| How to execute a bash script on every outbound email POSTFIX Posted: 12 Feb 2022 05:56 AM PST I have written an IP rotation shell script. The Script is given below. #!/bin/sh #Get the counter from stored value read count < counter.txt if [[ $count -eq 0 ]] then prev=5 fi if [[ $count -gt 0 ]] then prev=$(($count-1)) fi #First we want to store all available IP addresses IP_ADDRESSES=(1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1) #Store all hostnames HOST_NAMES=(server1.example.com server2.example.com server3.example.com server4.example.com server5.example.com server6.example.com) #this command will #echo ${IP_ADDRESSES[$count]} #now change system default source ip ip route replace default via ${IP_ADDRESSES[$prev]} dev venet0 src ${IP_ADDRESSES[$count]} #Now change the hostname hostnamectl set-hostname ${HOST_NAMES[$count]} #Now change hostname in postfix postconf -ev myhostname=${HOST_NAMES[$count]} count=$count+1 if [[ $count -gt 5 ]] then count=0 fi echo $count > counter.txt
When I run the script from command line, it's perfectly working and I can send email from a new IP and hostname pair. Now I want to execute this script before or after sending every outgoing email from our POSTFIX server. But I don't know how to trigger this script within POSTFIX. |
| is "access-control-allow-origin" a secure way to restrict commiunication between two servers? Posted: 12 Feb 2022 03:36 AM PST I have two servers, A and B. I want server B to only accept HTTP requests from server A. is "access-control-allow-origin" a secure way to implement that? |
| Kubernetes (Kops): Get https://127.0.0.1:4001/health: remote error: tls: bad certificate Posted: 12 Feb 2022 03:27 AM PST I am seeing below error running "kubectl get componentstatus" NAME STATUS MESSAGE ERROR scheduler Healthy ok etcd-1 Unhealthy Get https://127.0.0.1:4002/health: remote error: tls: bad certificate controller-manager Healthy ok etcd-0 Unhealthy Get https://127.0.0.1:4001/health: remote error: tls: bad certificate
And observed one of the three master nodes in NotReady state. The state of the other 2 master nodes and all other worker nodes seems to be fine I have connected to the master which is having the issue and tried to check if certificates under /etc/kubernetes/pki but none of the certificates are showing as expired. Faced similar issue earlier and resolved it following the article (https://kops.sigs.k8s.io/advisories/etcd-manager-certificate-expiration/) Following are kops and kubectl version details kubectl verison Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.0", GitCommit:"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529", GitTreeState:"clean", BuildDate:"2019-06-19T16:40:16Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.7", GitCommit:"6c143d35bb11d74970e7bc0b6c45b6bfdffc0bd4", GitTreeState:"clean", BuildDate:"2019-12-11T12:34:17Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"} kops version Version 1.15.3 (git-298c2fce8)
Pls help |
| L2TP VPN. Port Forwarding. Iptables Posted: 12 Feb 2022 03:12 AM PST I have the following setup: 1.) IP camera -> local IP -> Router -> port forward to my public static IP -> Nginx with rtmp module -> IP camera is streaming online perfectly fine. Now when I change it to the following: 2.) IP camera -> local IP -> Router -> L2TP [VPN] connected right inside the router settings -> port forward to my public static IP -> Nginx with rtmp module -> IP camera is not showing up. It has internet access and works but it just doesn't see my IP cam. What am I missing here? I tried iptables with prerouting like this: iptables -t nat -A PREROUTING -d <vpn-ip> -p tcp --dport 80 -j DNAT --to-destination <camera-ip>:80 iptables -A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
but it still doesn't work. I am not sure if I am even on the right track here. I think the router creates a different tunnel / network via L2TP and therefore my camera becomes invisible to it, because all the next steps after it such as port forwarding on the router and Nginx access (as per route #2 above) are elsewhere now. Am I wrong? Is there a way to make it work as per my second route? Would be really grateful for any help / advice / comments at all. Many thanks in advance! |
| Getting random 404 requests from unknown IPs in Apache + Ubuntu server Posted: 12 Feb 2022 02:55 AM PST This is strange. I just installed a new Ubuntu + Apache in my Digitalocean droplet and installed a Laravel APP there. Now suddenly I see these kind of strange POST, GET and CONNECT requests from unknown IPs. Screenshot: https://i.stack.imgur.com/f6ErW.png How can I prevent these kind of requests? |
| CPU 100% because of MariaDB Posted: 12 Feb 2022 02:30 AM PST I'm using a 4GB Ubuntu server with 2 cores to host my Wordpress website. But, my website is a lot slow. I found the server sometimes use 100% of CPU because of Mysql. I don't understand much of this, I found some articles online saying to use MYSQLTUNER. I followed the tips the script gave me, but keeps 100% cpu. Here's the MYSQLTUNER log: >> MySQLTuner 1.9.4 - Major Hayden <major@mhtx.net> >> Bug reports, feature requests, and downloads at http://mysqltuner.pl/ >> Run with '--help' for additional options and output filtering [--] Skipped version check for MySQLTuner script [OK] Logged in using credentials passed on the command line [!!] Your MySQL version 10.1.48-MariaDB-0ubuntu0.18.04.1 is EOL software! Upgrade soon! [OK] Operating on 64-bit architecture -------- Log file Recommendations ------------------------------------------------------------------ [OK] Log