Posts from 2015-06

bash: check MTU
posted on 2015-06-29 17:30:20

To check which MTU works, here's a one-liner. Will have colored output

for (( i=1520; i>1400; i=i-2 )); do if ping -c 1 -M do -s "$i" 8.8.8.8 &>/dev/null; then echo $'\e[32m'; else echo $'\e[31m'; fi; echo "$i ($(( $i + 28 )))"; done

Or easier to read:

for (( i=1520; i>1400; i=i-2 ))
do
    if ping -c 1 -M do -s "$i" 8.8.8.8 &>/dev/null
        then echo $'\e[32m'
        else echo $'\e[31m'
    fi
    echo "$i ($(( $i + 28 )))"
done
systemd: custom init script from scratch.
posted on 2015-06-29 09:35:19

This suffices to start a custom script as a system service in the background as a non-root-user:

[Unit]
Description=My service. Change This! :)
After=syslog.target network.target

[Service]
Type=simple
User=etherpad
ExecStart=<path to my application or shellscript, change me :)>

[Install]
WantedBy=multi-user.target

This is located at /etc/systemd/system/my-custom.service

Then system restart my-custom will work. Which is actually way easier than in the past. Also it happened to work better, out of the box. \ o /

ACPI power states list
posted on 2015-06-28 12:11:23

history

During the time of the APM standard (Advanced Power Management), power control was hardware-only: Call an ioctl on /dev/apm, the kernel then made a bios call, hardware took control and set things straight.

To allow OS-directed power management, ACPI (Advanced Configuration and Power Interface) was created.

overview

Now there exist state definitions in the ACPI standard for the

  • global system (G0 - G3)
  • system sleep states (S1 - S4 under G1)
  • device states (D0 - D3 hot / D3 cold)
  • processor states (C0 - C3)
  • performance states (P0 - Pn, in C0 or D0)

Generally the first state (ID 0) always defines a running/working mode without power savings or other power impediments.

g-states and s-states

G0 working
    S0 everything powered on like G0 - just monitor is turned off

G1 sleeping
    S1 power on suspend (POS) - CPU not doing instructions, CPU caches cleared, CPU and ram fully powered, some devices turned off
    S2 CPU off - CPU caches are flushed to RAM, CPU powerless
    S3 standby / suspend to ram (STR) - only RAM remains powered on
    S4 hibernate / suspend to disk - RAM saved to HDD/SSD, and all power is turned off.

G2 (S5) soft off - a little power to the motherboard, so the powerbutton or wake-on-lan etc. will work

G3 mechanical off - powered off via powerswitch of PSU (power supply unit), so the power cord can be removed safely

d-states

D0 fully on - full power

D1 intermediary state, definition depends on device

D2 intermediary state, definition depends on device

D3 off - unresponsive to the bus it is connected to
    D3 hot - has aux power, can assert power management request to transition to higher power states
    D3 cold - completely powered off

c-states

C0 operating state

C1 halt - no execution is done, but can return to C0 in an instant via signals

C2 stop clock - has to be awoken by hardware interrupts, external clocks run

C3 sleep - cache is not maintained coherently, takes longer to wake up, no external clocks run. See next table, too.

From here, a non-exhaustive list of processor power states:

MODE    NAME                   WHAT IT DOES                                                                CPUS

C0      Operating-State        CPU fully turned on                                                         All CPUs
C1      Halt                   Stops CPU main internal clocks via software;                                486DX4 and above
                               bus interface unit and APIC are kept running at full speed.
C1E     Enhanced-Halt          Stops CPU main internal clocks via software and reduces CPU voltage;        All socket LGA775 CPUs
                               bus interface unit and APIC are kept running at full speed.
C1E     —                      Stops all CPU internal clocks.                                              Turion 64, 65-nm Athlon X2 and Phenom CPUs
C2      Stop-Grant             Stops CPU main internal clocks via hardware;                                486DX4 and above
                               bus interface unit and APIC are kept running at full speed.
C2      Stop-Clock             Stops CPU internal and external clocks via hardware                         Only 486DX4, Pentium, Pentium MMX, K5, K6, K6-2, K6-III
C2E     Extended-Stop          Grant Stops CPU main internal clocks via hardware and reduces CPU voltage;  Core 2 Duo and above (Intel only)
                               bus interface unit and APIC are kept running at full speed.
C3      Sleep                  Stops all CPU internal clocks                                               Pentium II, Athlon and above, but not on Core 2 Duo E4000 and E6000
C3      Deep-Sleep             Stops all CPU internal and external clocks                                  Pentium II and above, but not on Core 2 Duo E4000 and E6000; Turion 64
C3      AltVID                 Stops all CPU internal clocks and reduces CPU voltage                       AMD Turion 64
C4      Deeper-Sleep           Reduces CPU voltage                                                         Pentium M and above, but not on Core 2 Duo E4000 and E6000 series; AMD Turion 64
C4E/C5  Enhanced-Deeper-Sleep  Reduces CPU voltage even more and turns off the memory cache                Core Solo, Core Duo and 45-nm mobile Core 2 Duo only
C6      Deep-Power-Down        Reduces the CPU internal voltage to any value, including 0V                 45-nm mobile Core 2 Duo only 

