unimportant – Page 4

using dedicated server from hetzner

2020-09-252023-07-03 by .pQd

4 months ago i’ve started renting a dedicated server at https://www.hetzner.com/ and – so far – i’m quite happy with the service. i’ve picked cheapest suitable hardware from their auctions, after a month of trouble-free usage i’ve switched to quarterly billing. then server has crashed few times with “shutting down cpus with nmi” kernel messages. ... Read More

resizing btrfs on luks on mdadm raid10

2020-09-18 by .pQd

one of my KVM VMs keeps data on BTRFS on top of encrypted LUKS drive. that drive is a block device passed from virtualization server to VM… a block device which is mdadm software RAID10. below – steps taken to resize it.

detecting duplicate network packets from linux command line

2020-07-302020-08-18 by .pQd

while going down the rabbit hole of bed network performance at work we’ve narrowed the problem cause to duplicate packets showing up on a specific segment of leased metro Ethernet service. tshark filter helped us to see when duplicates occurred on monitored link we’ve got pair of computers – A and B connected at both ... Read More

backup via ssh-tunneled connection

2020-05-022020-05-02 by .pQd

in one context i need to pull backup from server C to server A. normally i’d use rsync with direct ssh connection as a transport method. in this particular case C is not directly reachable from A, so i need to use ssh tunneling to connect from A to C via jump-host B: public ssh ... Read More

apache2 – reverse proxy with sticky sessions and fail-over

2020-02-092020-02-09 by .pQd

i needed to set up apache2 as a reverse proxy that will forward requests to few backends. yes – i know that there are better tools to do it – like haproxy or nginx – but in this case apache2 was preferred for the simplicity of the setup. requirements: sticky sessions – in normal conditions ... Read More

guacamole under Debian

2019-12-012019-12-01 by .pQd

Apache Guacamole is a clientless remote desktop gateway – with it you can access RDP-enabled Windows PC using ordinary web browser and HTTP[S]. below – notes taken while setting it up under Debian 10.

useful network-related tools

2019-11-022019-11-02 by .pQd

internet-wide scanners: https://censys.io/ https://www.shodan.io/ ssl: https://www.ssllabs.com/ smtp: https://www.mail-tester.com/ dns: http://dns.squish.net/

upgrading firmware on Intel’s SATA SSD drives behind Dell’s h730p RAID

2019-10-132019-11-03 by .pQd

fetch Intel_SSD_Data_Center_Tool from here. the zip archive contained, among other, .deb for 64 bit OS – that worked for me under debian stretch. to see drives run: to upgrade the firmware where 0 corresponds to the Index of drive returned by the first command the same likely works for other LSI/Avago cards – no matter ... Read More

iostat -x 1 reporting 100% utilization of nearly-idle NVMe drives

2019-09-262019-09-26 by .pQd

after an upgrade to debian buster i’ve noticed that both iostat -x 1 and munin’s diskstats_utilization report that NVMe drives are busy most of the time. some empirical tests showed that disks are actually idle, performance did not drop. upgrade to 5.2 kernel resolved the miss-reporting issue.

openvpn – “OpenSSL: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small” after upgrade to Debina Buster

2019-08-172019-08-17 by .pQd

another thing to adjust after upgrade to Buster. on openvpn endpoint that in it’s config – /etc/openvpn/whatever.conf – had: dh dh1024.pem the vpn service did not start. tail -f /var/log/syslog showed: apparently the new version of openssl no longer accepts 1024 Diffie Hellman group. solution: and change in /etc/openvpn/whatever.conf – from dh dh1024.pem to dh ... Read More

bind9 fails to start after an upgrade to Debian Buster

2019-08-162019-08-17 by .pQd

i’ve done a routine upgrade to Buster on some server and all went fine… except bind9 no longer started. every attempt to restart it ended up with long waiting and an error message: logs did not contain anything interesting – actually they showed that bind would start and then after ~ a minute was shut ... Read More

allowing custom file extensions to be uploaded to wordpress

2019-07-142019-07-14 by .pQd

WordPress restricts types of files you can upload. it not only checks the extension of what you’re adding to the media library but also its mime type. so you cannot fool it by uploading .exe renamed to .jpeg – if you try it, you’ll get an error saying: “Sorry, this file type is not permitted ... Read More

“error: internal error: unable to execute QEMU command ‘transaction’: Could not create file: Permission denied” when creating a snapshot under KVM

2019-07-102021-04-14 by .pQd

debian buster brings apparmor. apparmor brings problems – eg it’s too restrictive for libvirt KVM guests and does not allow KVM to create snapshot-related files in VM’s folders. so far i did not find a clean and generic way to address it so i had to disable apparmor for libvirt by adding security_driver = “none” ... Read More

let’s encrypt via proxy server under debian

2019-07-102019-07-10 by .pQd

i prefer to have strict DROP policy for the outgoing traffic from production servers. let’s encrypt API endpoint is behind Akamai’s CDN and IP address to which acme-v02.api.letsencrypt.org resolves changes frequently. i don’t like playing whack-a-mole every 3 months so i’ve: set up a squid-based proxy server that allows for filtering based on domain names: ... Read More

“Your IT department has turned off signup for Partner Center” when migrating to new Action Pack / Microsoft Partner Center

2019-03-142019-06-09 by .pQd

i got stuck on that one while trying to migrate action pack account to the new MS Partner Center. without the migration it would not let me renew. after 3 attempts i ended up talking with someone competent who found that this error might occur for users who have o365-hosted mails for domain used in ... Read More

kvm: disabled by bios

2018-10-262018-10-26 by .pQd

does your kvm VM feel sluggish? mine did feel pretty slow.. as it turned out virt-install quietly overrode ‘hvm’ preferences and created a fully emulated qemu vm when it failed to make use of hardware-assisted virtualization.

bios upgrade on Dell PowerEdge T20 via AMT

2018-07-132018-08-03 by .pQd

prepare the floppy image file that later can be mounted via AMT, include in it just the bios update file – in my case it was PET20A18.exe from here. once the file is ready use the Manageability Commander Tool > Remote Control > Take control mount such img file as a virtual, oversize floppy. Using ... Read More

idrac upgrade failures

2018-04-062018-04-06 by .pQd

idrac gives you “RED006: Unable to download Update Package” and plenty of headaches during updates? it happened to me while jumping over few updates and going straight from 2.41.40.40 to 2.52.52.52. no amount of racadm racreset would help. upgrading first to 2.50.50.50 and only then to 2.52.52.52 did the trick for me.

Windows 10 client cannot anymore access public samba share that does not require any login

2018-01-082018-01-08 by .pQd

i’ve run into an issue where windows 10 desktop could not anymore access a simple samba share on a linux server; that linux server did not have any type of authorization put in place. Windows would randomly give errors ” might not have permission to use this network resource” or “Windows cannot access \\Server\ShareYou do ... Read More

E5-2643 in r620 stuck at a very low cpu frequency

2017-12-292017-12-29 by .pQd

few weeks ago i’ve done a general firmware upgrade of 2 identical Dell Poweredge r620 servers. a while later i’ve noticed that one of them had really sluggish performances. i’ve noticed that /proc/cpuinfo has shown CPU frequencies of hundreds of MHz rather than thousands. cat /proc/cpuinfo |grep MHz gave me 16 rows of values between ... Read More