file /var/log/mysql/error.log exists [--] Log file: /var/log/mysql/error.log(12K) [OK] Log file /var/log/mysql/error.log is not empty [OK] Log file /var/log/mysql/error.log is smaller than 32 Mb [OK] Log file /var/log/mysql/error.log is readable. [!!] /var/log/mysql/error.log contains 7 warning(s). [!!] /var/log/mysql/error.log contains 4 error(s). [--] 5 start(s) detected in /var/log/mysql/error.log [--] 1) 2022-02-12 10:08:22 140404830715008 [Note] /usr/sbin/mysqld: ready for connections. [--] 2) 2022-02-12 10:00:46 140424561036416 [Note] /usr/sbin/mysqld: ready for connections. [--] 3) 2022-02-12 9:57:36 140612226608256 [Note] /usr/sbin/mysqld: ready for connections. [--] 4) 2022-02-12 9:49:32 140613419502720 [Note] /usr/sbin/mysqld: ready for connections. [--] 5) 2022-02-12 9:47:23 140174777560192 [Note] /usr/sbin/mysqld: ready for connections. [--] 4 shutdown(s) detected in /var/log/mysql/error.log [--] 1) 2022-02-12 10:08:22 140424514483968 [Note] /usr/sbin/mysqld: Shutdown complete [--] 2) 2022-02-12 10:00:27 140612225169152 [Note] /usr/sbin/mysqld: Shutdown complete [--] 3) 2022-02-12 9:57:35 140613259126528 [Note] /usr/sbin/mysqld: Shutdown complete [--] 4) 2022-02-12 9:49:31 140174775916288 [Note] /usr/sbin/mysqld: Shutdown complete -------- Storage Engine Statistics ----------------------------------------------------------------- [--] Status: +Aria +CSV +InnoDB +MEMORY +MRG_MyISAM +MyISAM +PERFORMANCE_SCHEMA +SEQUENCE [--] Data in InnoDB tables: 261.4M (Tables: 217) [OK] Total fragmented tables: 0 -------- Analysis Performance Metrics -------------------------------------------------------------- [--] innodb_stats_on_metadata: OFF [OK] No stat updates during querying INFORMATION_SCHEMA. -------- Views Metrics ----------------------------------------------------------------------------- -------- Triggers Metrics -------------------------------------------------------------------------- -------- Routines Metrics -------------------------------------------------------------------------- -------- Security Recommendations ------------------------------------------------------------------ [OK] There are no anonymous accounts for any database users [OK] All database users have passwords assigned [--] There are 612 basic passwords in the list. -------- CVE Security Recommendations -------------------------------------------------------------- [OK] NO SECURITY CVE FOUND FOR YOUR VERSION -------- Performance Metrics ----------------------------------------------------------------------- [--] Up for: 11m 52s (16K q [22.631 qps], 292 conn, TX: 133M, RX: 39M) [--] Reads / Writes: 98% / 2% [--] Binary logging is disabled [--] Physical Memory : 3.8G [--] Max MySQL memory : 3.3G [--] Other process memory: 0B [--] Total buffers: 445.0M global + 18.8M per thread (151 max threads) [--] P_S Max memory usage: 92M [--] Galera GCache Max memory usage: 0B [OK] Maximum reached memory usage: 725.6M (18.86% of installed RAM) [!!] Maximum possible memory usage: 3.3G (87.78% of installed RAM) [OK] Overall possible memory usage with other process is compatible with memory available [OK] Slow queries: 0% (0/16K) [OK] Highest usage of available connections: 6% (10/151) [OK] Aborted connections: 1.03% (3/292) [OK] Query cache is disabled by default due to mutex contention on multiprocessor machines. [OK] Sorts requiring temporary tables: 0% (0 temp sorts / 6K sorts) [OK] No joins without indexes [!!] Temporary tables created on disk: 37% (1K on disk / 4K total) [OK] Thread cache hit rate: 96% (10 created / 292 connections) [OK] Table cache hit rate: 91% (64 hits / 70 requests) [OK] table_definition_cache(400) is upper than number of tables(380) [OK] Open file limit used: 0% (25/4K) [OK] Table locks acquired immediately: 100% (19K immediate / 19K locks) -------- Performance schema ------------------------------------------------------------------------ [--] Performance_schema is activated. [--] Memory used by P_S: 92.5M [--] Sys schema isn't installed. -------- ThreadPool Metrics ------------------------------------------------------------------------ [--] ThreadPool stat is disabled. -------- MyISAM Metrics ---------------------------------------------------------------------------- [!!] Key buffer used: 18.3% (2.9M used / 16.0M cache) [OK] Key buffer size / total MyISAM indexes: 16.0M/123.0K -------- InnoDB Metrics ---------------------------------------------------------------------------- [--] InnoDB is enabled. [--] InnoDB Thread Concurrency: 0 [OK] InnoDB File per table is activated [!!] InnoDB buffer pool / data size: 261.0M/261.4M [!!] Ratio InnoDB log file size / InnoDB Buffer pool size (12.2605363984674 %): 16.0M * 2/261.0M should be equal to 25% [OK] InnoDB buffer pool instances: 1 [--] InnoDB Buffer Pool Chunk Size not used or defined in your version [OK] InnoDB Read buffer efficiency: 100.00% (172638028 hits/ 172643879 total) [!!] InnoDB Write Log efficiency: 86.18% (1434 hits/ 1664 total) [OK] InnoDB log waits: 0.00% (0 waits / 230 writes) -------- Aria Metrics ------------------------------------------------------------------------------ [--] Aria Storage Engine is enabled. [OK] Aria pagecache size / total Aria indexes: 128.0M/0B [!!] Aria pagecache hit rate: 84.7% (6K cached / 953 reads) -------- TokuDB Metrics ---------------------------------------------------------------------------- [--] TokuDB is disabled. -------- XtraDB Metrics ---------------------------------------------------------------------------- [--] XtraDB is disabled. -------- Galera Metrics ---------------------------------------------------------------------------- [--] Galera is disabled. -------- Replication Metrics ----------------------------------------------------------------------- [--] Galera Synchronous replication: NO [--] No replication slave(s) for this server. [--] Binlog format: STATEMENT [--] XA support enabled: ON [--] Semi synchronous replication Master: Not Activated [--] Semi synchronous replication Slave: Not Activated [--] This is a standalone server -------- Recommendations --------------------------------------------------------------------------- General recommendations: You are using n unsupported version for production environments Upgrade as soon as possible to a supported version ! Check warning line(s) in /var/log/mysql/error.log file Check error line(s) in /var/log/mysql/error.log file MySQL was started within the last 24 hours - recommendations may be inaccurate Reduce your overall MySQL memory footprint for system stability When making adjustments, make tmp_table_size/max_heap_table_size equal Reduce your SELECT DISTINCT queries which have no LIMIT clause Consider installing Sys schema from https://github.com/mysql/mysql-sys for MySQL Before changing innodb_log_file_size and/or innodb_log_files_in_group read this: Variables to adjust: tmp_table_size (> 16M) max_heap_table_size (> 16M) key_buffer_size (~ 3M) innodb_buffer_pool_size (>= 261.4M) if possible. innodb_log_file_size should be (=32M) if possible, so InnoDB total log files size equals to 25% of buffer pool size.
Here's the MARIADBCONF log: # # These groups are read by MariaDB server. # Use it for options that only the server (but not clients) should see # # See the examples of server my.cnf files in /usr/share/mysql/ # # this is read by the standalone daemon and embedded servers [server] # this is only for the mysqld standalone daemon [mysqld] tmp_table_size = 16M max_heap_table_size = 16M performance_schema=ON innodb_buffer_pool_size = 261M innodb_log_file_size = 16M innodb_buffer_pool_instances = 1 skip-name-resolve # # * Basic Settings # user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp lc-messages-dir = /usr/share/mysql skip-external-locking # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1 # # * Fine Tuning # key_buffer_size = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam_recover_options = BACKUP #max_connections = 100 #table_cache = 64 #thread_concurrency = 10 # # * Query Cache Configuration # query_cache_limit = 1M query_cache_size = 0 query_cache_type = 0 # # * Logging and Replication # # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. # As of 5.1 you can enable the log at runtime! #general_log_file = /var/log/mysql/mysql.log #general_log = 1 # # Error log - should be very few entries. # log_error = /var/log/mysql/error.log # # Enable the slow query log to see queries with especially long duration #slow_query_log_file = /var/log/mysql/mariadb-slow.log #long_query_time = 10 #log_slow_rate_limit = 1000 #log_slow_verbosity = query_plan #log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. #server-id = 1 #log_bin = /var/log/mysql/mysql-bin.log expire_logs_days = 10 max_binlog_size = 100M #binlog_do_db = include_database_name #binlog_ignore_db = exclude_database_name # # * InnoDB # # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! # # * Security Features # # Read the manual, too, if you want chroot! # chroot = /var/lib/mysql/ # # For generating SSL certificates you can use for example the GUI tool "tinyca". # # ssl-ca=/etc/mysql/cacert.pem # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem # # Accept only connections using the latest and most secure TLS protocol version. # ..when MariaDB is compiled with OpenSSL: # ssl-cipher=TLSv1.2 # ..when MariaDB is compiled with YaSSL (default in Debian): # ssl=on # # * Character sets # # MySQL/MariaDB default is Latin1, but in Debian we rather default to the full # utf8 4-byte character set. See also client.cnf # character-set-server = utf8 collation-server = utf8_general_ci # # * Unix socket authentication plugin is built-in since 10.0.22-6 # # Needed so the root database user can authenticate without a password but # only when running as the unix root user. # # Also available for other users if required. # See https://mariadb.com/kb/en/unix_socket-authentication-plugin/ # this is only for embedded server [embedded] # This group is only read by MariaDB servers, not by MySQL. # If you use the same .cnf file for MySQL and MariaDB, # you can put MariaDB-only options here [mariadb] # This group is only read by MariaDB-10.1 servers. # If you use the same .cnf file for MariaDB of different versions, # use this group for options that older servers don't understand [mariadb-10.1]
I'm a really newbie in all of this. I'm just trying to find help to improve the perfomance of my website. I'm losing money because of this. If someone could help me I WILL APRECCIATE A LOT. Thanks |
| no info with dmidecode -t 17 Posted: 12 Feb 2022 02:26 AM PST I'm trying to check memory fault in Ubuntu server on Virtualbox. and I get no info with dmidecode -t 17 screenshot of output is it because the machine is VM on virtualbox? I've checked on the Ubuntu server on ESXI but I got the info. Could you kindly let me know how to get RAM(HW) info? Could you kindly let me know how to check RAM fault? Thank you very much. |