As can be seen here, intel defines up to 10 c-states, but this exceeds the ACPI specification.

The c-states can also be the source of time-sync errors in virtual machines. Since the hypervisor maybe cannot pass through the real-time clock, he may provide an emulated one, which in turn is related to the working cpu and its power states.

Energy consumption = no clock running = time halts

This can be the reason why your virtual machines are out of sync with the hypervisor clock every few days.

Disable the c-states in the BIOS, to make sure this will not happen, if your BIOS allows it.

p-states

Devices and CPU's running in D0 or C0 can have several p-states / performance states.

These are individually for the device / processor defined states in which the hardware can run:

P0 max power and frequency
P1 less than P0
P2 less than P1
...
Pn less than P(n-1)

This is what i.e. intel SpeedStep is about, throttling CPU power and frequency to achieve energy savings.

Virtualization types
posted on 2015-06-27 18:57:55

For a more abstract view, there exist different perspectives on virtualization.

This post intends to give a practical overview on these and the currently available technologies. Keep in mind this is also work in progress and will get additional content in the future, by then this message will be removed.

First perspective: virtualization classes

hardware emulation

A piece of hardware emulates another piece of hardware, such that no distinction seems to exist.

The virtualization software makes sure, all hardware (CPU, chipset, I/O, ...) instructions from the host cpu are translated for the guest. Such that a completely different set of hardware seems to be present.

That way, with a big hit on performance, different architectures than the one being provided by the host system can be made available. I.e. MIPS / ARM / SPARC on x86.

The guest OS runs natively without changes.

Software:

hardware virtualization

CPU emulation will not take place, just chipset and other hardware gets emulated. Some CPU instructions may be altered though, but no hardware emulation takes place, CPU-wise.

This yields way better performance than hardware emulation does, but you usually have to stick with one kind of architecture.

Software:

paravirtualization

No hardware emulation takes place, but the host offers an API for hardware access to the guests.

Different architectures will NOT run.

Guest operating systems may may need the have their kernels patched, such that this API can be used. Xen has different operating modes, depending on the degree of paravirtualization being used.

Software:

  • XEN
  • VMWare vSphere (device drivers are partly paravirtualized, in the past this was also the case with CPU's)
  • KVM (see virtio drivers)

Note: KVM is not just a pure Paravirtualizator, it just also provides paravirtualized drivers along with virtualized ones. Also it also uses qemu under the hood for hardware emulation.

operating-system-level virtualization

No hardware emulation takes place, and the operating system kernel is shared.

Software: (native)

Software: (patched kernel needed, thus only backported changes = bad.)

  • Linux : Parallels Virtuozzo, OpenVZ, VServer

custom kernels or not?

Just leave these technologies needing kernel patches alone, here's why I guess this is the better choice:

The same development will eventually take place, like it happened with KVM vs. Xen. All major linux distributions chose KVM as primary virtualization technique once a solution (read: KVM) was present within the mainline kernel. Xen was dropped. I'd be astonished if this were different with OpenVZ vs. LXC.

LXC just got fresh support in Proxmox, and will likely supersede Virtuozzo in the future. (But that's just an educated guess of mine.)

difference between docker und i.e. LXC

Currently there is a lot of fuss about docker for 'app virtualization'. docker used to use LXC as a backend, but nowadays they develop their own lib/userland tool called libcontainer for managing the OS functions such that their product will run.

Google's lmctfy development ('let me contain that for you'), which has got the same scope as docker, is currently stalled according to the github project readme:

lmctfy is currently stalled as we migrate the core concepts to libcontainer and build a standard container management library that can be used by many projects.

second perspective: virtualization types

type 1: baremetal

Where you have minimal OS, acting as a hypervisor and virtual machine manager, and most interaction flows directly between VM and processor, without passing the HV OS.

type 2

A regular OS like any linux distribution, a Windows variant or Mac OSX is used, and your virtualization software is installed there.

