Postgresql not listening on docker interface after reboot

Posted on 12 August 2020 by Kasper Lund

/etc/postgresql/12/main/postgresql.conf is where you define the interfaces for postgresql to listen on. It’s done with the line “listen_interfaces =”
So, to get postgresql to listen on a docker interface, you have to add the IP address to the configuration:

listen_addresses = 'localhost,172.18.0.1'

This will make postgresql listen after connections from my docker container. Unfortunately when i rebooted the machine, postgresql was only listening on the localhost. That was strange.

After doing some fiddling around, I discovered that I might had a timing issue, and I even found a couple of articles covering the issue. The postgresql service needs to wait for the docker service to be started, or it cannot listen on the docker interface, that seems logical. I tried following some of the workarounds described, but I couldn’t get it to work. I then took a look on how the default systemd is build, and it seems that /etc/systemd/system/default.target.wants/ consist of symbolic links to /lib/systemd/system/whatever, so i did the same:

sudo ln -s /lib/systemd/system/postgresql@.service /etc/systemd/system/default.target.wants/

I then added this line to the unit block:

After=docker.service

This seems to have done the trick. After a reboot, postgresql is listening on my docker interface. You can always verify with:

sudo ss -nltp | grep postgres

Ping not permitted in WSL

Posted on 11 June 2020 by Kasper Lund

Using Windows subsystem for Linux (WSL) is so nice, when you are forced to work from an inferior OS, sometimes also referred to as “a gaming console”
Especially combined with the Windows Terminal, which I wrote about here: https://www.nordal-lund.dk/?p=592 I’m sure that most Linux/Unix administrators will feel right at home.

Despite all the goodness, there are some minor annoyances preventing me from experiencing a big burst of happiness. One of them are the inability to use ping on a std. WSL Debian as a non-root user. That’s right, you need to do “sudo ping nice.little.address” or you will be denied 🙁

The root cause is the ping utility missing the SUID bit, which it has on the real distro. Luckily there’s an easy fix, add the SUID bit to the ping utility:

sudo chmod u+s /bin/ping

Thats it, now you can ping without sudo again 🙂

Happy pinging
/Kasper

Finally a decent terminal for Windows

Posted on 10 June 2020 by Kasper Lund

Tip! Check out my new post about making the terminal great again here

For years and years Windows users have had to work with disabled tools when trying to work in the command line interface. The old cmd had a bad interface, and even powershell until very recent, has also been a pain. One of the most annoying things has been the missing ability to adjust the window size to your needs, furthermore tab completion has either been missing or bad implemented. All in all, flexibility has not been a keyword for any of the old terminals, but this is all in the past, because now we have Windows terminal!

Easy to install from the Windows store or with command line package manager like chocolatey, and has a great deal of the features you know from various Linux terminals.

Windows terminal supports multiple terminals in tabs, split panes horizontal and vertical, custom background and a lot more. Check it out here: https://github.com/microsoft/terminal

If you are a Linux user and sometimes have to work from Windows, Windows terminal also work perfect with WSL (Windows Subsystem for Linux). Install the terminal, install your favorite Linux, and you are good to go. Here are some small tips to make the experience even better:

Make Linux the default shell by editing the json settings file. You find it by clicking the small “down-arrow” and select settings. Add the guid number of the Linux you want to start to the defaultprofile setting.
Make the Linux shell start in the Linux home folder by adding this setting to the bottom of the paragraph of your Linux profile:
“commandline”: “wsl.exe ~”

If you are interested in command line stuff, and working on Windows, this is a nice resource to follow: https://devblogs.microsoft.com/commandline/

Looking for clear text authentication with tcpdump

Posted on 17 May 2020 by Kasper Lund

Login services not using encryption, is unfortunately still often seen in the wild. I started out in the IT business around 2000, and even back then, clear text authentication was bad, but still we see it today.

Examples of services using clear text authentication is: HTTP, FTP and telnet. Don’t ever authenticate using any of these protocols, unless you know exactly what you are doing.

Sometimes you may want to verify, if the password is actually sent in clear text, and one of the tools to use is tcpdump. Tcpdump is the default network analyse tool on most Linux distributions, and it’s very easy to get started with. Maybe you just want to know if your network changes is routing traffic to your server, you can use tcpdump to verify.

When sniffing for clear text passwords, we need to give the parameters -s 0 and -A and then we can give the destination port the service is listening on with dst port. So the full command would look like this:

tcpdump -s 0 -A dst port xxx

You can also specify the interface to listen on, by using the -i option. If your interface is enp0s31f6, then it would look like.

tcpdump -i enp0s31f6 -s 0 -A dst port xxx

Another option is the “and” and the “not” keyword. Imagine you are logged in with SSH, and looking for ssh traffic, but you don’t want to see your own traffic. The you can use and not host ${your own IP address}, like this

tcpdump -i enp0s31f6 dst port 22 and not host xx.xx.xx.xx

In the last example i have removed the -s 0 and the -A option, since i don’t need it just to see if traffic is getting to my server.

