Skip to main content

Posts

Showing posts with the label linux

EC2 swap device management & fixing "swapoff failed: Cannot allocate memory"

 One of the sillier things I've done as an AWS/linux admin is provision an EBS disk as swap to an EC2 instance. I kept getting max allocate errors for a script I needed to run to execute a series of database queries. Reprovisioning to a new EC2 instance class with more RAM wasn't feasible at the time for some long-forgotten reason.  I would never do this if I owned the disks - provisioning swap to SSD will greatly reduce the lifetime of the disk, among many reasons why this is less than ideal. But Amazon has plenty of money. I figured I could cheaply provision an EBS volume & buy myself enough swap to complete the query. Then, in some point in the future, I could create a more beautimous solution. Well, if you're a sysadmin you know how this story ends. I moved onto other fires/projects, quickly forgot about the swap situation, and here I am years later, deprovisioning the server, in all its swappy glory. This wouldn't warrant a blog post, except for the fact that I

Recovering network access to EC2 instances

So you've screwed something up. You made a typo in your sshd_config file. You added a firewall rule, or a route, or some other thing, and lost your network access to your EC2 instance. And of course whatever you broke, you broke permanently - you wrote your firewall rules directly to /etc/sysconfig/iptables, you made your goofy change to /etc/sysconfig/network-scripts/whatever-interface; so rebooting won't make a damn bit of difference. You read the warnings, you know you shouldn't have. But you did anyway. Oh, and you don't have any backups. Or you have backups from three months ago. Restoring from your crappy backups would mean hours to days of non-stop work and consistent downtime. Or Amazon or whatever other company you're using for backups actually broke your backups/lost your backups/never actually provided you with the backups you paid for. Don't panic. You've got this . You remember that Amazon has some sort of Java-based something or other. Its

Fedora Project's RHEL yum repo has been throwing errors since yesterday UPDATED

A few of my Red Hat servers run cron jobs to check for updates. starting yesterday (Thursday October 1st, 2015) at around 3PM I encountered 503 unavailable errors when attempting to contact a Fedora Project URL that hosts the metalink for the  rhui-REGION-rhel-server-releases repository - a core RHEL repository for EC2. Could not get metalink  https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=x86_64  error was 14: HTTPS Error 503 - Service Unavailable 3 hours later or so, the URL began responding again, but the problems remained. `yum` now reports corrupted update announcements from the repo: Update notice RHSA-2014:0679 (from rhui-REGION-rhel-server-releases) is broken, or a bad duplicate, skipping. You should report this problem to the owner of the rhui-REGION-rhel-server-releases repository. Update notice RHSA-2014:1327 (from rhui-REGION-rhel-server-releases) is broken, or a bad duplicate, skipping. Update notice RHEA-2015:0372 (from rhui-REGION-rhel-serve

Systemd - The Hungriest Daemon

I'm not sure who made this but it's pretty funny.

Aalto Univesity - Linus Torvalds Discussion

Linus Torvalds speaks at Aalto University. The high point of the talk is when Nvidia is called out as the "worst company [Torvalds] has ever worked with". F bombs are dropped. Its amazing.

I Don't Want Your Code - Linux Foundation Keynote, Greg Kroah-Hartman

Samba 4 and Linux Domain Controllers

Samba 4 is nothing short of amazing. Until recently I was familiar with earlier versions and had done nothing more than mounted cross-OS volumes (to create simple white-label NFS storage devices, for example). Version 4 has hacked some major portions of the Windows kernel functionality and re-worked them in Python.  For example, did you know that a Linux server can be an Active Directory Domain Controller? Install samba-tool and run the following command (assuming your domain already exists):  # samba-tool join MY.DOMAIN DC -Uadministrator@my.domain --realm=MY.DOMAIN Use the 'samdump' operator for Kerberos data to standard output:  # samba-tool samdump In no way would I recommend this for outside of a testing / development environment - there are some key differences between samba 4 AD and real AD (one issue documented so far is that samba 4 uses some NT 4 notions that Windows simply emulates in recent versions, for example  primary and secondary domain controller r

File Defragmentation Tools for Windows 2003/2008, Redhat/CentOS and Ubuntu

For managing fragmentation of NTFS (Windows Server 2003/2008, XP, Vista, and Windows 7) : For general disk defragmentation, the following utilities offer a substantial improvement in overall performance and efficacy over native operating system tools: Auslogics Disk Defrag  or Raxco PerfectDisk For use on disks unsupported by the above tools, frequently executed and/or locked files or even a straightforward command line utility that can easily be used as part of a shell script: Contig from the Sysinternals Suite Contig has been of particular value when managing backup servers - servers storing huge files with substantial writes on a regular basis. Being able to specify the backup files allows for properly scheduling defragmentation by backup job, and in the process eliminating the need for downtime on these systems as part of this manner of disk maintenance. Can also be used for per-file fragmentation analysis and reporting. For managing fragmentation of ext4 file systems (new

Pidgin Instant Messenger Log Data Location

Pidgin is a popular IM client. I've been using it for years, mostly because of its simplicity when used within alternate operating systems. I need a non-browser based IM client that I can use in Fedora and Windows with the ability to easily transfer log data between the two. My only complaint is that the log search function is not very great, and Pidgin does not provide you with the ability to locate or change the log file path within the application. For those of you who need to find Pidgin logs, here are the paths for both Linux and Windows. Installations include an actual  pidgeon. Rabies sold separately. Linux-based operating systems store log data within the root directory like so: ~/.purple/logs Windows XP stores your logs here:  C:\Documents and Settings\username\Application Data\.purple\logs Windows Vista and Windows 7 store your logs here: C:\Users\username\AppData\Roaming\.purple\logs When running Pidgin within Windows, Pidgin uses the PURPLEHOME en

Same Domain, Multiple Machines, SSL?

I saw a lot of misinformation about this on the inter-tubes recently, some of it intentional misleading of customers, some of it unintentional, so it might be remedial for a lot of readers but posting a clarification here because its worth it to help clear up the confusion. Here are some facts that should help people when first making the leap to securing multiple server environments: Servers are domain and private key specific. They are not machine specific. You are welcome to generate multiple SSL certificates for the same domain to host on separate servers. Think for a bit, this *has* to be true. When everyone goes to https://google.com, are they hitting the same web server or SSL caching server? Of course not.* The most common scenario where this would be valuable is with a load balanced web cluster, but I recently came across this in a deployment with web and mail component where the mail admin neglected to give their MTA a unique FQDN *and* the organization is using SSL/TLS f