All system calls have to pass the emulated/virtualized hardware which is provided through the host OS. All calls will have to pass through the host OS / the Hypervisor.

process-based

This is simply all the container stuff, where a guest OS is running as another process (-tree) is running within the host OS.

background 1: hardware-supported virtualization features

Hardware virtualization purely through sofware is costly and slow. Processors nowadays usually provide instruction set extensions like VT-x (Intel), VIA TV (VIA) or AMD-V (AMD), depending on the manufacturer.

These implement an access control specifically for virtualization, along to the rings we will talk about in a minute.

With VT-x there basically exist two modes:

  • VMX Root Operation
  • VMX non Root Operation

Hypervisors run in VMX Root Op mode. VM's do not.
If non-root-op stuff is run in ring 0 (see below) by a VM, the Hypervisor can catch this instructions since he runs in root-op-mode, basically implementing trapping.

Prior to this, binary code was passed to the HV from the VM and translated on the fly for security reasons. But with extra instructions, this of course takes place much faster.

To further speed things up, there also exist hardware implemenations for 'Nested Paging' / SLAT (second level address translation). These are called EPT ('Extended Page Tables', Intel) or RVI ('Rapid Virtual Indexing', AMD) and make 'shadow page table' management via the hardware possible. That way usually MMU (memory mapping unit of the cpu) intensive work loads can be sped up.

Also maybe you have to have turned on these CPU virtualization features on in the BIOS, too, if your hypervisor is slow as hell. It can be the case, that the mainboard has these deactivated by default (for whatever a reason).

If you really want to know more theoretical stuff about this, head over here at VMWware. To just have the 'light' version, try VirtualBox' technical background section in its manual here.

background 2: kernel protection rings / privilege levels

These are separations such that processes within a certain ring can just execute a subset of the processor instructions of the processes being present in the lower ring. For going lower, a kind of API is provided, via interrupts, and context switches are necessary for transitions.

Rings can be implemented in purely in software (slow), but nowadays hardware (instructions within the processor, way faster, see above, google 'binary translation') is used for this.

First an overview, which ring permits which level of hardware enforced access in protected mode on an x86 cpu: (There exist some more modes, of course. ;))

  • ring 0: kernel
  • ring 1: device drivers
  • ring 2: device drivers
  • ring 3: applications

Another term for the rings is hierarchical protection domains. They are mechanisms to secure execution of hardware-level instructions in the processor.

I.e. processes running in ring 0 have direct memory access, and do not have to use virtual memory where the RAM access would be limited for security reasons.

According to the virtualbox manual usually only 0 and 3 are used usually. But virtualbox also happens to use ring 1 for security reasons. See the aforementioned manual for more information how this takes place.

When ring protection is coupled to certain processor modes, it is basically the known differentiation between kernel- and userspace.

Depending on the ring the guest operates mostly in, the virtualization classification is also different, and that is why this part here was included into the post initially.

vim: search/replace just within block selection
posted on 2015-06-21 21:40:24

A completely arbitrary and pretty non-worldly example:

, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , , X , X , , , , , ,
, , , , , , , , , X , X , , , , , ,
, , , , , , , , , X , X , , , , , ,
, , , , , , , , , X , X , , , , , ,
, , , , , , , , , X , X , , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,

Shall look like this:

, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , C C C C C , , , , ,
, , , , , , , , C X C X C , , , , ,
, , , , , , , , C X C X C , , , , ,
, , , , , , , , C X C X C , , , , ,
, , , , , , , , C X C X C , , , , ,
, , , , , , , , C X C X C , , , , ,
, , , , , , , , C C C C C , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,
, , , , , , , , , , , , , , , , , ,

Which basically means, how can the text selection be made, and just change the words/characters/regexes with the selection and not the complete line?

The answer is, using :'<,'>s/\%V,/C/g after having block-selected the area in question.

So simply prepend \%V to the search term.

Lots of other things can be done, like just matching before/after a line number, search only within specific columns, ... See here for more info.

Linux: uname
posted on 2015-06-21 21:23:39

To get a proper overview on the hardware architecutre of the system used, uname helps.

