Categories
Linux

Podman 1.8

Guide to install a newer version of Podman on Centos can be found on podmans website https://podman.io/getting-started/installation.html This will get you a newer version than 1.4 which is included in the default yum repository.

CentOS 7 is using an older kernel that does not support all features of podman. One thing is that needs to be removed is mount options with metacopy. You can change this line by removing metacopy=on in
/etc/containers/storage.conf  

mountopt = "nodev,metacopy=on"

If you do not do this you will get an error then trying to use podman, as the one below.

[root@dalesjo.com podman]# podman ps -a
Error: error creating libpod runtime: failed to mount overlay for metacopy check: invalid argument

Source: https://github.com/containers/libpod/issues/3560

Categories
Angular

Upgrading Angular

Run this to globally upgrade your angular version to latest.

ng --version
npm uninstall -g angular-cli 
npm cache verify
npm install -g @angular/cli@latest
Categories
Linux

Installing nginx in CentOS 8

Copy paste code to install newest nginx from nginx.org on CentOS 8. Read more at http://nginx.org/en/linux_packages.html#RHEL-CentOS 

sudo yum install yum-utils

cat <<EOF > /etc/yum.repos.d/nginx.repo

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

EOF

sudo yum install nginx
Categories
Linux

Podman/Docker cant reach internet

Had problem on CentOS 7/8 with both podman and docker. no container could reach internet. needed to enable the following.

cat <<EOF > /etc/sysctl.d/podman.conf
# Enable containers to access the outer world
net.ipv4.ip_forward=1
EOF

I also needed to enable masquerading on the external zone.

firewall-cmd --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-masquerade

One question left, who is allowed to masquerade? i see no filtering done meaning any other network connected to this machine can masquerade as the public zone. Does not sound good.

Categories
Uncategorized

icinga/nagios test icecast stream

This is howto monitor an icecast stream that the stream has not gone quiet and to do in during a specific time. First we need a tool to monitor the audio level. This can actually be done with ffmpeg. Below is a command you can do.

ffmpeg -t 10 -i http://example.com/live.mp3 -af "volumedetect" -f null /dev/null 2>&1 | grep Parsed_volumedetect

We do several things here.

  • -t 10 lets us just play the stream we have choosen for 10 seconds before closing ffmpeg
  • -i http://example.com/live.mp3 is our icecast stream we want to monitor
  • -af “volumedetect” is the audio filter we want to apply on the stream.
  • -f null /dev/null is to tell ffmpeg to throw the result away.
  • 2>&1 is very important, nomaly the output from ffmpeg you see on your screen is from stderr, by doing this in the end, we force the output out on the normal stdout giving us the possibilty to pipe the output to our grep command.
  • Lastly  grep Parsed_volumedetect is to only show us the output from the volumedetect filter.

Below we can see the date you can get from volumedetect. The value we want to use is mean_volume which will give us an aproximation on the current audio level in the stream. Max value is zero and anything below -40 db will be considered quite a low volume.

Now is the part where we convert the code above to a icinga/nagios test. I have uploaded a working example using the above code on https://github.com/Dalesjo/dalesjo-nagios/blob/master/media/check_audio_level Below you can se it in action, giving the correct exit code for icinga/nagios of course.

Continue reading “icinga/nagios test icecast stream”
Categories
Linux Uncategorized

Icinga/Nagios test using zonemaster.

Zonemaster is a great tool to verify that you have set up your domainservers correctly. You can test it out on https://zonemaster.iis.se/en/

I want my icinga server to this automaticly so i will get a warning as soon something changes, so lets do that. First thing you need to now is that Zonemaster is a tool and is freely available on Github. you can download it and run it on your own machine.

Continue reading “Icinga/Nagios test using zonemaster.”
Categories
Linux Network

Start NRPE after openvpn tunnel is connected

NRPE will not start if its server address is a openvpn ip and the tunnel is not yet established when NRPE tries to start. to solve this. create a new systemd file

systemctl -all | grep ovpn
cp /usr/lib/systemd/system/nrpe.service /etc/systemd/system/nrpe.service

Add your tun device to Requires and After. Note you need the systemD name of your tune device. in this case. OpenVPN was configured to use tun ovpn-gwSamuel check systemctl for its correct name. The result should look something like this. Notice the esacped dash sign in the name.

[Unit]
Description=Nagios Remote Program Executor
Documentation=http://www.nagios.org/documentation
Conflicts=nrpe.socket
Requires=network.target sys-devices-virtual-net-ovpn\x2dgwSamuel.device
After=network-online.target sys-devices-virtual-net-ovpn\x2dgwSamuel.device

[Install]
WantedBy=multi-user.target

[Service]
Type=forking
User=nrpe
Group=nrpe
EnvironmentFile=/etc/sysconfig/nrpe
ExecStart=/usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d $NRPE_SSL_OPT
Categories
Virtualization

Autostart a Virtual Machine in Xenserver

1. Enable poweron on pool
xe pool-list
xe pool-param-set uuid=89d4a986-2b3e-e771-b6d3-9a6cad4b7e52 other-config:auto_poweron=true
xe pool-param-list uuid=89d4a986-2b3e-e771-b6d3-9a6cad4b7e52
2. Enable poweron on Virtual Machine
xe vm-list
xe vm-param-set uuid=de89d51b-e581-553f-992d-f0a5044dccd2 other-config:auto_poweron=true
xe vm-param-list uuid=de89d51b-e581-553f-992d-f0a5044dccd2
Categories
Uncategorized

raid0 for varnish

To speed up varnish i choosen to cache data to a mdadm raid0 partition on half the drives (rest is raid1).

Create raid0 partitions (done twice)

(parted) print
Model: ATA ST2000NC001-1DY1 (scsi)
Disk /dev/sda: 2000GB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 1001MB 1000MB primary boot, raid
2 1001MB 1009GB 1008GB primary raid

(parted) mkpart
Partition type? primary/extended? primary
File system type? [ext2]? xfs
Start? 1100GB
End? 1900GB

(parted) set 3 raid on
(parted) print
Model: ATA ST2000NC001-1DY1 (scsi)
Disk /dev/sda: 2000GB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags:

Number Start End Size Type File system Flags
1 1049kB 1001MB 1000MB primary boot, raid
2 1001MB 1009GB 1008GB primary raid
3 1100GB 1900GB 800GB primary raid

mdadm raid0

mdadm -C /dev/md0 -l raid0 -n 2 /dev/sd[a-b]3
mkfs.xfs /dev/md0
mdadm --detail --scan >> /etc/mdadm.conf

fstab

To make sure this server can start evan if the raid0 partition fails, add nofail. noatime is added since atime is not needed for this drive.

/dev/md0  /var/lib/varnish/                     xfs     defaults,nofail,noatime 0 0

If it fails

If the drive fails varnish will crash, at a reboot varnish will not start (this is because the file varnish want to use dont fit within the root partition. to fix the raid0 partition, recreate all steps it and mount. dont forget to update /etc/mdadm.conf.

Categories
Programming

Deploy keys Github

Deploy keys gives you read access by default to a single repository. Deploy keys can be given write access when created in github.

In CentOS 7.

yum install rh-git29-git -y

Get public key to import to github.

cat ~/.ssh/id_rsa.pub

If you dont have a private/public key create one witht he following command

ssh-keygen -t rsa -b 4096 -C "you@email.com"

To test validation

ssh -T git@github.com