLY 16GB! With 2KB/2048 bytes you get a 256 GB maximum filesize, and with 4KB/4096 bytes you get 2TB!
I finally noticed/paid attention to this after realizing that with rsync and scp that no file larger than 17GB could be transferred. I then realized it must be a file size limit on the partition.
Here is what tune2fs tol........
It's basically free bash shell script available from: http://wpkg.org/email2fax/index.php/Main_Page
Make sure you have the required tools:
libtiff
ghostscript
mpack/munpack
Where you can e-mail your Asterisk box and it will fax it to the phone number in the subject line. The good news ends there, it is fairly undocumented and buggy.
Take for example how the documentation mentions you can invoke from the com........
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge........
Proxmox has made this free utility to backup running OpenVZ containers. It's a great program which is actually just a PERL script but gets the job done. This program is not 100% required because all it really does is cp -a from your container's path as far as I know but it is still good to have uniformity to how you backup your containers.
For RPM distros such as Centos/RHEL/Fedora etc.. download and install this:
wget http://www.proxmox.com/cms_proxm........
heartbeat is stopped for some reason
Anyway hnode2 was active and the services are running fine but I see heartbeat has been stopped somehow.
Here is the last log I see of heartbeat:
[quote:23c84415f5]
Sep 9 17:15:32 hnode2 heartbeat: [16738]: info: MSG stats: 9/1762471 ms age 0 [pid16738/MST_CONTROL]
Sep 9 17:15:32 hnode2 heartbeat: [16738]: info: cl_malloc stats: 716/51784021 152624/74519 [pid16738/MST_CONTROL]
Sep 9 17:15:32........
Shortcut/Easiest Way To Create A Self-Signed Key:
openssl req -new -x509 -nodes -days 1530 -out server.crt -keyout server.key
Using the above, you instantly create a self-signed certificate valid for 1530 days and you can simply skip to step #5.) below.
If You Need a Real SSLCertificate (eg. Equifax/Openssl) then you need to create a CSR request (you'll need to follow Steps 1.) and 2.) in order to create the CSR. You then upload the CSR Certi........
I didn't find any useful information that actually fixed this. My VPS was in the "Running State" and I could not stop or restart it. I kept getting "Container already locked" no matter what Idid (I tried all the suggestions in the Google results for this error).
Most of the suggestions were for Windows but I only use Linux. The other solutioins also said to restart the VZ service or even the entire hostnode and this was not acceptable to me........
You can see the problem below, GRUB recognizes my hard drive and sees the partitions but cannot access them. This is from the GRUB boot disc I'm using.
What happened is that I had some power issues causing this system's power to be interrupted several times and basically an on/off on/off situation.
The system won't boot, I just get a flashing cursor and no message or error from GRUB. Obviously the problem is that my MBR seems corrupt or some other issue.
My........
To enable Fuse to work inside a OpenVZ container it's very simple (although some people say it can't be done).
Remember that on your HN(HostNode) for OpenVZ, Fuse must be installed and the module must be loaded for this to work. In addition remember that you need the Fuse package installed inside the container of course.
vzctl set 2000 --devices c:10:229:rw --save
vzctl exec 2000 mknod /dev/fuse c 10 229
The part that most people forget........
When trying to even cd or ls the mounted OCFS2 partition it crashes. Ithink this is a combination of VMWare Server's problem and the way I mounted and symlinked to it.
More than anything this shows the problem and lack of forsight with VMWare, but also that OCFS2 is easily crashed if you do strange things.
Output of /var/log/messages for OCFS2
Apr 10 15:57:45 localhost kernel: [84331.691258] Modules linked in: vmnet vmci vmmon ocfs2_stac........
Server not using user level security and no password supplied.
tree connect failed: NT_STATUS_WRONG_PASSWORD
That happens when trying to use smbclient to connect to a share. The weird thing is that I can authnenticate just fine from Windows XP.
It is partially my mistake, I forgot this share does have a password. I've tried authenticating with the correct user and also with "Guest" because this works in Windows. In Linux I ........
There's a lot of information and guides on OCFS2 for RHELand Centos Linux but the package setup and configuration is slightly different and this has thrown some people off.
Installing OC2FS
You should install the following packages to get started:
apt-get install ocfs2-tools ocfs2console
Configure OC2FS
In RHEL/Centos the main configuration file is located in /etc/sysconfig/o2cb
However in Debian based Linux it is located........