[sjas@lynsjas ~]% uname -a
Linux lynsjas 2.6.32-504.16.2.el6.x86_64 #1 SMP Wed Apr 22 06:48:29 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

This is basically: (information type, uname flag to get just this info, example output)

kernel name (-s):               Linux
host name (-n):                 lynsjas
kernel release (-r):            2.6.32-504.16.2.el6.x86_64
kernel version (-v):            #1 SMP Wed Apr 22 06:48:29 UTC 2015
machine architecture (-m):      x86_64
processor architecure (-p):     x86_64
hardware architecture (-i):     x86_64
operating system (-o):          GNU/Linux
Apache: rewrite logging
posted on 2015-06-19 22:35:40

To debug failing redirects and failing rewrite rules, try enabling this log.

After enabling it, tail -f /var/log/apache2/rewrite.log and try the site you want to debug in your browser / via curl.

When you are done, comment the options out again, as they WILL fill your disk up.

apache < 2.4

RewriteEngine On RewriteLogLevel 3 RewriteLog /var/log/apache2/rewrite.log

LogLevel warn

apache == 2.4

RewriteEngine on RewriteLog /var/log/apache2/rewrite.log

LogLevel warn rewrite:trace3

problems?

You might have to do this:

mkdir /var/log/apache2/ && touch /var/log/apache2/rewrite.log
Linux: website migration guide
posted on 2015-06-19 19:53:32

Migrating a website can be a tedious task, if you have problems keeping several things at once inside your head. This aims to solve this problem by presenting some proper guidelines.

Here we have a standard dynamic website with a mysql backend, served through an apache httpd.

For other databases/webservers the steps may differ in particular, but essentially this is the same theory everytime.

Mailmigration will as of now not be a part of this here, since it's gonna be long enough anyway.

Read this completely prior, as alternative ways are suggested sometimes.

preparations

This part is almost the most important, actual copying is usually not that hard if you know what you are doing. It's often harder to remember everything.

Before we start, the server can serve data of three kinds which are handled all the same way.

web data, just copy the website code
database, copy the database dump file
emails, copy the mailfiles

The server is accessed via the globally available...:

dns

Basically these are the things you have to copy/adjust so things will go smooth.

preparations

open questions

Putting most of these questions plus the answers to them into a spreadsheed is not the worst idea. Maybe I will come up with a shell one-liner to create a .csv later.

Also it is helpful if you are able to do FXP (transfer files from one host directly to the other, without temporary saving the data/files locally), if you do not have SSH access.

  • server access via ssh is possible?

  • ssh works via key? or password only?

  • root account? (a lot of this guide assumes root privileges, I might have missed points there are no alternatives)

  • if not, do you have all necessary account credentials for all folders etc.?

  • DO THESE WORK?

  • if no ssh, do you have ftp credentials?

  • do the credentials actually work?

  • do you get a database dump you can transfer? (If you cannot access the server, you can't make a dump.)

  • are the folder accurately named?

  • how BIG is the webfolder? (so how long will copying take?)

  • which database management system is used? (i.e. mysql or postgres)

  • database credentials for it are?

  • what is the database the site is using actually called?

  • just how BIG is the database? (and so how long will copying take?)

  • what domains are pointing to the server?

  • are these actually active?

  • and can you change the DNS RR?

  • what are the DNS TTL times?

  • is mailing configured?

  • don't forget the DNS MX RR/RR's while at the last point

DNS: aquiring information active resource records

For finding out about the dns, if you have several virtual hosts on the same machine, try grepping them all there.

When having an apache, grep all vhost files for ServerName and ServerAlias. Here's a kind-of snippet, which will work if your apache vhost configs are in default locations and indented:

\grep -e '^\s\+Server' /etc/apache2/sites-enabled/*

This shows only active sites, check sites-available if you have to migrate sites which are currently turned off, too.

The resulting list, if sanitized, can be piped on the shell and used with something like host/nslookup/echo + dig +short, to easily check which domains are still running. Check all the records, not just the A/AAAA (quad-A is ipv4, single-A is ipv4) records, also MX and whatever is set. If the exit code is non-zero, no dns anymore and less work for you. Providing a script here would not help much, since you should know what you are doing here anyway and it would most likely not help you much.

and maybe prepare the webserver, too

In case the apache config is, lets say, 'adventurous', do apache2ctl -S (Debian/Ubuntu) or httpd -S to see which domains are hosted, and in which file these are defined. Then search there for ServerName/ServerAlias directives.

If the webserver happens to have all vhosts defined in one huge file (which ist just... very not great), remove the configuration and place them into a separated file. In Debian-based Linuces you can use a2ensite <vhost-config-filename> / a2dissite <vhost-config-filename> to enable/disable single websites easily. On Redhat-based ones you create the symlinks to the configfolder apache is configured to load manually and delete them also by hand. (This isn't any different from what a2en/dissite do.) All this only for the sites you want to migrate.