| Is a virtual server enough for a video uploading platform or do I need a hosting like AWS and Oracle? Posted: 12 Feb 2022 01:45 AM PST I am developing a platform where the users can upload videos, ask for videos and download the videos uploaded by other users. I have developed the platform using Java Spring Boot, Angular and MongoDB and everything works on my localhost perfectly. However, I don't know which kind of server I should rent because I don't know how many users will use my platform, how many simultaneous uploads/downloads I will have, etc. The platform is for academic people (professors, students, etc.). I have the following options in mind: Virtual server, Linux V10 8 GB RAM 300 GB SSD 4 CPU vCore 8 GB RAM garantiert connection up to 100 MBit/s Traffic Unlimited Virtual server, Linux V30 16 GB RAM 500 GB SSD 6 CPU vCore 16 GB RAM garantiert connection up to 500 MBit/s Traffic Unlimited Is one of these options enough for the beginning in my case? How can I make an estimation? If I rent a traditional virtual server and 5000 people want to upload videos simultaneously, what happens? How does it affect the loading speed of the website? Does it slow down everything? Is the number of viewers also a bottleneck or just the number of simultaneous upload/download of files would be the bottleneck? For how many viewers/simultaneous uploads and downloads is it okay to have a traditional virtual server? It would be good if anyone could give me a hint how I can make an estimation. I have totally no idea how I should go on. |
| RDP connection between PC and laptop in lan with 2 cisco vpn sessions Posted: 12 Feb 2022 01:41 AM PST Good morning, I have my work laptop at home and I connect via vpn cisco anyconnect mobile. From another personal PC that is more powerful and that is in the same lan I want to connect to the laptop by RDP but it does not allow me. If I open the vpn on my home PC (ipv4 10.196.xxx...) I can ping the laptop (ipv4 10.186.xxx...), but the rdp connection doesn't work for me. Is there any way to connect from the PC to the laptop via RDP and have the vpn open on both PCs on the lan? The personal PC is connected to an ultrawide monitor and so I want to use rdp to take advantage of it too. Another possible solution I think would be to share the same vpn connection between the laptop and the pc with a split tunnel but I think my company's configuration prevents me from doing so. I have also been told about the possibility of touching the router to force the same subnet, but I don't know how to do it Thanks a lot |
| Can I delete files in folder C:\FusionLog Posted: 12 Feb 2022 01:17 AM PST On my Windows Server I found folder C:\FusionLogs that occupies a lot of Gigabytes on my disk. Can I delete files from this folder to obtain freee disk space? |
| Fail2ban bantime.increment not working Posted: 12 Feb 2022 12:08 AM PST I wanted to increase the bantime of repeat offenders getting caught by fail2ban. I added the following lines at the top of /etc/fail2ban/jail.local [DEFAULTS] bantime.increment = true bantime.factor = 1 bantime.formula = ban.Time * (1<<(ban.Count if ban.Count<20 else 20)) * banFactor
But it doesn't seem to be working. Here's a part of the log 2022-02-12 12:18:11,869 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:18:11 2022-02-12 12:18:11,888 fail2ban.actions [744]: NOTICE [postfix-sasl] Ban 193.56.29.112 2022-02-12 12:28:11,985 fail2ban.actions [744]: NOTICE [postfix-sasl] Unban 193.56.29.112 2022-02-12 12:28:29,103 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:28:29 2022-02-12 12:36:15,501 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:36:15 2022-02-12 12:36:15,928 fail2ban.actions [744]: NOTICE [postfix-sasl] Ban 193.56.29.112 2022-02-12 12:46:16,257 fail2ban.actions [744]: NOTICE [postfix-sasl] Unban 193.56.29.112 2022-02-12 12:46:42,148 fail2ban.filter [744]: INFO [postfix-sasl] Found 193.56.29.112 - 2022-02-12 12:46:42
Could there be something overriding this? How can I find out? My server is Ubuntu 20.04 |
| How to have node affinity in openstack? Posted: 12 Feb 2022 12:13 AM PST For Example, I have 3 Compute servers and I want to have 1 Specific Instance on each of them and I want to have Node Affinity on them. - instance_1 --> compute_node_1 (Always on this node)
- instance_2 --> compute_node_2 (Always on this node)
- instance_3 --> compute_node_3 (Always on this node)
I know there is a "Senlin" service. But how to use it exactly? Or if there is another solution? |
| Setting up virtual machine and applications Posted: 12 Feb 2022 04:24 AM PST I 've got following collection of features installed in virtual machines | Server name | Feature Installed | | E-Dom | Active Directory, NFS File Share | | E-Coll | Exchange Server, Sharepoint, PBX Server | | E-Sec | NPS, Certificate Authority | | E-Art | Wireshark | I could use some recommendations whether each of these features can be added to same VM or another VM/ a dedicated VM is more necessary? For example, I've have learned can that active directory and exchange server is not recommended to reside on same VM. Same goes for Certificate Authority mixed with Active Directory but I am not sure why. Same question goes for Sharepoint server alongside Exchange Server And PBX Server alongside Exchange Server. I would think PBX server needs it's dedicated VM but it's critical nature can be equally matched with Exchange server, none of them can afford to lose internet connection/ go down. |
| Make a skipped task show as "OK" Posted: 12 Feb 2022 03:11 AM PST I have some ansible tasks that are run in two parts. The first part sets a condition, and the second part uses when to conditionally execute. Pseudo-example: - name: check if installed command: (...) register: is_installed - name: run install script when: is_installed.stdout == "yes" command: (...)
