I’ll be the annoying one. Why Pertino and not another mesh VPN like ZeroTier or Tinc?

Honestly I can't tell you the last time I used them. If stuff is misbehaving I just destroy and rebuild. Even physical, it's easier to just reprovision than to troubleshoot. Physical stuff can be rekickstarted in around 10 mins.

I could take it or leave it. I think they have some cool projects like Juju. The only problem I’ve had with it really is the boot partition filling up with images. I’m so used to how RHEL deals with that I forget about it.

@dafyre said in Unable to delete KVM snapshot:

Note, in the process below, <diskname> could be vda, sda, or hda.
The first command tells you which to use.

virsh domblklist plex
virsh blockcommit plex <disk name> --verbose --pivot --active

Once the blockcommit command finishes, shutdown plex, and rename the plex_snap disk image.

Start Plex back up and make sure your updates and such are still installed. If all is well, then delete the plex_snap disk image.

You shouldn’t have to shutdown the image unless it’s just for the updates. The pivot option points the guest back to the original backing store.

@dustinb3403 said in Remote Desktop to Fedora 28?:

To add a user to a specific group

useradd -G {group-name} username should work. You likely will need to run under sudo to do this though.

If you don't add a -a it removes all secondary groups other than the one you define. You pretty much always want to do usermod -aG group user

I posted another version of this in another thread, but I figured I'd post a more complete version here. This template handles locking and unlocking of the script and also passing of arguments. It also includes a main function and a trap for specific signals.

#!/bin/bash

#MIT License

#Copyright (c) 2018  John Hooks

#Permission is hereby granted, free of charge, to any person obtaining a copy
#of this software and associated documentation files (the "Software"), to deal
#in the Software without restriction, including without limitation the rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of the Software, and to permit persons to whom the Software is
#furnished to do so, subject to the following conditions:

#The above copyright notice and this permission notice shall be included in all
#copies or substantial portions of the Software.

#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
#OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
#SOFTWARE.



readonly NAME=$(basename "$0")
readonly LOCKFILE=/tmp/$NAME
readonly LOCKFD=200

#Remove lock file if signal 1, 2, 3, or 6.
trap prem_end 1 2 3 6

prem_end ()
{
  echo "Premature end detected, removing lock"
  rm -rf $LOCKFILE.lock
  echo "Finished"
  exit 1
}

#Lock functions
lock () {
    local fd=${2:-$LOCKFD}
    local lockfile=$LOCKFILE.lock

    # create the lock file
    eval "exec $fd>$lockfile"

    #get the lock
    flock -n $fd && return 0 || return 1
}

unlock () {
    local fd=${2:-$LOCKFD}
    local lockfile=$LOCKFILE.lock

    #unlock
    flock -u $fd

    #remove lock file
    rm -f $lockfile
}

errexit () {
    local err="$@"

    echo $err
    exit 1
}


#Help function
function script_help () {
     echo "
         Usage: $(basename $0) [options] 
   
             -h   this help text
   
         Example:
           $(basename $0) "
   
     exit ${1:-0}
}


#Show help if no arguments or options are passed
[[ ! "$*" ]] && script_help 1
OPTIND=1


#Read command line options
#A colon after a flag means it takes an argument
#Example with extra argument called "a"
#while getopts "a:h" opt; do
#    case "$opt" in
#      a) variable=$OPTARG ;;
#      h) script_help ;;
#      \?) script_help 1 ;;
#    esac
#done
while getopts "h" opt; do
    case "$opt" in
      h) script_help ;;
      \?) script_help 1 ;;
    esac
done
shift $(($OPTIND-1));

#Main function
main () {
    lock $NAME || errexit "An instance of $NAME is still running."





    unlock
}
main

@JaredBusch said in Wrapping your head around LVM.:

@black3dynamite said in Wrapping your head around LVM.:

@JaredBusch said in Wrapping your head around LVM.:

@JaredBusch said in Wrapping your head around LVM.:

@travisdh1 I just went through all of this last night in order to expand space on a CentOS 7 VM.

All of the guides and info seemed really bad. Nothing was consolidated or concise.

I ended up with this guide working to get what I needed done except for the last step. The guide said to use resize2fs and that does not work. I had to use xfs_growfs as pointed out in an answer to this post.

I just had to do this again.. Time to make a write up here because the original article is no longer online. Had to use the wayback machine to verify my notes.

It be a lot more easier now using Cockpit?

CentOS 7

You can do it on CentOS.

Also a quick tip is if you do an lvextend -r it will auto resize the filesystem.

Traefik is a reverse proxy that integrates well with things like Docker, K8s, Consul, etcd, etc. However it has a nice file mode also. It's written in Go so it's a single static binary and doesn't need restarted with config changes. If your application has health checks, you can leverage those as well. You can get the binary from the releases page.

By default it looks for the config traefik.toml in /etc/traefik/, $HOME/.traefik, or the directory the executable is in. It's simple to set up. Here's the full file for a single backend:

traefik.toml

defaultEntryPoints = ["http"]
[entryPoints]
  [entryPoints.http]
  address = ":80"

[file]

[backends]
  [backends.backend1]
    [backends.backend1.servers.server1]
       url = "http://10.1.30.134"

[frontends]
  [frontends.frontend1]
      backend = "backend1"
      passHostHeader = true
      [frontends.frontend1.routes.example]
          rule = "Host:staticpage.test.com"

If you want to enable the dashboard, it would look like this:

defaultEntryPoints = ["http"]
[entryPoints]
  [entryPoints.http]
  address = ":80"

[api]
  entryPoint = "traefik"
  dashboard = true
  address = ":8080"

[file]

[backends]
  [backends.backend1]
    [backends.backend1.servers.server1]
       url = "http://10.1.30.134"

[frontends]
  [frontends.frontend1]
      backend = "backend1"
      passHostHeader = true
      [frontends.frontend1.routes.example]
          rule = "Host:staticpage.test.com"

Then visiting port 8080 gives you the dashboard:

So I'd personally use Hugo or Asciidoctor like I mentioned, that way it's version controlled and can be built with a pipeline. But if you want stupid simple, Grav would work really well. There is a git sync plugin to use git for versioning, but if you don't want to set that up it's stupid simple to back up, just back up the directory. Here's a demo I threw up in Docker.

