OpenNebula: Monitoring Information - ERROR="Mon Oct 30 11:32:54 2017 : Error monitoring Host opennebula-250 (0): sh: /var/tmp/one/im/kvm.d/../run_probes: No such file or directory

[oneadmin@opennebula-250 ~]$ onehost list
  ID NAME            CLUSTER   RVM      ALLOCATED_CPU      ALLOCATED_MEM STAT
   0 opennebula-250  default     7  1400 / 3200 (43%)  38G / 62.4G (60%) err
[oneadmin@opennebula-250 ~]$ onehost show 0
HOST 0 INFORMATION
ID                    : 0
NAME                  : opennebula-250
CLUSTER               : default
STATE                 : ERROR
IM_MAD                : kvm
VM_MAD                : kvm
LAST MONITORING TIME  : 10/30 11:32:54

HOST SHARES
TOTAL MEM             : 62.4G
USED MEM (REAL)       : 12.4G
USED MEM (ALLOCATED)  : 38G
TOTAL CPU             : 3200
USED CPU (REAL)       : 0
USED CPU (ALLOCATED)  : 1400
RUNNING VMS           : 7

LOCAL SYSTEM DATASTORE #0 CAPACITY
TOTAL:                : 2.7T
USED:                 : 19.2G
FREE:                 : 2.7T

MONITORING INFORMATION
ARCH="x86_64"
CPUSPEED="2399"
ERROR="Mon Oct 30 11:32:54 2017 : Error monitoring Host opennebula-250 (0): sh: /var/tmp/one/im/kvm.d/../run_probes: No such file or directory
"
HOSTNAME="opennebula-250.localdomain"
HYPERVISOR="kvm"
IM_MAD="kvm"
MODELNAME="Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz"
NETRX="2631437455"
NETTX="129750876"
RESERVED_CPU=""
RESERVED_MEM=""
VERSION="5.2.1"
VM_MAD="kvm"

WILD VIRTUAL MACHINES

NAME                                                      IMPORT_ID  CPU     MEMORY

VIRTUAL MACHINES

    ID USER     GROUP    NAME            STAT UCPU    UMEM HOST             TIME
     3 oneadmin oneadmin JUMP Server     unkn  0.0      4G opennebula 109d 18h19
     4 oneadmin oneadmin Temp 4GB 4vcpu  unkn  0.0      8G opennebula 107d 20h20
     5 oneadmin oneadmin KDN MDC Databas unkn  0.0      8G opennebula 103d 00h37
     6 oneadmin oneadmin KDN MDC FrontEn unkn  0.0      2G opennebula 103d 00h37
     7 oneadmin oneadmin KDN MDC Databas unkn  0.0      8G opennebula 103d 00h36
     8 oneadmin oneadmin KDN MDC Backend unkn  0.0      4G opennebula 103d 00h35
     9 oneadmin oneadmin KDN MDC Backend unkn  0.0      4G opennebula 103d 00h35
[oneadmin@opennebula-250 ~]$ ping opennebula-250
PING opennebula-250 (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.064 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.019 ms

See?

Solution is actually pretty simple.

remove

/var/tmp/one

(as root) and run back

onehost sync --force

as oneadmin

+1 to https://stackoverflow.com/questions/36485710/opennebula-error-monitoring-host-kvm (not really a ruby problem)

pertapaan

Hasil menurun..

less access_log | awk '{print $1}' | sort | uniq -c  | sort -nk1,1

Kemudian,

ufw insert 1 deny from IPADDR comment 'ddos'

test

Short note on installing Ambari

Prerequisite

Don't forget to install this first:


yum install rpm-build
yum install gcc-c++
yum install epel-release
yum install nodejs
npm install -g brunch

# install python 2.7 setuptools
wget https://pypi.python.org/packages/2.7/s/setuptools/setuptools-0.6c11-py2.7.egg#md5=fe1f997bc722265116870bc7919059ea
sh setuptools-0.6c11-py2.7.egg


mvn ambari-metrics-storm-sink fetch package failure

Error:
Failed to execute goal on project ambari-metrics-storm-sink: Could not res:storm-core:jar:1.1.0-SNAPSHOT in apache-hadoop