Of course, you can just comment out the information on your vhosts from the config, but just... don't.

For other webservers all this is different, of course, but you get the idea.

DNS: get the domains and the website together, information-wise

Refer to the website via its main link. (apache ServerName from above.) But make sure to note all other aliases there, too. (apache ServerAlias from above.) Since you can only migrate one site after another, this helps to keep track. Write all this down, each alias in another row. Maybe put the inactive ones into an extra column there, too. Could be that these should be prolonged again, or were incorrectly set. (I.e. it did not point to the webserver when you checked.)

Write the set TTL into the next column, along with the current date. (Usually TTL is 86400, which means 24 hours, which is exactly how long it will take until your change to 1800 seconds becomes finally active. If the TTL was longer than 86400 for whatever reason, note that into your list, too!)

DNS: lower TTL the day before the migration

After having created a list and checked which domains are currently active, set the default TTL time to 1800. (Just don't go below, 30 mins are short while you do the migration. Also the registrar might prefer you not to.)

DNS: plan b in case you have dozens of websites to migrate

If you have A LOT of websites that should go from one server to the next, try migrating and testing everything (via entries in the hosts file). Then switch the ip's of the servers with each other. That way no dns changes are needed (except if you have dead domains), because this shit can become tedious, too.

TBD / todo

Nothing more here now, until i am motivated again to write more stuff up.

IIS: config location
posted on 2015-06-18 19:17:25

Microsoft's IIS webserver is a nice piece of software, but for a linux admin it has way too much mouse action.

For some sed/awk/grep action when you want to get some information rather fast, its xml-based config can be found here:

%windir%\system32\inetsrv\config\applicationHost.config
Linux: speedy LXC introduction
posted on 2015-06-15 23:12:20

Since the official LXC manual is just bollocks, here is the quick and dirty version to get something up and running for people with not overly much time who wish for something that 'just works (TM)':

some notes first

Depending on the kernel you are using, you might have to create containers as root user, since unprivileged containers are a newer feature of LXC.

Also not all funtionalities or flags are present, depending on your luck. Consult the manpage of the command in question to see if the things you are trying are available at all.

More often than not, the availability of programs / feature / options is package-dependant, read:
It just depends what version you get from your package management (If you don't get the source directly.), and what is listed as available in the corresponding manual page.

install

Install lxc package via your package management. lxctl might be nice, too, although it will not be discussed here, as at least my version still had quite some bugs. Where it will definitely help, is with configuring the config which you will not have to edit by hand.

Also these packages will help, do not bother if they are not all available for your distro, it still might work, even though your OS does not know or cannot find them:

lxc-devel
lxc-doc
lxc-extra
lxc-libs
lxc-templates
lxc-python3-lxc
debootstrap

check system

Use lxc-checkconfig. It easily tells you if you have trouble with running containers. Could be due to kernel version or missing userland tools.

have some throwaway space ready

This section can be skipped.

If you bother:
Easiest it'd be if you have a spare hdd at your disposal, but an USB stick will do just nicely. Use LVM to prepare the disk, so the containers can be created with a present volume group, the logical volume will be created during container creation.

Mountpoint would be /var/lib/lxc. The folder which will be used can be passed on the commandline, too, at lxc-create.

You do not have to do this, but it is kind of a security measure. When toying around with LVM, you will not as easily make your desktop go broke, just the USB stick will be wiped.

usage

create / start to container

create / get templates

Containers can be created via lxc-create.
I.e. lxc-create -n <containername> -t <templatename> The list of available templates can be found under /usr/share/lxc/templates, just omit the lxc- prefix:

\ls -Alh /usr/share/lxc/templates | awk '{print $9}' | cut -c5-

(Or wherever man lxc-create tells you to look described at the -t flag.)

If the containers shall not be saved at the default location, use the -P / --lxcpath parameter.

Creating a container off the download template prompts you with a list of operating systems from which you can choose. (lxc-create -n <containername> -t download is all you need to do.) If you do not have the template which you chose, it will be downloaded automatically. The internet will be consulted on how to create the container by LXC and it might take a little, initially.

When the next container is created from the same template, it goes MUCH faster.

