alexus's questions

i've got notification from Victoria Risk [email protected]

New BIND releases are available: 9.18.35, 9.20.7, 9.21.6

after i pulled latest image, bind9 is now unable to start due to the following new error:

$ docker compose up
[+] Running 2/1
 ✔ Network bind_bind  Created                                                                                                                                                                                                                                                            0.2s
 ✔ Container bind9    Created                                                                                                                                                                                                                                                            0.0s
Attaching to bind9
bind9  | named: setgid(): Operation not permitted
bind9 exited with code 1
$ 

bind9 used to work just fine before pulling new latest image..

my environment:

$ uname -a
Linux gamma 6.1.0-26-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux
$ docker --version
Docker version 27.3.1, build ce12230
$ docker compose version
Docker Compose version v2.29.7
$

my docker-compose

$ cat docker-compose.yml
services:
  bind:
    image: internetsystemsconsortium/bind9:9.20
    container_name: bind9
    env_file: .env
    expose:
      - 80
      - 443
      - 853
    networks:
      - default
    ports:
      - 0.0.0.0:53:53/udp
      - 0.0.0.0:53:53/tcp
      - 0.0.0.0:443:443/tcp
      - 0.0.0.0:853:853/tcp
      - 127.0.0.1:953:953/tcp
    restart: always
    volumes:
      - ./etc/bind:/etc/bind
      - ./var/cache/bind:/var/cache/bind
      - ./var/lib/bind:/var/lib/bind
      - ./var/log:/var/log

networks:
  default:
    name: bind_bind
    driver: bridge

$

named.conf:

$ cat ./etc/bind/named.conf
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
    algorithm hmac-sha256;
    secret "XYZ";
};
#
controls {
    inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf

logging {
        channel stdout {
                stderr;
                severity debug;
#                severity info;
                print-category yes;
                print-severity yes;
                print-time yes;
        };
        category security { stdout; };
        category dnssec   { stdout; };
        category default  { stdout; };
        category queries  { stdout; };
};

tls local-tls {
    key-file "/etc/bind/letsencrypt/X.Y.Z/privkey.pem";
    cert-file "/etc/bind/letsencrypt/X.Y.Z/fullchain.pem";
};

http local-http-server {
    endpoints { "/dns-query";  };
};

options {
    allow-query-cache { any; };
        allow-recursion {
        X.X.X.X/Y;
    };
        allow-transfer {
        X.X.X.X/Y;
    };
        allow-update { none; };
        directory "/var/cache/bind";
    http-port 80;
    https-port 443;
    listen-on port 53 { any; };
    listen-on port 80 tls none http local-http-server { any; };
    listen-on port 443 tls local-tls http local-http-server { any; };
    listen-on-v6 port 53 { any; };
    listen-on-v6 port 80 tls none http local-http-server { any; };
    listen-on-v6 port 443 tls local-tls http local-http-server { any; };

        max-cache-size 100M;
        max-cache-ttl 3600;
        max-ncache-ttl 3600;

        # https://kb.isc.org/docs/bind-best-practices-authoritative#6-prepare-for-abuse-of-any-externalfacing-servers
        rate-limit {
#                slip 2; // Every other response truncated
#                window 15; // Seconds to bucket
                responses-per-second 5;// # of good responses per prefix-length/sec
#                referrals-per-second 5; // referral responses
#                nodata-per-second 5; // nodata responses
#                nxdomains-per-second 5; // nxdomain responses
#                errors-per-second 5; // error responses
#                all-per-second 20; // When we drop all
#                log-only no; // Debugging mode
#                pps-scale 250; // x / 1000 * per-second
#                // = new drop limit
#                exempt-clients { 127.0.0.1; 192.153.154.0/24; 192.160.238.0/24 };
#                ipv4-prefix-length 24; // Define the IPv4 block size
#                ipv6-prefix-length 56; // Define the IPv6 block size
#                max-table-size 20000; // 40 bytes * this number = max memory
#                min-table-size 500; // pre-allocate to speed startup
        };

    version none;
};

$

please advise.

unfortunately internetsystemsconsortium user/team doesn't have 3rd level version specific tag, which makes me unable to do the roll back: https://hub.docker.com/r/internetsystemsconsortium/bind9/tags

I’m running BIND9 inside a Docker container and noticing a lot of messages like this:

bind9 | 13-Nov-2024 22:39:13.792 queries: info: client @0x7f81a0077000 200.55.244.14#7459 (.): query: . IN ANY +E(0) (172.19.0.2)

I’m now attempting to implement “Response Rate Limiting (RRL)” by following BIND Best Practices - Authoritative and/or Using Response Rate Limiting (RRL). However, even after adding the following configuration, it doesn’t seem to be making any difference:

options {
         …
          rate-limit {
              responses-per-second 5;
          };
      };

my environment:

$ docker --version
Docker version 27.3.1, build ce12230
$ docker compose version
Docker Compose version v2.29.7
$ cat /etc/debian_version
12.7
$ uname -a
Linux X 6.1.0-26-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.112-1 (2024-09-30) x86_64 GNU/Linux
$ docker images internetsystemsconsortium/bind9
REPOSITORY                        TAG       IMAGE ID       CREATED       SIZE
internetsystemsconsortium/bind9   9.21      2fe7f58e77a3   4 weeks ago   371MB
$

Please advise) Thank you in advance!

I attempted to replicate the dd-es-remote-ca secret from the default namespace into the kube-system namespace. Despite encountering no errors during the process, the secret did not successfully copy over.