Reason:
There's no storm-core:jar:1.1.0-SNAPSHOT in repo (ref: http://repo.hortonworks.com/content/groups/public/org/apache/storm/storm-core/1.1.0/)

Solution:
Change ./ambari-metrics-storm-sink/pom.xml


From

<properties>
<storm.version>1.1.0-SNAPSHOT</storm.version>
</properties>

To

<properties>
<storm.version>1.1.0</storm.version>
</properties>


psutils-compile failure

Reason:
Python development tools is needed. Just install python-devel on CentOS.

finally

he he he

Dotnet restore fails: Microsoft.Composition 1.0.27 is not compatible with netcoreapp1.1

Because:

Assembly Microsoft.Composition 1.0.27 was build wayy longer before netcoreapp comes into play. But all sources said that it was PCL-ed and should be working fine with netcoreapp or netstandard.

Solution:

Open up csproj, add this to <PropertyGroup> element:


<packagetargetfallback>
   $(PackageTargetFallback);portable-net45+win8+wp8+wpa81;
</packagetargetfallback>



And restore back packages using nu-package

Source: dotnet/corefx issues #9788

OpenNebula: Allowing Private Network accessing outside via host

This one is really a pickle. Spend hours of my time to figuring out what went wrong. My private network (interface virbr0 from libvirt daemon, 192.168.122.0/24) can't connect to outside world.

Actually it was a simple solution (have the same problem years ago, but i don't document it well - so i forget to remember).


Solution:
Use firewall or iptables to do NATting between virbr0 with current DMZ/host bridge at HOST. I hate iptables, hence:


firewall-cmd --zone=external --add-interface=virbr0
firewall-cmd --zone=external --add-interface=virbr0 --permanent


And yes. You didn't have to explicitly specify masquerade because external IS the forwarding zone duh! (ref manual: https://fedoraproject.org/wiki/Firewalld?rd=FirewallD#external)


And walla, you got yourself a deal - and a external connection.

PS: Just don't forgot to add DNS to your virbr0 settings (using nmtui should done it, UI-ly).


Why:
Since libvirt by default is configured as Host-Only, all connection via virbr0 can only see their peer, and not outside host. (Here i thought it might have something to do with my network config, libvirt.conf hance DNS not forwarded and not visible! dammit). And by attaching virbr0 to external zone, it will automatically enable NATting and forwarding + post/pre routing.

Guys, if you don't have any complex rule, just use firewall-cmd. Just forget about iptables. It's already 2017 dammit, not the 1997.

Working CentOS with SeLinux and hugetlbfs

Recently i got this:

type=AVC msg=audit(1490657751.072:24243): avc:  denied  { write } for  pid=26274 comm="httpd" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=8360015 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:hugetlbfs_t:s0 tclass=file

One way to correct it, is like this:

setsebool -P httpd_execmem 1

grep hugetlbfs /var/log/audit/audit.log | audit2allow -M hugetlbfs
semodule -i hugetlbfs.pp

Postgresql generate series

SELECT to_char(d.serie, 'Mon-YYYY'), count(r.report_kes_id) FROM 
(SELECT serie, extract(year FROM serie) as tahun , extract(Month FROM serie) as bulan FROM generate_series(date '2013-01-01', date '2015-12-31' , interval '1 month') serie) d
LEFT JOIN  rekod.dadah_klien r ON r.tarikhperintah = d.tahun AND r.bulan_ks = d.bulan 
   GROUP BY d.serie ORDER BY d.serie

SELinux for HTTPD outside /var/www/,..