Don't forget to note the root password at the console output after lxc-create is finished. Depending on the OS template, the root pw is sometimes 'root', sometimes a random one, sometimes you have to chroot into the container's file system (see file in the container folder) and set the pass by hand first. It 'depends'.

clone

Created containers can be duplicated with the lxc-clone command, i.e.:

lxc-clone <containername> <new_containername>

Look up lxc-clone --help, you can pass the backingstore to use (folder where containerfiles are saved) or the clone method (copy vs. snapshot).

start

Started are containers via lxc-start -n <containername>. That way you will get to the user login prompt.

Else start the container with the -d flag, meaning daemonized... in the background.

There also exists lxc-autostart... That is if you have to start several containers in a certain order.

lxc.start.auto = 0 (disabled) or 1 (enabled)
lxc.start.delay = 0 (delay in second to wait after starting the container)
lxc.start.order = 0 (priority of the container, higher value means starts earlier)
lxc.group = group1,group2,group3,… (groups the container is a member of)

It will also autostart 'autostart'-flagged containers at boot of the host OS, as far as I understood it.

list/watch available containers

lxc-ls will do. There are some options, but just use lxc-ls --fancy, if your version has this functionality. Otherwise you will have to stick to lxc-ls for all containers, and lxc-ls --active for the running ones.

Specific infos on a particular container can be obtained via lxc-info -n <containername>.

lxc-monitor will work like tail -f and tell the status of the container in question. (RUNNING / STOPPED)

connect to / disconnect from container

Connecting to daemonized containers will work via lxc-console -n <containername>

Exit via CTRL+a q. Be cautionous, if you put screen to use the shortcut to escape will not work. Either close the terminal then, or shutdown the container.

pause / unpause containers

lxc-freeze -n <containername>

and

lxc-unfreeze -n <containername>

will do.

stop / delete container

stop

Either turn of the linux (e.g. issuing poweroff or shutdown -h now from within the container). Or use lxc-stop -n <containername>

destroy

Simply lxc-destroy -n <containername>.

snapshots!

Snapshotting VM's does work, somehow. Usually you seem to need LVM for it. See lxc-snapshot for more info.

networking

This is a little hairy if you have never worked with bridges in linux before. You will almost certain have to reconfigure your network settings by hand to let the container access the internet.

Sample settings:

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.name = eth0
lxc.network.hwaddr = 00:16:3e:xx:xx:xx

Either put these directly into the container config (but change the xx pair to HEX values), or, to have this set automatically for all containers, put it into the global lxc config (no HEX needed, will be replaced accordingly during container creation). (/etc/lxc/default.conf)

scripting

Container usage can be scripted, i.e. in python. This opens up quite a lot of possibilities for development/deployment/testing workflows. Things run fast due to fast startup times, in a clean environment, which will lower the bar to using proper testsetups quite a lot.

#!/usr/bin/python3

import lxc

c = lxc.Container("<containername>")
c.start()

config

The list of available config options is best looked up in the manpages directly:

man lxc.conf
man 5 lxc.conf
man 5 lxc.system.conf
man 5 lxc.container.conf
man 5 lxc-usernet
man lxc-user-nic

web GUI

See LXC-webpanel, if you're on ubuntu, that is. I haven't tested it, tough. But the pictures for it on the internet look rather nice. :)

closing notes

Well, now you might have a running container, with or without network, depending on your host OS. If you put VLAN's to use, you will have no luck without further work. ;)

For more information, there's some nice documentation over at IBM.

Linux: install most recent kernel on CentOS 7
posted on 2015-06-15 21:25:04

Proceed at your own risk. You should have good reasons to use a server distribution with the most recent kernel in production.

To keep this sweet and short, do as root:

rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install -y kernel-ml 

The downloading part might take a while.

Afterwards update grub:

grub2-mkconfig -i /boot/grub2/grub.cfg
grub2-install

Good Luck. Regression errors may lurk out there, waiting for you.

sudo: sorry, you must have a tty to run sudo
posted on 2015-06-15 12:41:49

When trying to run sudo commands via ssh, the error mentioned above might occur.

Either try this.

Or go to /etc/sudoers and enter:

Defaults !requiretty
KDE: revert desktop to folder view
posted on 2015-06-13 14:09:32

To revert the current KDE Desktop to 'Folder View', where the contents of the users ~/Desktop folder are shown, the following steps will help:

  • On the Desktop (with no windows shown probably), click on the upper right Desktop button.
  • Click 'Default Desktop Settings' (This may differ if you changed this already in the past.)
  • In the 'view' "tab" change 'type' to 'Folder View'.
  • Apply and be done.

An outdated .gif which helped me find this can be seen here.

