Easy SSH Login

March 30th, 2017 No comments

Here is a simple way to setup key (password-less) login on Unix-like systems.

Once you’ve configured SSH locally, add your public key to remote hosts using the following command:

**NB** in the next line, be very careful to use cat >> (append) and not cat > (overwrite), or you will trash your remote authorized_keys2 file, leaving your remote inaccessible to everyone but you. Not cool.

cat ~/.ssh/id_rsa.pub | ssh remote_machine 'cat >> .ssh/authorized_keys2'

Replace .ssh/id_rsa.pub with your public key.

Also make sure remote folder ~/.ssh has mode 0700 and ~/.ssh/authorized_keys2 has 0600.

 

Categories: Linux Tags: , , , , ,

Installing RancherOS and Rancher

March 5th, 2017 No comments

Install RancherOS

RancherOS installation docs are available at these links.

Docs are available here and here.

I found the docs a bit confusing so have included the steps I used here:

OS installation:

By default, any changes won’t persist and will be lost on reboot. The following steps explain how to install the OS on your hard disk:

Configure a new Linux 4.x compatible VM (>1.5G ram) and boot the memory based OS from CD. Get the most recent ISO release here.

When booted from CD, a shell for user rancher starts on the console. Unless your console allows cut/paste, you’ll want to set a password for user rancher to allow SSH login. SSH key howto.

$ sudo passwd rancher

Login using SSH ($ ssh rancher@)
. Note: this key will not survive a reboot, so in the following steps decline any offers to reboot.

Place your public SSH key in /home/rancher/cloud-config.yml using the following format:

#cloud-config.yml
hostname: myhost (optional)
ssh_authorized_keys:
– ssh-rsa AAAAB3NzaC1y…qKxUCAnBOcZ [email protected]
[there should be a couple of spaces at the beginning of the previous line, before the dash]

Format the drive where you want to install rancherOS. This command also labels the drive as required by Rancher. Ignore the rancher doc suggestion to reboot after this command.

$ sudo mkfs.ext4 -L RANCHER_STATE /dev/sda (may not be /dev/sda – with kvm, i use /dev/vda)

Now install RancherOS to disk, along with the SSH key you provided:


$ sudo ros install -c cloud-config.yml -d /dev/sda (again, change sda if necessary)

Reply Y to continue, and then Y to reboot.

If you need to change the hostname:

$ sudo ros config set hostname

Install Rancher Server and Agent

Rancher quick-start doc can be found here.

However Rancher Server is incredibly easy to install. This one liner will do the trick:

$ sudo docker run -d –restart=unless-stopped -p 8080:8080 rancher/server
(WordPress messes up <dash><dash>restart in the line above)

Once Rancher Server and its UI are up and running, you’ll need to install Rancher Agent on each Docker host (including RancherOS hosts). The Rancher UI explains the process clearly and makes it easy.

Categories: Docker, Linux Tags: , , , ,

Proxmox blacklisting IPMI hardware watchdog

August 22nd, 2016 No comments

My Proxmox 4.1 wouldn’t reboot. A quick look at the logs showed this was caused by the watchdog. My Supermicro (like HP) uses an IPMI hardware watchdog, but the Proxmox default is softdog.

In fact, by default, Proxmox disables loading of the ipmi_watchdog kernel module. And if you remove it from their blacklist, they just overwrite on the next update.

The fix is to uncomment the ipmi_watchdog line in /etc/default/pve-ha-manager, like so:

# select watchdog module (default is softdog)
WATCHDOG_MODULE=ipmi_watchdog

After you reboot, you should see ipmi_watchdog output by lsmod.

Categories: Linux Tags: , ,

ZFS pool not imported automatically in Proxmox 4.1 (and Jessie)

August 22nd, 2016 No comments
From zfsonlinux issue #4496:
btbroot commented on May 24 edited

Hello.

This is actually a grave bug. Currently (zfsutils 0.6.5.7-8-jessie), zfs-import-cache.service starts before systemd-remount-fs.service and fails to import pools because the / filesystem is mounted read-only at this stage. See the fix below.