The second task shows as "skipped". This is not really right, I did not forgo the installation, but confirmed that it was already done, so it should show as "OK". It should show "skipped" only if the given host doesn't need this step. I know this is just cosmetic, but I would still like to know if there is a way to get it to say "OK". I tried setting changed_when to False. While this sets the result to OK, it still runs the command. Somebody asked for an ok_when setting, but it was declined and I'm not sure the developers understood the request. |
| Postfix with only STARTTLS or TLS Posted: 12 Feb 2022 02:50 AM PST I have set up my Postfix to require STARTTLS, or SSL/TLS, as well as the user being authenticated if sending to other domains, or the recipient being known to my host if receiving mail. I can connect without initial encryption like this: telnet myserver.com 587 elho there mail from: abc@def.com
The server responds with 530 5.7.0 Must issue a STARTTLS command first I noticed that smtp.gmail.com has the same requirement to use TLS. I think this is good and what I want. But how many clients/servers who will try to send mail to my domain will fail, because they can't do SSL/TLS? My certificate is signed by letsencrypt, so that shouldn't be a problem. Asked another way, is it safe to assume that in 2022 all mail senders can do SSL/TLS? If not, what do I have to change in my postfix configs to allow third parties to deliver mail to my server without TLS (for mails in my domains), but still require my users who want to send mail via my server to login and use STARTTLS or SSL/TLS? A second question: I noticed that if I send the following, I get the same error, but have I just sent my password to the server effectively unencrypted across the internet, meaning I should change my password (note the connection is done with telnet, not openssl!) telnet myserver.com 587 ehlo there AUTH PLAIN GFudEBtYaXhdhbnQuY2...doh!
|
| How to add values to ansible-playbook instead of overwrite it? Posted: 12 Feb 2022 04:58 AM PST As per today, I have the following role, this role simulate a basic installation of the product: - name: Install Server.msi primary_appserver ansible.windows.win_package: path: C:\product.msi log_path: C:\InstallProduct.log arguments: ADDLOCAL=DB,Agent state: present become: true become_method: runas vars: ansible_become_user: "{{ ansible_user }}" ansible_become_password: "{{ ansible_password }}" when: "'primary_appservers' in group_names"
I want to simulate an "advanced" installation, which I select additional feature in the Installation wizard I the installation wizard, I can select one or more features, meaining ADDLOCAL argumnet can be: ADDLOCAL=DB,Agent - that's the basic OR ADDLOCAL=DB,Agent,Feature_A OR ADDLOCAL=DB,Agent,Feature_A,Feature_B Things are become complicated for me, since Feature_C for example demands additional arguments list to install it for example: RABBIT_LOCAL_PORT, RABBIT_QUEUE_NAME, RABBIT_TTL... Using ``varsin Ansible orextraVars``` in Jenkins - overwrite the values in the playbook\role Is there a way to add the value to the existing value in the playbook\role, so for example when I select to install Feature_a and\or Feature_b - ADDLOCAL value in the role will changed into ADDLOCAL=DB,Agent,Feature_A,Feature_B? or in the second case when I add Feature_C, the ADDLOCAL value in the role will changed into ADDLOCAL=DB,Agent,Feature_C and arguments key will include in addition: RABBIT_LOCAL_PORT, RABBIT_QUEUE_NAME, RABBIT_TTL arguments? |
| Server 2022 SMTP Server issue Posted: 12 Feb 2022 05:46 AM PST This is a new installation of Server 2022 Standard 21H2. I'm trying to configure the SMTP Server so that a client application can send emails internally. The first thing I noticed is that when I open IIS 6.0 Manager and right click the SMTP virtual server, it usually generates the following error: SMTP Server Error If I try often enough, I can get in and configure the settings. The next thing though is that whenever I attempt to send a message through the smtp server, the smtp service stops and the following event is logged: Event Log Can anyone suggest where I would start to troubleshoot this please? |
| What causes - Error: pam...Multiple password values not supported? Posted: 12 Feb 2022 03:14 AM PST On a linux server a user is unable to collect email using Microsoft Office. in /var/log/maillog I see this Mar 1 20:49:48 nitrogen dovecot: auth-worker(15749): Error: pam(usern@example.com, 1.2.3.4,<WkxqYjY6G152yDAG>): Multiple password values not supported
followed immediately by Mar 1 20:49:50 nitrogen dovecot: imap-login: Aborted login (auth failed... I can't find any information about this error apart from it seems to be associated with authentication and 2FA. Can anyone shed some light on what might be the cause? I don't have access to the client computer. |
| Debian Stuck at Booting from Hard Disk after installation on KVM Posted: 12 Feb 2022 03:08 AM PST I'm trying to install Debian on Qemu-KVM on RouterOS v5.25 I tried : debian-10.8.0-i386-netinst.iso debian-8.11.0-i386-kde-CD-1.iso debian-live-9.0.0-i386-gnome.iso
on disk image created using : qemu-img.exe create -f raw debian.img 10G during the installation process, everything is good to the end. but right after finishing installation and rebooting, it shows the boot screen counting to 4 then it's stuck at Booting from Hard Disk...