Binary exponential values
posted on 2015-06-11 21:16:58

Since you often need them, but even more often than that forget about them again, here's a list:

just bits

2^4
16

2^8
256

2^16
65536

2^32
4294967296

2^64
18446744073709551616

2^128
340282366920938463463374607431768211456

all up to 32 bit

mysql: encoding overview
posted on 2015-06-11 17:12:48

check existing databases

To see how databases in mysql are created, this might be helpful:

SELECT SCHEMA_NAME 'database', default_character_set_name 'charset', DEFAULT_COLLATION_NAME 'collation' FROM information_schema.SCHEMATA;

The output looks like this:

mysql> SELECT SCHEMA_NAME 'database', default_character_set_name 'charset', DEFAULT_COLLATION_NAME 'collation' FROM information_schema.SCHEMATA;
+--------------------+---------+-------------------+
| database           | charset | collation         |
+--------------------+---------+-------------------+
| information_schema | utf8    | utf8_general_ci   |
| mysql              | latin1  | latin1_swedish_ci |
| performance_schema | utf8    | utf8_general_ci   |
+--------------------+---------+-------------------+
3 rows in set (0.00 sec)

mysql>

The above is from a fresh install on a debian 8 of an 5.5 mysql server, just for the record.

create new database

If I do not want to create a new DB with the standard latin1 encoding, I use this:

create database <databasename> character set utf8 collate utf8_unicode_ci;
find: multiple wildcards
posted on 2015-06-10 11:51:51

When looking out for all files in a folder and its contained subfolders, find . -iname '*.py' might for example give you all python files. But what if you all the .pyc files, too?

Coupling several types with iname will not work!

Use the -regex flag instead:

`find . -regextype egrep -regex '.*\.py|.*\.pyc'`

By default find uses the emacs regex syntax which is very likely counter intuitive. Besides emacs and egrep there are others available:

- findutils-default
- awk
- egrep
- ed
- emacs
- gnu-awk
- grep
- posix-awk
- posix-basic
- posix-egrep
- posix-extended
- posix-minimal-basic
- sed
tmux: write to all panes simultanously
posted on 2015-06-04 14:34:15

I find myself working in tmux quite often with split panes, and wanting to work on all panes at once. An alternative that I have put to use in the past was cssh / clustershell, but this uses xterm and does not look pretty.

So simply put this into ~/.tmux.conf:

bind e setw synchronize-panes

Aftwards C-b e will toggle the function which lets you write to all panes simultanously.