Balance your VMs across ESXi hosts in a vSphere cluster with local storage

Posted on 21 February 2020 by Kasper Lund

The Citrix guys in my company has a bad habbit of using local storage, probably because they have had some bad performance experiences in the past. Local storage is not good for the vSphere admin, as vMotion is set out of play, and I need to move things around manually when doing maintenance. Furthermore the Citrix provisioning tool is not very good at launching/deploying VM’s on hosts that has a lot of free resources, so pretty often we end up with clusters where 50% of the hosts is utilizing 90% of the resources (mainly memory) and 50 % is doing nothing 🙁

To mitigate this I have written a script to “balance” the VM’s equally across the clusters. The script takes a parameter with the cluster name, and you are able to exclude specific hosts by editing the file.

# Script to balance VMs across ESXi hosts in cluster using local storage.
# Created by kasper@nordal-lund.dk
# Execute with cluster name as parameter
param(
[string]$cluster
)

#Make sure the vmware modules are loaded
Get-Module -name vmware* -ListAvailable | Import-Module

#Connect to the viserver
connect-viserver hostname.vcenter -alllinked -Credential (Get-Credential)

#$cluster = "xxx" # Manually define the cluster value. For testing purposes.

# Exclude hosts from the operation, use * as wildcard and seperate with |
$excluded = "" 

#Check if the cluster parameter is set.
if ($cluster -eq "") {
    write-host "You forgot to specify a cluster, please try again..."
    exit
}

# Fire up the main loop
while ($true) {

# Pull out the target hosts
$hosttargetsRaw =  get-cluster $cluster | get-vmhost | where {($_.connectionstate -eq "Connected")} | select name,@{N="VMCount";E={(get-vm -location $_.name).count}} | Sort-Object VMCount -Descending

# Trim the list for exclusions 
$hosttargetstrimmed = $hosttargetsRaw -notmatch $excluded

# Calculate the difference between the most and least populated hosts
$diff = ($hosttargetstrimmed | select -First 1).VMCount - ($hosttargetstrimmed | select -Last 1).VMCount

if ($diff -gt 4) {

# Define the source and destination hosts
$sourcehosts = $hosttargetstrimmed | select -First 2
$desthosts = $hosttargetstrimmed | select -last 2

# Check if we have only one hosts doing nothing
$bottomdiff = ($desthosts | select -first 1).VMcount - ($desthosts | select -Last 1).VMCount

$i = 0

foreach ($sourcehost in $sourcehosts.name){
	if ($bottomdiff -gt 4) {
        $curdesthost = $desthosts[1].name
    }else {
        $curdesthost = $desthosts[$i].name
	    $i++
    }
# Get the destination datastore		
$destds = (get-datastore -vmhost $curdesthost local*).name

# get the VM's we want to move
$targets = get-vmhost $sourcehost | get-vm | select -first 2

# Move the VM's 2 from each hosts = 4 VM's pr. loop
foreach ($target in $targets) {
    echo "move-vm -vm $target -Destination $curdesthost -Datastore $destds -RunAsync"
   }
}
# Wait for the VM's to be moved before looping again.  
sleep -Seconds 90
}else {
    write-host "Balancing of cluster $cluster is finished, difference between most and least populated host is $diff VMs..."
exit
}
}

I hope you are able to use this, at least as inspiration for getting on with your own.
And remember, this script can of course be combined with my powershell menu script found here: https://www.nordal-lund.dk/?p=574

Enjoy…

Powershell menu script

Posted on 21 February 2020 by Kasper Lund

Do you ever need to give some input to a script? Maybe its a long filename or some other long and complex string, or maybe you’re just lazy like me? I wrote a script for handling the input, it’s a bit like the curses based menus you see in some network equipment, and in Linux systems. The eaxmple below is for getting the firmware baseline for a HP OneView system, but the menu is usable almost everywhere you need to specify something.

Lets stop talking, and take a look at the actual script:

param(
[string]$selection
)

if ((get-module hpone*).count -lt 1){
Get-Module -name hpone* -ListAvailable | Import-Module -WarningAction SilentlyContinue
}

if ($Global:connectedSessions){
    echo "Already connected..."
    } else {
    Connect-HPOVMgmt -Appliance ADDRESS -Credential (Get-Credential)
}

$global:MenuOptions = get-hpovbaseline

if ($Selection -eq ""){

    Clear-Host
    Write-Host "================Select Firmware Version================"
    
    $MenuNumber = 1
    foreach ($Option in $MenuOptions.version){

    Write-Host "$MenuNumber : $Option"
    $MenuNumber++
    }
    Write-Host -ForegroundColor red "Quit: Press 'ctrl-c' to quit."