GRUB installed on (master boot record) during installation and i've tried to install it on (/dev/sda). 
Note : it's not rebooting itself, it's just stuck. Here's the boot parameters : 
RouterOS KVM configuration : 
(for testing) I installed debian-6.0.10-i386-netinst.iso it did install and boot without problems, but nothing higher than this version is booting. What causes this problem? |
| Tomcat 9.0.36 https configuration to port 8443 not responding Posted: 12 Feb 2022 05:08 AM PST I have a Tomcat 9.0.36 running on a Ubuntu 18.04.4 LTS (virtual)machine. I am trying to configure it to use a certificate that I got from a CA. I generated successfully the keystore file using keytool, and tried to configure Tomcat to listen on port 8443 for https traffic. The relating fields in server.xms: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="8443" protocol="HTTP/1.1" maxThreads="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keyAlias="correctAlias" keystoreFile="/usr/lib/jvm/jdk-12.0.2/lib/security/keystorefile.jks" keystorePass="correctPassWord" />
I have tried with multiple configurations of both ports, (with or without redirectPort=..., commented out the other port etc.), and the end result is the same. On port 8080, everything works fine (when connector enabled), but on 8443, the result is: This site can't be reached {my ip} took too long to respond.
netstat -plnt gives followint: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 22748/java tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 22748/java ...
So I assume there is something that prevents server from responding, as catalina.out doesn't give any errors, just the startup information, that http-nio-8080 and http-jsse-nio-8443 have started, and everything seems to be runnig. I am aiming for the end result to be that everything redirects to the https protocol, and nothing is unencrypted. |
| ubuntu18.04 tomcat9 doesnt start application when started via systemd Posted: 12 Feb 2022 12:03 AM PST first of all: I am no Tomcat expert, so please bear with me. Currently I'm facing an issue when I reboot the aforementioned server. The tomcat application is not available (404 not found) when automatically started. As soon as I stop the Tomcat via systemd and start it manually via "/usr/share/tomcat9/bin/catalina.sh" the configured application (from server.xml) is available and accessible. ./catalina.sh start Using CATALINA_BASE: /var/lib/tomcat9 Using CATALINA_HOME: /usr/share/tomcat9 Using CATALINA_TMPDIR: /var/lib/tomcat9/temp Using JRE_HOME: /usr/lib/jvm/java-12-oracle Using CLASSPATH: /usr/share/tomcat9/bin/bootstrap.jar:/usr/share/tomcat9/bin/tomcat-juli.jar
some excerpts from /etc/tomcat9/server.xml <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" Server=" " /> .... <Host name="host-live" appBase="webapps/host-live" unpackWARs="true" autoDeploy="true"> <Alias>some.domain.com</Alias> <Context path="" docBase="/var/lib/tomcat9/webapps/host-live" /> <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" /> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="some.domain.com_access" suffix=".txt" pattern="%t %{x-forwarded-for}i %a %m %U %r %b %s %D %I %{X-AUSERNAME}o %{User-Agent}i" resolveHosts="false" /> </Host>
My goal is to have it started and accessible automagically at boot time :) Hence I tried to modify systemd unit file. I changed it to the following: # Current Configuration Environment="CATALINA_HOME=/usr/share/tomcat9" Environment="CATALINA_BASE=/var/lib/tomcat9" Environment="CATALINA_TMPDIR=/tmp" Environment="JAVA_OPTS=-Djava.awt.headless=true" EnvironmentFile=-/etc/default/tomcat9 # My changes: # old values: #ExecStart=/bin/sh /usr/libexec/tomcat9/tomcat-start.sh # replaced with ExecStart=/usr/share/tomcat9/bin/startup.sh ExecStop=/usr/share/tomcat9/bin//shutdown.sh
EDIT: I fixed some permission problems for the tomcat logfiles. But still the application is not found 404 error. Seems like Tomcat is deploying the application successfully when started by systemd but its still not available. Error 404 still coming up on request http://subdomain.domain.tld/myapp/MyAppServer The funny thing is: the application is instantly available on a cloned server (local hostfile edited). I dont get it. Mar 24 13:20:00 server rsyslogd: file '/var/log/tomcat9/catalina.out': open error: Permission denied [v8.32.0 try http://www.rsyslog.com/e/2433 ] Mar 24 13:20:03 server tomcat9[848]: Match [Server/Service/Engine/Host/Valve] failed to set property [resolveHosts] to [false] Mar 24 13:20:03 server tomcat9[848]: Match [Server/Service/Engine/Host/Valve] failed to set property [resolveHosts] to [false] Mar 24 13:20:03 server tomcat9[848]: Server version name: Apache Tomcat/9.0.16 (Ubuntu) Mar 24 13:20:03 server tomcat9[848]: Server built: Sep 11 2019 19:47:51 UTC Mar 24 13:20:03 