This blog covers .csv, .htaccess, .pfx, .vmx, /etc/crypttab, /etc/network/interfaces, /etc/sudoers, /proc, 10.04, 14.04, AS, ASA, ControlPanel, DS1054Z, GPT, HWR, Hyper-V, IPSEC, KVM, LSI, LVM, LXC, MBR, MTU, MegaCli, PHP, PKI, R, RAID, S.M.A.R.T., SNMP, SSD, SSL, TLS, TRIM, VEEAM, VMware, VServer, VirtualBox, Virtuozzo, XenServer, acpi, adaptec, algorithm, ansible, apache, apachebench, apple, arcconf, arch, architecture, areca, arping, asa, asdm, awk, backup, bandit, bar, bash, benchmarking, binding, bitrate, blackarmor, blowfish, bochs, bond, bonding, booknotes, bootable, bsd, btrfs, buffer, c-states, cache, caching, ccl, centos, certificate, certtool, cgdisk, cheatsheet, chrome, chroot, cisco, clamav, cli, clp, clush, cluster, coleslaw, colorscheme, common lisp, console, container, containers, controller, cron, cryptsetup, csync2, cu, cups, cygwin, d-states, database, date, db2, dcfldd, dcim, dd, debian, debug, debugger, debugging, decimal, desktop, df, dhclient, dhcp, diff, dig, display manager, dm-crypt, dmesg, dmidecode, dns, docker, dos, drivers, dtrace, dtrace4linux, du, dynamictracing, e2fsck, eBPF, ebook, efi, egrep, emacs, encoding, env, error, ess, esx, esxcli, esxi, ethtool, evil, expect, exportfs, factory reset, factory_reset, factoryreset, fail2ban, fbsd, fedora, file, filesystem, find, fio, firewall, firmware, fish, flashrom, forensics, free, freebsd, freedos, fritzbox, fsck, fstrim, ftp, ftps, g-states, gentoo, ghostscript, git, git-filter-branch, github, gitolite, gnutls, gradle, grep, grml, grub, grub2, guacamole, hardware, haskell, hdd, hdparm, hellowor, hex, hexdump, history, howto, htop, htpasswd, http, httpd, https, i3, icmp, ifenslave, iftop, iis, imagemagick, imap, imaps, init, innoDB, innodb, inodes, intel, ioncube, ios, iostat, ip, iperf, iphone, ipmi, ipmitool, iproute2, ipsec, iptables, ipv6, irc, irssi, iw, iwconfig, iwlist, iwlwifi, jailbreak, jails, java, javascript, javaws, js, juniper, junit, kali, kde, kemp, kernel, keyremap, kill, kpartx, krypton, lacp, lamp, languages, ldap, ldapsearch, less, leviathan, liero, lightning, links, linux, linuxin3months, lisp, list, livedisk, lmctfy, loadbalancing, locale, log, logrotate, looback, loopback, losetup, lsblk, lsi, lsof, lsusb, lsyncd, luks, lvextend, lvm, lvm2, lvreduce, lxc, lxde, macbook, macro, magento, mailclient, mailing, mailq, manpages, markdown, mbr, mdadm, megacli, micro sd, microsoft, minicom, mkfs, mktemp, mod_pagespeed, mod_proxy, modbus, modprobe, mount, mouse, movement, mpstat, multitasking, myISAM, mysql, mysql 5.7, mysql workbench, mysqlcheck, mysqldump, nagios, nas, nat, nc, netfilter, networking, nfs, nginx, nmap, nocaps, nodejs, numberingsystem, numbers, od, onyx, opcode-cache, openVZ, openlierox, openssl, openvpn, openvswitch, openwrt, oracle linux, org-mode, os, oscilloscope, overview, parallel, parameter expansion, parted, partitioning, passwd, patch, pdf, performance, pfsense, php, php7, phpmyadmin, pi, pidgin, pidstat, pins, pkill, plesk, plugin, posix, postfix, postfixadmin, postgres, postgresql, poudriere, powershell, preview, profiling, prompt, proxmox, ps, puppet, pv, pvecm, pvresize, python, qemu, qemu-img, qm, qmrestore, quicklisp, r, racktables, raid, raspberry pi, raspberrypi, raspbian, rbpi, rdp, redhat, redirect, registry, requirements, resize2fs, rewrite, rewrites, rhel, rigol, roccat, routing, rs0485, rs232, rsync, s-states, s_client, samba, sar, sata, sbcl, scite, scp, screen, scripting, seafile, seagate, security, sed, serial, serial port, setup, sftp, sg300, shell, shopware, shortcuts, showmount, signals, slattach, slip, slow-query-log, smbclient, snmpget, snmpwalk, software RAID, software raid, softwareraid, sophos, spacemacs, spam, specification, speedport, spi, sqlite, squid, ssd, ssh, ssh-add, sshd, ssl, stats, storage, strace, stronswan, su, submodules, subzone, sudo, sudoers, sup, swaks, swap, switch, switching, synaptics, synergy, sysfs, systemd, systemtap, tar, tcpdump, tcsh, tee, telnet, terminal, terminator, testdisk, testing, throughput, tmux, todo, tomcat, top, tput, trafficshaping, ttl, tuning, tunnel, tunneling, typo3, uboot, ubuntu, ubuntu 16.04, udev, uefi, ulimit, uname, unetbootin, unit testing, upstart, uptime, usb, usbstick, utf8, utm, utm 220, ux305, vcs, vgchange, vim, vimdiff, virtualbox, virtualization, visual studio code, vlan, vmstat, vmware, vnc, vncviewer, voltage, vpn, vsphere, vzdump, w, w701, wakeonlan, wargames, web, webdav, weechat, wget, whois, wicd, wifi, windowmanager, windows, wine, wireshark, wpa, wpa_passphrase, wpa_supplicant, x2x, xfce, xfreerdp, xmodem, xterm, xxd, yum, zones, zsh

View posts from 2017-03, 2017-02, 2017-01, 2016-12, 2016-11, 2016-10, 2016-09, 2016-08, 2016-07, 2016-06, 2016-05, 2016-04, 2016-03, 2016-02, 2016-01, 2015-12, 2015-11, 2015-10, 2015-09, 2015-08, 2015-07, 2015-06, 2015-05, 2015-04, 2015-03, 2015-02, 2015-01, 2014-12, 2014-11, 2014-10, 2014-09, 2014-08, 2014-07, 2014-06, 2014-05, 2014-04, 2014-03, 2014-01, 2013-12, 2013-11, 2013-10


Unless otherwise credited all material Creative Commons License by sjas