I came across these two posts
http://www.md3v.com/blocking-bittorrent
and
http://serverfault.com/questions/27088/using-linux-iptables-how-to-block-torrents-or-any-p2p-protocols
Whats interesting is that both use different algorithms (http://en.wikipedia.org/wiki/Boyer%E2%80%93Moore_string_search_algorithm vs http://en.wikipedia.org/wiki/Knuth%E2%80%93Morris%E2%80%93Pratt_algorithm )
HTH
Brent
Wednesday, August 15, 2012
Monday, August 13, 2012
Puppet client cert clash
Im starting to add Puppet to my skillset.
I made a mistake on my test vm, so I rebuilt it, and I thought, just doing a :
puppetca --revoke puppetclient1.test.com
Would suffice ... I was wrong.
For I got
root@puppetclient1:~# puppetd --waitforcert 60 -t --server puppetmaster.test.com
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
I found out that you actually need to
a) On the client, cd to '/var/lib/puppet/ssl/'. Just run 'find .', and then rm only those certs that are applicable to your client (Dont rm ca.pem).
b) On the puppetmaster, run, 'puppetca clean puppetclient1.test.com'
c) On the puppet client run 'puppetd --waitforcert 60 -t --server puppetmaster.test.com'
d) On the puppet master, puppetca --sign puppetclient1.test.com
HTH
Brent
I made a mistake on my test vm, so I rebuilt it, and I thought, just doing a :
puppetca --revoke puppetclient1.test.com
Would suffice ... I was wrong.
For I got
root@puppetclient1:~# puppetd --waitforcert 60 -t --server puppetmaster.test.com
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
err: Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
I found out that you actually need to
a) On the client, cd to '/var/lib/puppet/ssl/'. Just run 'find .', and then rm only those certs that are applicable to your client (Dont rm ca.pem).
b) On the puppetmaster, run, 'puppetca clean puppetclient1.test.com'
c) On the puppet client run 'puppetd --waitforcert 60 -t --server puppetmaster.test.com'
d) On the puppet master, puppetca --sign puppetclient1.test.com
HTH
Brent
Monday, July 30, 2012
Mediaserver Raid 0
On my Mediaserver (OS is FreeBSD), Ive be battling with drive space, and im always shuffling content around.
Last night was the final straw.
I backed up my content to an external drive, and then I proceeded to create a stripe across my three drives. This will allow me to use and add each drives space and make it look like one giant volume.
Note. If you do this, drives do need to be of equal size.
I have three old IDE 110G drives, that I put to some use.
N.B. Raid 0 provides no data redundancy.
Remember this exercise is to create a larger logical disk.
First we tell what Kernel to load for boot time.
echo 'geom_stripe_load="YES"' >> /boot/loader.conf
Load the kernel module
kldload geom_stripe
Although, I moved the data, and want to start off on a clean slate.
gpart destroy -F /dev/ada0
gpart destroy -F /dev/ada1
gpart destroy -F /dev/ada4
Now to create my stripe
gstripe label -v st0 /dev/ada0 /dev/ada4 /dev/ada1
bsdlabel -wB /dev/stripe/st0
newfs -U /dev/stripe/st0a
And thats that. Last is for me to add my stripe, so that is can be mounted on next reboot.
echo "/dev/stripe/st0a /mnt ufs rw 2 2" >> /etc/fstab
Here is a few commands to see how and what your stripe is doing.
gpart show
gstripe list
gstripe status
HTH
Brent
Last night was the final straw.
I backed up my content to an external drive, and then I proceeded to create a stripe across my three drives. This will allow me to use and add each drives space and make it look like one giant volume.
Note. If you do this, drives do need to be of equal size.
I have three old IDE 110G drives, that I put to some use.
N.B. Raid 0 provides no data redundancy.
Remember this exercise is to create a larger logical disk.