server tomcat9[848]: Server version number: 9.0.16.0 Mar 24 13:20:03 server tomcat9[848]: OS Name: Linux Mar 24 13:20:03 server tomcat9[848]: OS Version: 4.15.0-1063-aws Mar 24 13:20:03 server tomcat9[848]: Architecture: amd64 Mar 24 13:20:03 server tomcat9[848]: Java Home: /usr/lib/jvm/java-12-oracle Mar 24 13:20:03 server tomcat9[848]: JVM Version: 12.0.1+12 Mar 24 13:20:03 server tomcat9[848]: JVM Vendor: Oracle Corporation Mar 24 13:20:03 server tomcat9[848]: CATALINA_BASE: /var/lib/tomcat9 Mar 24 13:20:03 server tomcat9[848]: CATALINA_HOME: /usr/share/tomcat9 Mar 24 13:20:03 server tomcat9[848]: Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED Mar 24 13:20:03 server tomcat9[848]: Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED Mar 24 13:20:03 server tomcat9[848]: Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Djava.awt.headless=true Mar 24 13:20:03 server tomcat9[848]: Command line argument: -XX:+UseG1GC Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Xms1024M Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Xmx6144M Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Djdk.tls.ephemeralDHKeySize=2048 Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Dignore.endorsed.dirs= Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Dcatalina.base=/var/lib/tomcat9 Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Dcatalina.home=/usr/share/tomcat9 Mar 24 13:20:03 server tomcat9[848]: Command line argument: -Djava.io.tmpdir=/tmp Mar 24 13:20:03 server tomcat9[848]: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [/usr/java/packages/lib:/usr/lib64:/lib64:/lib:/usr/lib] Mar 24 13:20:03 server tomcat9[848]: Initializing ProtocolHandler ["http-nio-8080"] Mar 24 13:20:03 server tomcat9[848]: Server initialization in [1,490] milliseconds Mar 24 13:20:03 server tomcat9[848]: Starting service [Catalina] Mar 24 13:20:03 server tomcat9[848]: Starting Servlet engine: [Apache Tomcat/9.0.16 (Ubuntu)] Mar 24 13:20:05 server tomcat9[848]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. Mar 24 13:20:37 server tomcat9[848]: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [31,362] milliseconds. Mar 24 13:20:37 server tomcat9[848]: Deploying web application directory [/var/lib/tomcat9/webapps/my-app-test/my-app] Mar 24 13:20:38 server tomcat9[848]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. Mar 24 13:20:38 server tomcat9[848]: Deployment of web application directory [/var/lib/tomcat9/webapps/my-app-test/my-app] has finished in [1,029] ms Mar 24 13:20:39 server tomcat9[848]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. Mar 24 13:20:39 server tomcat9[848]: Deploying web application directory [/var/lib/tomcat9/webapps/my-app-live/my-app] Mar 24 13:20:40 server tomcat9[848]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. Mar 24 13:20:40 server tomcat9[848]: Deployment of web application directory [/var/lib/tomcat9/webapps/my-app-live/my-app] has finished in [1,106] ms Mar 24 13:20:40 server tomcat9[848]: Starting ProtocolHandler ["http-nio-8080"] Mar 24 13:20:40 server tomcat9[848]: Server startup in [36,550] milliseconds Mar 24 13:22:04 server tomcat9[848]: Pausing ProtocolHandler ["http-nio-8080"] Mar 24 13:22:04 server tomcat9[848]: Stopping service [Catalina] Mar 24 13:22:04 server tomcat9[848]: Stopping ProtocolHandler ["http-nio-8080"] Mar 24 13:22:04 server tomcat9[848]: Destroying ProtocolHandler ["http-nio-8080"]
Best regards, Marc |
| Ansible: Conditionally define variables in vars file if a certain condition is met Posted: 12 Feb 2022 02:55 AM PST Depending on the value(True/False) of a variable defined into the group_vars I am trying to define some variables in a vars file. Their value depends on the group var's value. My current var file looks like this: {% if my_group_var %} test: var1: value var2: value ... varn: value {% else %} test: var1: other_value var2: other_value ... varn: other_value {% endif %}
For each one of my roles I'm using a variable defined into this file. My test playbook looks like below: - name: blabla hosts: blabla vars_files: - <path>/test_vars.yml roles: blabla
The error I'm receiving after running the playbook is: {% if my_group_var %} ^ here exception type: <class 'yaml.scanner.ScannerError'> exception: while scanning for the next token found character that cannot start any token in "<unicode string>"
Am I doing something stupid here or this is not even supported? I've tried to find another way for defining these vars(I have a lot of them) but I didn't managed to get something functional here. Any suggestions? |
