Fix random hangs in Debian 9 with Nouveau Nvidia graphic module

7 12 2017

With and old Nvidia graphic card, like GeForce 6150SE nForce 430, and a new Debian with the latest Nouveau module, it is common to get hangs of the kernel produced by a bad beaviour of the graphic driver.

To mitigate it, add to the file “/etc/default/grub” the following content:

GRUB_CMDLINE_LINUX="nouveau.noaccel=1"

Advertisements




Increase filesystem without lvm in VMWare

4 12 2017

This method allow to increase a filesystem without using lvm, a simple virtual disk assigned to a virtual machine. It works if it is the root partition too. It doesn’t require reboot.

Note: Only works if the filesystem partition to grow is the last partition of the disk:

0.- Make a clone of the virtual machine for backup.

1.- Resize virtual disk in VMWare.

2.- Inside the vm, check the scsi connected devices:
# ls /sys/class/scsi_device/
0:0:0:0 2:0:0:0

3.- Force a reescan:
# echo 1 > /sys/class/scsi_device/2\:0\:0\:0/device/rescan
# echo 1 > /sys/class/scsi_device/0\:0\:0\:0/device/rescan

4.- Move the GTP backup partition table to the real end of the resized disk:
# gdisk /dev/sda
Command (? for help):
x
Command (? for help):
e
Relocating backup data structures to the end of the disk
Expert command (? for help):
w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N):
Y

5.- Notify the partition change:
# partprobe

6.- Delete the target partition and recreate it using the new extra espace. This is only to define the new end of the partition:
# gdisk /dev/sda
Command (? for help):
d
Partition number (1-3):
3
Command (? for help):
n
Partition number (3-128, default 3):
[ENTER]
First sector (34-73400286, default = 2222080) or {+-}size{KMGTP}:
[ENTER]
Last sector (2222080-73400286, default = 73400286) or {+-}size{KMGTP}:
[ENTER]
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300):
[ENTER]
Changed type of partition to 'Linux filesystem'
Command (? for help):
w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N):
Y

7.- Notify the partition change:
# partprobe

8.- Finally, grow the filesystem:
# resize2fs /dev/sda3





Basic go setup in Debian

30 11 2017

Install go package:
# apt-get install golang

Create dir for go workspace, so it can install packages and related stuff. Usually it goes in the home dir, but it would be ok elsewhere.
# mkdir ~/go

Set up the env variables. The GOROOT variable points to the location the Go tools are installed – if you didn’t install them to a custom location, you don’t have to set this manually:
# export GOPATH=$HOME/go
# export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
# source ~/.bashrc

Finally, install whatever you want. It would make the bin inside ~/go:
# go get github.com/neezgee/apache_exporter





Systemd unit for Monyog

15 11 2017

Systemd unit for Monyog. Create a new file in “/etc/systemd/system/monyog.service” with the following content:

[Unit]
Description=Webyog MONyog Service
After=network.target
[Service]
SyslogIdentifier=monyog
LimitNOFILE=262144
ExecStart=/usr/local/bin/MONyog-bin
Restart=on-failure
[Install]
WantedBy=multi-user.target





A note about a ftp service

9 11 2017

From the reasons in Debian about shutting down public FTP services:

  • FTP servers have no support for caching or acceleration.
  • Most software implementations have stagnated and are awkward to use and configure.
  • Usage of the FTP servers is pretty low.
  • The protocol is inefficient and requires adding awkward kludges to firewalls and load-balancing daemons.

More info: https://www.debian.org/News/2017/20170425





SSL and TLS notes

24 10 2017

List all ciphers:
# openssl ciphers -v 'ALL:COMPLEMENTOFALL'

List some ciphers:
# openssl ciphers -v 'AES256:kEECDH+ECDSA:kEECDH:kEDH:RSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!PSK:!SRP:!kECDH:!CAMELLIA:!IDEA:!SEED:!RC4'

Benchmark:
# openssl speed rc4 aes rsa ecdh sha

Benchmark with 2 cpus:
# openssl speed -multi 2 rc4 aes rsa ecdh sha

Test ssl cert in a website:
# openssl s_client -connect http://www.google.com:443

Test ssl cert with a specific version:
# openssl s_client -connect http://www.google.com:443 -no_ssl2
# openssl s_client -connect http://www.google.com:443 -servername http://www.google.com

Extract cert from a website:
# echo | openssl s_client -connect http://www.google.com:443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

Test cert with a particular cipher:
# openssl s_client -connect http://www.google.com:443 -cipher RC4-SHA

Test SNI usage:
# openssl s_client -connect http://www.google.com:443 -servername http://www.google.com

Test sesssion reuse:
# echo | openssl s_client -connect http://www.google.com:443 -reconnect

Test expiration date:
# openssl s_client -connect http://www.google.com:443 | openssl x509 -noout -dates





Install Prometheus and Grafana

31 07 2017

These are the steps to install Prometheus and Grafana in a standalone Linux Debian box for monitor their system with a nice dashboard.

Install the package server and exporter from the repo:

apt-get install prometheus prometheus-node-exporter

Change Prometheus to listen only in localhost and the sync strategy (if you want to save battery) /etc/default/prometheus:

ARGS="-web.listen-address=localhost:9090 -storage.local.series-sync-strategy 'never'"

Assure that there is a target in /etc/prometheus/prometheus.yml:

- job_name: node
# If prometheus-node-exporter is installed, grab stats about the local
# machine by default.
static_configs:
- targets: ['localhost:9100']

Restart it and enable in systemd:

systemctl restart prometheus
systemctl enable prometheus

Change the listen address too in the node exporter /etc/default/prometheus-node-exporter:

ARGS="-collector.diskstats.ignored-devices=^(ram|loop|fd)\d+$ \
-collector.filesystem.ignored-mount-points=^/(sys|proc|dev|run)($|/) \
-collector.textfile.directory=/var/lib/prometheus/node-exporter -web.listen-address=127.0.0.1:9100"

Restart it and enable in systemd:

systemctl restart prometheus-node-exporter
systemctl enable prometheus-node-exporter

Download Grafana from their website and install it:

mkdir /opt/grafana
cd /opt/grafana
wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana_4.4.1_amd64.deb
dpkg -i grafana_4.4.1_amd64.deb

Enable and start it in systemd:

systemctl daemon-reload
systemctl enable grafana-server
systemctl start grafana-server

Use the browser and enter this address (user/password: admin/admin):

http://localhost:3000

Add the Prometheus datasource as in the image:

Add a new dashboard following this path in the menu:

Type the id “1860” inside “Grafana.com Dashboard”. It automatically get it:

Confirm the import fetching the values from localhost:


Enjoy.