First we tell what Kernel to load for boot time.
echo 'geom_stripe_load="YES"' >> /boot/loader.conf
Load the kernel module
kldload geom_stripe
Although, I moved the data, and want to start off on a clean slate.
gpart destroy -F /dev/ada0
gpart destroy -F /dev/ada1
gpart destroy -F /dev/ada4
Now to create my stripe
gstripe label -v st0 /dev/ada0 /dev/ada4 /dev/ada1
bsdlabel -wB /dev/stripe/st0
newfs -U /dev/stripe/st0a
And thats that. Last is for me to add my stripe, so that is can be mounted on next reboot.
echo "/dev/stripe/st0a /mnt ufs rw 2 2" >> /etc/fstab
Here is a few commands to see how and what your stripe is doing.
gpart show
gstripe list
gstripe status
HTH
Brent
Thursday, July 26, 2012
Resume losts screen session
Ever have it that you cant for some reason reattach to a screen session.
torry# screen -r
There is a screen on:
52146.pts-0.torry (Attached)
There is no screen to be resumed.
Run
screen -D
If you have more than one attached screen, you can specify a particular screen to detach.
screen -D 1636.pts-21.hostname
Then run 'screen -r' again.
HTH
Brent
torry# screen -r
There is a screen on:
52146.pts-0.torry (Attached)
There is no screen to be resumed.
Run
screen -D
If you have more than one attached screen, you can specify a particular screen to detach.
screen -D 1636.pts-21.hostname
Then run 'screen -r' again.
HTH
Brent
Sunday, July 22, 2012
IP alias to solve hung NFS mount
Working on FreeNAS, Ive had to research a hung NFS mount everytime I reboot FreeNAS or something silly.
A trick to execute on the NFS client , is to add an alias to the interface with the IP of the NFS server.
In Linux the command for that is something roughly like:
ifconfig eth0:fakenfs 192.0.2.55 netmask 255.255.255.255For FreeBSD: ifconfig em0 alias 192.0.2.55 netmask 255.255.255.255
ifconfig em0 delete 192.0.2.55 HTHBrent
Thursday, July 19, 2012
PHP error log => Remember log permissons
This is more for me self than anything else.
When enabling PHP error logging, for clients, do:
Edit php.ini file (or create a new one in conf.d (/etc/php5/conf.d/php.ini)).
error_reporting = E_ALL & ~E_DEPRECATED
display_errors = Off
log_errors = On
error_log = /var/log/apache2/php-error.log
THEN !!!!!
Remember to chown 0666 the $error_log.
For on apache restart. The owner is root root, but user www-data, cant write to it.
HTH
Brent
When enabling PHP error logging, for clients, do:
Edit php.ini file (or create a new one in conf.d (/etc/php5/conf.d/php.ini)).
error_reporting = E_ALL & ~E_DEPRECATED
display_errors = Off
log_errors = On
error_log = /var/log/apache2/php-error.log
THEN !!!!!
Remember to chown 0666 the $error_log.
For on apache restart. The owner is root root, but user www-data, cant write to it.
HTH
Brent
Tuesday, July 17, 2012
FreeNAS KVM guest nic woes
I’m in process of testing FreeNAS on my KVM host. The problem I experienced was that FreeNAS was not picking up the Ethernet interface.
I even ran 'pciconf -vl', and lo and behold there was the nic.
I really couldn’t understand, for the below command sure works for FreeBSD 9.
This is the general command I use for a FreeBSD guest:
virt-install --connect qemu:///system -n freebsdguestname -r 512 --vcpus=1 --disk path=/space/freebsdguest.img,size=12 -c /iso/freebsd.iso --vnc --noautoconsole --os-type unix --os-variant freebsd7 --accelerate --network=bridge:br0 --hvm;
So not to spend to much time trouble shooting, I added '--network=bridge:br0,model=rtl8139'
And it all worked.
HTH
Brent
I even ran 'pciconf -vl', and lo and behold there was the nic.
I really couldn’t understand, for the below command sure works for FreeBSD 9.
This is the general command I use for a FreeBSD guest:
virt-install --connect qemu:///system -n freebsdguestname -r 512 --vcpus=1 --disk path=/space/freebsdguest.img,size=12 -c /iso/freebsd.iso --vnc --noautoconsole --os-type unix --os-variant freebsd7 --accelerate --network=bridge:br0 --hvm;
So not to spend to much time trouble shooting, I added '--network=bridge:br0,model=rtl8139'
And it all worked.
HTH
Brent
Subscribe to:
Posts (Atom)