| CPU 100% on uWSGI master getting killed, server not taking requests Posted: 12 Feb 2022 03:08 AM PST I am facing this problem where my uWSGI error logs show "UAAAAAAH my master disconnected: i will kill myself !!!". This has happened twice in 2 weeks and surfaces only when we deploy code, which does a uwsgi --reload /tmp/X.pid. uWSGI is controlled by supervisor but this step just reloads uWSGI, no errors are shown on our Jenkins box but munin shows that CPU usage hits 100%, high disk IO and disk latency and requests to this box are timing out. I have to manually go in and restart uWSGI and that has fixed the issue on both occassions. I would appreciate if someone can please share ideas in how to handle this issue. uWSGI version: 2.0 supervisor: 3.0b1 Thanks |
| Configure server to foward unroutable emails to another email server Posted: 12 Feb 2022 05:08 AM PST Is it possible to configure a Linux mail server (we're running exim) to forward unhandled emails to another server? Here's an example of what I'm trying to accomplish: - an email get's send to user@domain.com
- the MX record for domain.com points to server1 so the email goes to server1
- if server1 doesn't have an email forward or mailbox for user@domain.com it forwards the email to server2 that receives the email as if it was originally sent to it (as if the MX record pointed to server2 directly)
Is something like this possible? If it is, any information you can provide on how to accomplish this is highly appreciated. Thanks. |
| Nginx remove base url Posted: 12 Feb 2022 01:08 AM PST I'm trying to setup Django through UWSGI using Nginx. I got the UWSGI pass to work using this function location / { include uwsgi_params; uwsgi_pass 127.0.0.1:9001; }
Unfortunately when I visit /django/admin. I get an error Page not found (404) Request Method: GET Request URL: http://69.x.x.x/django/admin Using the URLconf defined in Django.urls, Django tried these URL patterns, in this order: ^admin/ How can I have nginx rewrite the url to not pass the /django part? |
| Web server serves up PDF file as wrong mime type Posted: 12 Feb 2022 01:08 AM PST Following an upgrade to the latest version of Joomla, downloads from a website I am working on are being served incorrectly. Example page: http://www.pacificpolicy.org/index.php?option=com_content&view=article&id=259:mic-paper&catid=39:rokfeature They are being served up with the correct content-disposition on first visit, but any further visits PDF files are being loaded as text/html (i.e. displaying the file's contents on screen). How can I force the browser to load the PDF correctly on each visit? My knowledge of PHP & http headers is pretty rudimentary, so I could use some help diagnosing this. The host is a LAMP server, Joomla is 1.5.22, doc management plugin is Rubberdoc. Response header on second visit reads: Date: Thu, 16 Dec 2010 04:29:03 GMT Server: Apache/XXx X-Powered-By: PHP/xxx P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Etag: db71388c6fc952682ae2fd733d4b09c5 Content-Encoding: gzip X-Content-Encoded-By: Joomla! 1.5 Expires: Mon, 1 Jan 2001 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Vary: Host Last-Modified: Thu, 16 Dec 2010 04:29:03 GMT Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
And the download docs are called from a PHP file, which goes thusly: <?php // Check to ensure this file is included in Joomla! defined( '_JEXEC' ) or die( 'Restricted access' ); jimport( 'joomla.application.component.view'); /** * HTML View class for the RubberDoc component * * @static * @package Joomla * @subpackage RubberDoc * @since 1.0 */ class RubberDocViewDoc extends JView { public function display($tpl = null) { global $mainframe, $option; $id = JRequest::getInt('id'); if(!$id) { JError::raiseError(404, 'Page Not Found'); return; } $model =& $this->getModel('doc'); $model->hit(); $data =& $model->getData(); $fileName =& $data->get('file'); $dirname = $mainframe->getParams('com_rubberdoc')->get('rubberdoc_dir', 'rubberdoc'); $filePath = JPath::clean( JPATH_SITE.DS.$dirname.DS.$fileName ); if( !JFile::exists( $filePath ) ) { JError::raiseError(404, 'Page Not Found'); return; } $fileName = $data->get('file'); $extension = array_pop( explode('.', $fileName) ); $fileName = $data->get('alias').'.'.$extension; $fileContent = JFile::read( $filePath ); $fileSize = strlen($fileContent); require(JPATH_COMPONENT.DS.'helpers'.DS.'mime.mapping.php'); $mime = $mime_extension_map[$extension]; //application/octet-stream // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } $doc =& JFactory::getDocument(); $doc->setMimeEncoding( $mime ); $doc->setModifiedDate( $data->get('modified') ); $doc->render(); header('Content-Disposition: attachment; filename="'.$fileName.'" '); header('Content-Length: '. $fileSize); header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Content-Transfer-Encoding: binary'); if( ! ini_get('safe_mode') ) { // set_time_limit doesn't work in safe mode @set_time_limit(0); } echo $fileContent; } }
Thanks, Nick Port Vila, Vanuatu |
No comments:
Post a Comment