Check with:

sudo ls -Z /opt/lampp/

Install semanage

sudo yum install policycoreutils-python

Set label and reset directories/files label

sudo semanage fcontext -a -t httpd_sys_script_exec_t "/opt/lampp/htdocs(/.*)?"
sudo restorecon -rv "/opt/lampp/htdocs"

How to set SSH private key location

Create .ssh folder in your user profile and then, don't forget to set environment HOME to %USERPROFILE%

Elasticsearch 5.2 on CentOS 7: ERROR: bootstrap checks failed

Previously, got this error:

ERROR: bootstrap checks failed
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
max number of threads [1024] for user [username] is too low, increase to at least [2048]
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

So what I do is:

vi /etc/security/limits.conf

# Add or edit
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
#EOF /etc/security/limits.conf
 
vi /etc/security/limits.d/90-nproc.conf

# changed original soft nproc 1024 to 2048
#*          soft    nproc     1024
*          soft    nproc     2048
#EOF /etc/security/limits.d/90-nproc.conf

 
vim /etc/sysctl.conf

# Added here
vm.max_map_count = 262144
#EOF /etc/sysctl.conf
 
sysctl -p

Install GCC 5.3 on CentOS 7.3 with SCL

Another way to enable GCC 5 just for current bash environment,

sudo yum install centos-release-scl
sudo yum install devtoolset-4-gcc*
scl enable devtoolset-4 bash
which gcc
gcc --version

and then, add this to enablegcc5.sh at /etc/profile.d

#!/bin/bash
source scl_source enable devtoolset-4

There you go

sudo cat > /etc/profile.d/gcc5-scl.sh << EOF
#!/bin/bash 
source scl_source enable devtoolset-4
EOF

Simple Advisory Lock for C# via Mono

Mono handled mutex differently from Microsoft dotNET due to platform differences (eventhough the implementation is the same).

So the only simplest method to create mutex-like for advisory lock on mono is by creating a lock file. Criteria:

1. Only one instance of application can be run one time. (not to be confuse application with software and thread!)
2. After the application exit, the application can be run again. (Proper cleanup!)

Hence, this is the simple class for that.


https://gist.github.com/fawildchild/d1ccbf26af5931da6c138599ddd10de6

Straight forward I say.

(ps: Console.ReadKey() at the end)

Walla

psql: INSERT, if already exists, SELECT (two cidr version)

It is actually quite weird. I already set that the cidr is not null, but still, i can happily insert null value inside that.

Hence, it come the problem. I can't select if one of the column's value is null. COALESCE didn't help (on its own). Now we have to modify our script a little bit.

One of the solution is setting default value for cidr-typed column. But what value? 0.0.0.0/0 obviously didn't help. Because null is null. 0.0.0.0/0 is everyone.

Now here what i do.

Let say, we have



Hence, the (unoptimized, but working) query is like this:

*change 192.168.43.199 to Address Client and 0.0.0.0 to X Forwarded For Address, both nullable



tadah

psql: Insert, if already exists, select

WITH new_browser AS (
INSERT INTO audit_log.browsers ( agent_string ) 
 SELECT 'test8' WHERE NOT EXISTS (SELECT * FROM audit_log.browsers WHERE agent_string = 'test8')
    RETURNING browser_id
)
SELECT * FROM new_browser
UNION
SELECT browser_id FROM audit_log.browsers WHERE agent_string = 'test8'

The only problem is that i have to write the insert item/select condition 3 times, for one particular column...

Script to rename hostname and append to /etc/hosts

#!/bin/bash

# save this as anyfile.sh at webserver

# call curl -s http://somewhere.over.the.rainbow/anyfile.sh | sudo bash -s {hostname}

if [ "$EUID" -ne 0 ]
  then echo "Please run as root"
  exit
fi

if [ $# -eq 0 ]
  then  echo "Please supply new hostname for this machine."
fi

echo "Hostname entered: " $1

hostnamectl set-hostname $1

echo 127.0.0.1 $1 >> /etc/hosts

cat >> /etc/hosts << EOF
# list of hosts
EOF

systemctl restart systemd-hostnamed

CentOS/Fedora/Ubuntu (FirewallD/ufw) allow specific port from specific IP

I wanted to allow only certain port incoming from certain IP

Rich rules for FirewallD (CentOS 7+ or Fedora)

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.X.X.X/32 port port=6556 protocol=tcp accept'

or for full,

sudo firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.X.X.X/32 port port=6556 protocol=tcp accept' && sudo firewall-cmd --reload

For Ubuntu with UFW;

sudo ufw allow from 10.X.X.X/32 to any port 6556