    [int]$Selection = Read-Host "Please select firmware by number"
    
}

$baseline = $MenuOptions[$Selection -1]

The above code has some checks in the beginning to see if we have the right modules loaded, and if we are connected to the OneView server. This is not needed for the menu, but maybe it can be useful for you anyway.
In this example I’m listing the firmware included in the baselines from an HP OneView system, and the $baseline variable will have the selection I made.
This is usable for all kinds of interactions with other systems, e.g. its also very usable for vmware vCenter.
The selection parameter is there if you run this task often and already know what to select, then you can add it as an attribute to the script.

Please enjoy using the script.

Nvidia MX150 mobile GPU on Ubuntu with secure boot

Posted on 13 December 2019 by Kasper Lund

I just got a replacement laptop, as my previous Thinkpad T580 started to freeze after > 10 minutes of usage. Luckily my company just replaced the thing, so I didn’t have to think about anything else than reinstalling (since i don’t use coorporate Windows image) and copy in my backup.

The T580 has a Nvidia MX150 GPU alongside with the Intel. I had some issues getting this to work on my old laptop, when I initially installed it with Ubuntu 18.04. Working with the Nvidia driver, pre-summer 2019’ish on Linux, reminded me of trying to get the xserver to work some decades ago. If you don’t know what I’m talking about, pleaae watch Bisqwit trying with SlackWare 3.0 in this video: https://www.youtube.com/watch?v=EanGvOBhr9s

Well, lets forget about the past and watch ahead. Since Ubuntu 19.10 was released, all this Nvidia stuff should be much easier, as Nvidia drivers are now build into Linux and Ubuntu is working to make everything easier.

During installation I selected install third party drivers, and that should more or less be it – it should work. But of course it did not, otherwise I would not have been writing this. Somehow it seemed like Ubuntu was not recognizing the GPU. The prime profile application gave me an option to choose what GPU to use, but it kept using the Intel even though I told it to use Nvidia. After some time of debugging, I learned, that in order to use the Nvidia GPU you have to disable secure boot. I rebooted to BIOS, disabled secure boot, and everything is now working as expected.

LGSM CS:GO not starting

Posted on 11 December 2019 by Kasper Lund

I’m running a small CS:GO server for the local E-Gaming club. It’s based on https://linuxgsm.com/, which makes managing game servers easy.

Today I got a call from the trainer, telling that the server was not running. I have some tasks running every night to check for updates, and my first thought was that something had gone wrong during the update.

when trying to start the server with: “./csgoserver st” it tried to start but immediately stopped again. I inspected the console log file and found hundreds of files, with very few lines in them:

#AppFramework : Unable to load module bin/engine.so!
#Unable to load interface VCvarQuery001 from bin/engine.so, requested from EXE.
Wed Dec 11 16:55:14 CET 2019: Server Quit

Searching google for this did not give me anything related to my issue. Trying to communicate with someone in the LGSM discord channel did not give me any success as well. I tried installing the server again with “./csgoserver i” and I tried the variuos options for updating the server – no luck.

Finally i tried the validate command “./csgoserver v” and even though it seemed to be running forever without anything happening, it finally showed progress, and after 5-7 minutes it finished.

I was now able to start the servers (I have more than one instance, running of the same source) and everything seems to be running just fine.

My assumption is that some kind of download got aborted during an update, and therefore missed or corrupted some files.

Get rid of the facebook login box

Posted on 28 May 2019 by Kasper Lund

Do you also hate the big facebook login box nagging you when you’re not signed in? Even sites that should be public available is ruined by this, luckily there’s a solution 🙂

Maybe you already have an add-blocker, if not I can recommend ublock origin, but anyone will probably do.

Create a custom filter and add the following line:

www.facebook.com###pagelet_growth_expanding_cta

This will make the annoying prompt go away – at least for now…

Upgrading from vSphere VCSA 6.5 pre version U1d to post version U1d not possible

Posted on 22 March 2019 by Kasper Lund

Yesterday I had to upgrade a VCSA 6.5 U1b to U2e, but I got stuck in the process because the VCSA manager said this:

Latest updates already installed on vCSA, Nothing to stage/install

Hmm, thats not right… google, google, google
Seems that vmware changed the build numbering scheme, and they have an article about my issue:
https://kb.vmware.com/s/article/59659
Unfortunately the link to the attachement was dead 🙁 I had to create a case with vmware support to get the shell script.
So, to prevent this from happening again, heres the four lines thats in the script:

sed -i “s/if metadata[‘buildnumber’] <= _getBaseBuildNumber():/if int(metadata[‘buildnumber’]) <= int(_getBaseBuildNumber()):/g” /usr/lib/applmgmt/base/py/vmware/vherd/base/software_update.py
service-control –stop applmgmt
service-control –start applmgmt

Create a file on your VCSA in /root/ called buildversion.sh, paste the four lines above into it. Make it executable, run it, upgrade your VCSA.

www.nordal-lund.dk

Release your inner geek

Author Archives: Kasper Lund