--- /lib/systemd/system/zfs-mount.service-  2016-05-24 15:44:31.460000000 -0400
+++ /lib/systemd/system/zfs-mount.service   2016-05-24 16:08:56.156000000 -0400
@@ -8,7 +8,7 @@
 After=zfs-import-cache.service
 After=zfs-import-scan.service
 Before=local-fs.target
-Before=systemd-remount-fs.service
+After=systemd-remount-fs.service

 [Service]
 Type=oneshot

 

Categories: Linux Tags:

Script to Retrieve Window Product Key

August 8th, 2016 No comments

I don’t know why MS makes it so hard to retrieve your Windows product key.

Here’s a simple script to get the job done:

productkey.vbs

Categories: Windows Tags:

btrfs RAID1 with bcache on Ubuntu

November 12th, 2014 1 comment

How to install btrfs in RAID1, with bcache, on Ubuntu.

To avoid problems, use the most recent kernel you can. I did all this on Ubuntu 14.04 LTS but with Linux kernel 3.17.
Earlier kernels (btrfs versions) reported all sorts of unpleasantness in dmesg. 3.17 works.

First, install bcache tools

sudo add-apt-repository ppa:g2p/storage
sudo apt-get update
sudo apt-get install bcache-tools

I tried a bunch of recipes that failed. Several suggested it was possible to migrate existing btrfs volumes to use bcache.
Nothing I found came close to working without completely rebuilding the btrfs volumes.

MAKE A BACKUP – THIS WILL ERASE EVERYTHING ON YOUR HARD DRIVE

So I did an 800+GB backup and started from scratch. This recipe worked:

My setup:

2 x 3TB Seagate HDD backing store – /dev/sdc & /dev/sdd
40GB partition on Samsung SSD cache – /dev/sda6

Create bcache devices (-B for backing devices HDD; -C for cache device SSD):

$ make-bcache –wipe-bcache –writeback -B /dev/sd[cd] -C /dev/sda6

Build RAID1 btrfs on bcache devices:

$ mkfs.btrfs -f -d raid1 -m raid1 /dev/bcache0 /dev/bcache1

Get device id needed for /etc/fstab:

$ blkid /dev/bcache0
/dev/bcache0: UUID=”eccb74e8-6cae-850a-4eac-d217b11e21a4″ UUID_SUB=”9da2d9dc-6636-9de4-4293-169894f750ba” TYPE=”btrfs”

Updating /etc/fstab:

UID=eccb74e8-6cae-850a-4eac-d217b11e21a4 /big        btrfs   defaults,subvolid=0  0   0

If necessary, regenerate initramfs:

$ update-initramfs -u -k all

And voila, it worked!

 

Handy links:

https://bcache.evilpiepirate.org/

https://btrfs.wiki.kernel.org/index.php/Using_Btrfs_with_Multiple_Devices

https://bbs.archlinux.org/viewtopic.php?id=178230 & https://pastebin.com/ZwwZMd40

 

Troubleshooting steps for when things go wrong (and they likely will):

Wipe out file system id on cache device:

$ wipefs -a /dev/sda6

or on backing device:

$ wipefs -a /dev/sdd

More/different ways to wipe out file system info:

$ dd if=/dev/zero count=1 bs=1024 seek=1 of=/dev/sda6
$ dd if=/dev/zero count=1024 bs=1024 seek=1 of=/dev/sda6

I had to use gdisk to wipe GPT table from backing devices. ‘x’ for advanced, ‘z’ to zap partition table:

$ gdisk

Lots of reboots to synchronize bcache. There’s probably a better way, but this worked:

$ reboot

Display a bunch of useful block dev info:

$ lsblk -o NAME,MAJ:MIN,RM,SIZE,TYPE,FSTYPE,MOUNTPOINT,UUID

NAME MAJ:MIN RM SIZE TYPE FSTYPE MOUNTPOINT UUID
sda 8:0 0 232.9G disk
├─sda1 8:1 0 177.9G part btrfs 71cbb2af-7bd3-9d04-4800-1b1841c88ce1
├─sda2 8:2 0 1K part
├─sda5 8:5 0 15.5G part swap [SWAP] ed662fe6-0f76-9a1e-418c-ad26d15b9234
└─sda6 8:6 0 39.4G part
├─bcache0 251:0 0 2.7T disk btrfs eccb74e8-6cae-850a-4eac-d217b11e21a4
└─bcache1 251:1 0 2.7T disk btrfs eccb74e8-6cae-850a-4eac-d217b11e21a4
sdb 8:16 0 465.8G disk
sdc 8:32 0 2.7T disk
└─bcache0 251:0 0 2.7T disk btrfs eccb74e8-6cae-850a-4eac-d217b11e21a4
sdd 8:48 0 2.7T disk
└─bcache1 251:1 0 2.7T disk btrfs eccb74e8-6cae-850a-4eac-d217b11e21a4
sde 8:64 0 2.7T disk
├─sde1 8:65 0 1T part ext4 /mnt/ext4 693ac7fb-fc0c-b76d-4215-fe5c10df5a1a
└─sde2 8:66 0 1T part xfs 72f87cdb-8149-973a-4863-ca3c4063cba9

Categories: Linux Tags: , , , , , , ,

Install Latest Docker on Ubuntu Trusty 14.04 (LTS)

October 28th, 2014 No comments

From Docker’s site:

Ubuntu Trusty 14.04 (LTS) (64-bit)

Ubuntu Trusty comes with a 3.13.0 Linux kernel, and a docker.io package which installs Docker 0.9.1 and all its prerequisites from Ubuntu’s repository.

Note: Ubuntu (and Debian) contain a much older KDE3/GNOME2 package called docker, so the package and the executable are called docker.io.

Installation

To install the latest Ubuntu package (may not be the latest Docker release):

$ sudo apt-get update
$ sudo apt-get install docker.io
$ sudo ln -sf /usr/bin/docker.io /usr/local/bin/docker
$ sudo sed -i '$acomplete -F _docker docker'/etc/bash_completion.d/docker.io
$ source /etc/bash_completion.d/docker.io

If you’d like to try the latest version of Docker:

First, check that your APT system can deal with https URLs: the file /usr/lib/apt/methods/httpsshould exist. If it doesn’t, you need to install the package apt-transport-https.

[-e /usr/lib/apt/methods/https ]||{
  apt-get update
  apt-get install apt-transport-https
}

Then, add the Docker repository key to your local keychain.

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9

Add the Docker repository to your apt sources list, update and install the lxc-docker package.

You may receive a warning that the package isn’t trusted. Answer yes to continue installation.

$ sudo sh -c "echo deb https://get.docker.com/ubuntu docker main
> /etc/apt/sources.list.d/docker.list"
$ sudo apt-get update
$ sudo apt-get install lxc-docker

Note:

There is also a simple curl script available to help with this process.

$ curl -sSL https://get.docker.com/ubuntu/ | sudo sh

To verify that everything has worked as expected:

$ sudo docker run -i -t ubuntu /bin/bash

Which should download the ubuntu image, and then start bash in a container.

Docker Inspect Tricks

August 16th, 2014 No comments

Docker inspect provides all sorts of useful information. Use with no format to get all values, then use –format to filter.

This example gets the complete container Id:

docker inspect –format='{{.Id}}’ $SHORT_CONTAINER_ID

 

 

Categories: Linux Tags: , , , ,

Enable IP Broadcast on Linux Bridge

August 16th, 2014 No comments

While packaging minidlna in a Docker container, it became clear that IP Broadcasts (required by minidlna) are not bridged by default in Ubuntu 14.04.

Adding the following file (10-fix-bridge.conf) with the following to /etc/sysctl.d/ fixes this:

# allows broadcasts to reach Docker containers
#net.bridge.bridge-nf-call-arptables = 1
#net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 0

Categories: Linux Tags: , , , , , ,

Ubuntu 14.04 Disable IPv6

August 16th, 2014 No comments

First, my ISP doesn’t support IPv6 so Linux works but DNS name lookups take forever. This helps.

Create a file named 10-no-ipv6.conf in /etc/sysctl.d/ with the following:

# No IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

 

 

Categories: Linux Tags: , , , , , ,