You get the nice admin page with WYSIWYG editing. If you don't want that, you can write raw markdown also.

It's an awesome tool with plugins and some nice themes.

@scottalanmiller said in Trading a VPN for an SSH Tunnel:

@JasGot said in Trading a VPN for an SSH Tunnel:

@scottalanmiller said in Trading a VPN for an SSH Tunnel:

@JasGot said in Trading a VPN for an SSH Tunnel:

Put a RouterBoardOS RB260GS at each house and use a free ddns service. $35each and yo're done.
Or a Ubiquiti Edge Router Lite will work too, just more expensive.
I use the Ubiquiti ERL for IPSec into my house from the office, my phone, and my laptop. Love it.

All more work and more money than easy and free.

Easy is relative. $70 for the two is only $10 more than he is currently paying for one year. Starting with month 15, it is free!

Comparing to a bad decision is misleading. You have to throw money away today, and ignore better options, to them create the "savings" of spending money. That's a false decision matrix.

The real comparison is against something free. That's the baseline to beat. Otherwise, nothing is costly compared to any contrived more expensive decision.

Example: I want a laser light show for my house, I don't need it, I just want it. The free option is to not buy one. Buying one is normally $100. But I could find one that is $200 and then say that the $100 is "free" or even "saving me money." But this is false, it's still costing $100 no matter how many more expensive alternatives we find.

It's like the 'sale' problem. The shirt was on sale for 50% off, I saved 50%!! No, you still bought a shirt you didn't need, money was lost versus the free baseline.

The wife gets mad when I tell her you save 100% if you don't buy anything.

Keepalived is most likely what you're looking for. You assign a VIP to your interface and it keeps a heartbeat between the systems. The VIP (floating IP) will move between systems if there is an issue.

Once that's set up, use Serf to update your HAProxy configs or Consul for automatic service discovery which HAProxy can read.

If you're using a cloud provider, I'd just use one of their provided load balancers.

Jeff Feeling write an awesome module for Drupal called Honeypot. It adds a field to the register page that when it's filled out the system ignores the registration. That field is hidden with CSS so normal people don't see it but the boys fill it out because it's a field. Not sure if NodeBB had anything like that at all though.

You can always do a find /home -executable -type f for future reference. You could then pipe that to grep for keywords.

Another really good option is not letting them log directly into the systems at all and forcing them to use a config management tool. So something like Tower or a Jenkins server that logs all of the commands run and has the permissions set there.

I wrote a new article on unit testing Terraform modules with Terratest.

https://hooks.technology/2020/03/testing-terraform-with-terratest/

@Pete-S said in Searching for text in file:

grep "iterations"|cut -d '=' -f 2

Just use trim.

grep "passphrase" file.txt |cut -d '=' -f 2 | tr -d \'

Its up to you to make your systems redundant, not them. So a "break in redundancy" does not fall on the provider.

https://www.vultr.com/company/sla/

This page is nonsensical as 100% uptime is not a realistic achievable metric. I think the credit is just a way to not be held to a specific SLA and it's cheaper for them to give credits out than to provide consistent 4-5 9's of service.

Anyway it's on the consumer to provide the redundancy. I'm assuming with VPS providers like Vultr it's harder to do cross AZ replication because I'm assuming things like instance groups don't span data centers, but I could be wrong.

This seems to add a lot of complexity. Nginx configs can be complex but this abstraction in a database seems worse than writing the configs.

I think you should practice using a config management tool or even terraform templates to generate the configs based on variables.

@rojoloco said in RojoLoco needs your Linux brains!!!:

@stacksofplates said in RojoLoco needs your Linux brains!!!:

@rojoloco said in RojoLoco needs your Linux brains!!!:

Thanks to everyone for the great replies. I just got confirmation from Dell that I need to go with the server version. So it's looking like CentOS 8 Stream / Docker CE / Docker compose will be the setup. Stand by, there will probably be more noob questions coming soon.

Yeah wow that's gross that they force those specifically. Maybe Dell should catch up with everything that's going on in the world.

Check the original post, Dell gave us the choice of Docker CE or Docker Enterprise. I just read today that Enterprise license is included with Windows 2016/2019 license, so my assumption that "CE is free but Enterprise is not" was wrong. Dell says we can use either, I listed CE because I was unaware of the license thing with Windows. I will be using Enterprise edition.

I told y'all right up front that I don't know shit about any of this...

Eh EE really has no benefits. The crazy thing is the whole landscape is shifting away from Docker. K8s is already on containerd. The only thing left for docker is running locally on your laptop which is becoming less and less of a thing anyway.

All of their choices are pretty bad. RHEL/CentOS has a bad/annoying docker implementation. SUSE shouldn't require SLED. It just sounds overall like dell is trying to stay relevant but are using tech from 2017 to do that

@thecreativeone91 I was struggling for the right word. I was going to type intimate, but that would have been weird.