A Raspberry Pi, a UPS and a couple of ESXi servers walk into a bar

If you have the power of multiple servers connected to a UPS, you probably need to shut them down when the power goes down and before the UPS runs out of juice. Unless your UPS can be connected to the network, you usually can only connect a single device to it using good old serial or brand new USB. That single host now knows about the UPS status, but what about all the other systems?...

December 16, 2021

Running a PKI using Smallstep certificates with Docker

Recently, I had to set up a new PKI. I was going to go with the good old OpenSSL but it’s 2021, there must be a more userfriendly and, more importantly, automated approach. There are many open-source possibilities: EJBCA, cfssl, Hashicorp Vault, Smallstep Certificates. I chose to use Smallstep certificates because it has all the features I need and they are not behind a pay-wall: lightweight: small Go binary, you can run it with a file-based database (similar to SQLite) user friendly CLI: compared to openssl commands ACME protocol: useful for Traefik reverse proxy OIDC authentication support: the guys are super friendly and available on their Discord channel Be sure to check their website, they have other features that you might want, especially their Certificate Manager....

September 12, 2021

Deprecation of apt-key in Debian-based distributions

I recently installed an Ubuntu 21.04 and when I wanted to install Atom editor, I was given the following warning about apt-key being deprecated: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). After a bit of Googling around, I stumbled on this post on askubuntu.com explaining why apt-key was being deprecated. Then the folks at docker.com give a nice easy command to convert an old PGP key in base64 to a keyring....

August 7, 2021

Gitlab-runner and docker behind a proxy

After reading many articles and trying many things, this is how I solved it. For docker daemon itself to use a proxy, configure environment variables using systemd file /etc/systemd/system/docker.service.d/http-proxy.conf : [Service] Environment="HTTP_PROXY=http://user:pass@proxy.domain.com:3128/" Environment="HTTPS_PROXY=http://user:pass@proxy.domain.com:3128/" Environment="NO_PROXY=localhost,docker,*.domain.com" For gitlab-runner daemon itself to use a proxy, configure environment variables using systemd file /etc/systemd/system/gitlab-runner.service.d/http-proxy.conf : [Service] Environment="HTTP_PROXY=http://user:pass@proxy.domain.com:3128/" Environment="HTTPS_PROXY=http://user:pass@proxy.domain.com:3128/" Environment="NO_PROXY=localhost,docker,*.domain.com" Reload systemd and restart docker daemon: systemctl daemon-reload systemctl restart docker For git commands run by gitlab-runner to use a proxy, use gitlab-runner config file....

August 3, 2021

Post install steps with Gitlab

It happens I recently had to install Gitlab and was a bit lost about what to do right after the setup finished, perhaps this will help. By default, Gitlab stores its data files in /var/opt/gitlab and its backups in /var/opt/gitlab/backups. It would be a good idea to use dedicated partitions for each of those directories. Let’s say you use /dev/sdb1 for Gitlab data and /dev/sdc1 for the backups. gitlab-ctl stop mkdir /mnt/gitlab mount /dev/sdb1 /mnt/gitlab mkdir /mnt/gitlab/backups mount /dev/sdc1 /mnt/gitlab/backups tar -C /var/opt -cf - gitlab | tar -C /mnt -xpsf - umount /mnt/gitlab/backups umount /mnt/gitlab mv /var/opt/gitlab /var/opt/gitlab....

July 22, 2021

IPsec tunnel between Ubuntu 20.04 and Mikrotik router using strongSwan

Here is how to establish an IPsec tunnel between an Ubuntu 20.04 host and a Mikrotik router using IKEv2. The 2 endpoints of the tunnel are: ubuntu.xentoo.info : the Ubuntu server. This server has a local private subnet 10.0.0.0/24 and a fixed public IPv4 address 1.2.3.4 . The hostname ubuntu.xentoo.info resolves to the public IP address. mikrotik.xentoo.info : the Mikrotik router. This router has a local private subnet 192.168.0.0/24 and a dynamic public IPv4 address....

March 6, 2021

Install Firely III on Ubuntu 19.04

“Firefly III” is a (self-hosted) manager for your personal finances. You can find more about it on the following sites: https://github.com/firefly-iii/firefly-iii https://docs.firefly-iii.org/ Install prerequisites Let’s first install the requirements to run Firefly. Firefly documentation says it runs on PHP 7.2 but that’s wrong, it needs >=7.3 . Unfortunately, Ubuntu 19.04 comes with PHP 7.2 by default, so we need to use a PPA to have a more recent version. ondrej/php PPA has version 7....

January 5, 2020

Compile pjsip with pjsua on Ubuntu 16.04

As a personal note to myself :-) apt-get install make gcc pkg-config libasound2-dev wget http://www.pjsip.org/release/2.6/pjproject-2.6.tar.bz2 tar -xjf pjproject-2.6.tar.bz2 cd pjproject ./configure && make dep && make sudo make install sudo cp pjsip-apps/bin/pjsua-x86_64-unknown-linux-gnu /usr/local/bin/pjsua That’s it!

May 4, 2017

Extend snmpd to add detailed CPU statistics, per CPU (again)

For easier use with Cacti, it is easier to group statistics per type instead of per CPU. So you would have a parent OID for CPU time spent by user with many values (one per CPU). Put the following in /etc/snmp/percpudetail: #!/bin/bash case "$1" in "user") grep ^cpu /proc/stat | awk '{print 2}' ;; "nice") grep ^cpu /proc/stat | awk '{print 3}' ;; "system") grep ^cpu /proc/stat | awk '{print 4}' ;; "idle") grep ^cpu /proc/stat | awk '{print 5}' ;; "iowait") grep ^cpu /proc/stat | awk '{print 6}' ;; "irq") grep ^cpu /proc/stat | awk '{print 7}' ;; "softirq") grep ^cpu /proc/stat | awk '{print 8}' ;; esac Make it executable:...

April 14, 2017

Extend snmpd to add detailed CPU statistics, per cpu

I needed to export detailed CPU statistics from Linux servers using SNMP. While UCD-SNMP-MIB export some detailed stats, it only does it for the whole system. I may have missed something easier though :-) So here is a BASH script, put it in /etc/snmp/percpustats: #!/bin/bash /bin/grep "^$1 " /proc/stat | sed -e 's/^cpu[0-9]* *//' | tr ' ' '\n' Make it executable: chmod +x /etc/snmp/percpustats This simple script takes a single argument, which is the cpu id you want to look at....

April 13, 2017