% kubectl --namespace default get secret dd-es-remote-ca -o yaml | sed 's/namespace: default/namespace: kube-system/'
apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNekNDQWh1Z0F3SUJBZ0lRYlJYNlJ6amFSQ0gwcWZ1VTNldFNSakFOQmdrcWhraUc5dzBCQVFzRkFEQWsKTVFzd0NRWURWUVFMRXdKa1pERVZNQk1HQTFVRUF4TU1aR1F0ZEhKaGJuTndiM0owTUI0WERUSTBNREl3TnpJdwpORGMxT0ZvWERUSTFNREl3TmpJd05UYzFPRm93SkRFTE1Ba0dBMVVFQ3hNQ1pHUXhGVEFUQmdOVkJBTVRER1JrCkxYUnlZVzV6Y0c5eWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUs4VzdNUEIKOU1YTU9KTGlqbnB3czYwR3gySm0vNzdiNmlxUGN1Y3lPZEVnZkVyZFJWcU13OWtyUlY5ZG92UFFLcHhxdXpZMgpLemFpYnpLb0ZVVWZpSEVJL0p2N1Y4c3ZWNkJSK3FudXFMbE9XcG90cWNiU205WGNUWmo4Mm5xU3o4UytSSFgrCmNMM1phTG0rczdlWHRIWDF1YzdYTEFMdDFyc1dFQkYrbWFoUmxXclR2VW1PdFdsL25wQ0FTY001MlROVW0yVTUKNUI0eklxa29OeXQrdG9IS0ZZYjZpZnVPNWlBUGtwVDBNQjRFbE1KNk45b1ZPTmllNDdGV0ZJUStqVmxyNXcrbQpEQzVnbVN4eE9oaCs0MHRoc1FBN1hLSkUvY3hCaVlxMmUyckxDM1JDdTUrWXJEUUpiaFpaT2dOb2QwT2syQVpqCis4QkNSaExIOEdlcldTVUNBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC9CQVFEQWdLRU1CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSdQp4dEVqL3Rxenl5RWFNZ0F4NFc2SkpNeWRYVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbFFIbEtPcm1TUEZFCjNZR3p1Zm1ZaWVacUlZTXBBclJ2alR6SUFtams5SnFqbVYxK2Y2QXVFdE9CYy9NeHdwSEtuTHNZZVhRNUd1QVAKT0tsVTBiWGNiTmFocnd0Smg5YjVxWThSU1lMbmlrdTZxbHloK2taZHdZSTRxNW16dlVIeEJtUmpnaWJSbk05UQpLSE82QVkvbGtyNkQ5K0dJOHNDTlNLU2N5VUxVaVg0Um9sblpkUEdabmplbGFXNFBMMTVCRXNiMkRGTTV6WmVaCjBrR1p5RXhDWXdoWVZXKzlQVEo5aTRhcThYYmkvMDF4YlpxOWRIekhzd0E5SHBFcXpBVW1zeGJLQVJJUDhoNlAKdzRPQ21xbWFmY1MyaUtvdGtjQ0JrL1BiN0kzU0lmc09mczExTnVnNUFxOUYwUmd1a1FNUTJmT3pqM1FEbG1WYgpYcjZ5bE5ENGtRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
kind: Secret
metadata:
  creationTimestamp: "2024-02-07T20:57:58Z"
  labels:
    elasticsearch.k8s.elastic.co/cluster-name: dd
  name: dd-es-remote-ca
  namespace: kube-system
  ownerReferences:
  - apiVersion: elasticsearch.k8s.elastic.co/v1
    blockOwnerDeletion: true
    controller: true
    kind: Elasticsearch
    name: dd
    uid: 21e623d1-8711-4273-8d55-82d7f85ea5eb
  resourceVersion: "84366"
  uid: ec59fa6f-910c-4934-bdca-9f5105a67512
type: Opaque
%
% kubectl get secret dd-es-remote-ca --namespace default -o yaml | sed 's/namespace: default/namespace: kube\-system/g' | kubectl apply -f -
secret/dd-es-remote-ca created
% kubectl --namespace kube-system get secrets
No resources found in kube-system namespace.
%

what am I doing wrong? please advise) thank you!

% kubectl --namespace default get secret dd-es-remote-ca -o yaml | yq 'del ( .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid )' | sed 's/namespace: default/namespace: kube-system/' | kubectl apply -f -
secret/dd-es-remote-ca created
% kubectl --namespace kube-system get secrets
No resources found in kube-system namespace.
% kubectl --namespace default get secret dd-es-remote-ca -o yaml | yq 'del ( .metadata.creationTimestamp, .metadata.resourceVersion, .metadata.uid )' | sed 's/namespace: default/namespace: kube-system/'
apiVersion: v1
data:
  ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURNekNDQWh1Z0F3SUJBZ0lRYlJYNlJ6amFSQ0gwcWZ1VTNldFNSakFOQmdrcWhraUc5dzBCQVFzRkFEQWsKTVFzd0NRWURWUVFMRXdKa1pERVZNQk1HQTFVRUF4TU1aR1F0ZEhKaGJuTndiM0owTUI0WERUSTBNREl3TnpJdwpORGMxT0ZvWERUSTFNREl3TmpJd05UYzFPRm93SkRFTE1Ba0dBMVVFQ3hNQ1pHUXhGVEFUQmdOVkJBTVRER1JrCkxYUnlZVzV6Y0c5eWREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUs4VzdNUEIKOU1YTU9KTGlqbnB3czYwR3gySm0vNzdiNmlxUGN1Y3lPZEVnZkVyZFJWcU13OWtyUlY5ZG92UFFLcHhxdXpZMgpLemFpYnpLb0ZVVWZpSEVJL0p2N1Y4c3ZWNkJSK3FudXFMbE9XcG90cWNiU205WGNUWmo4Mm5xU3o4UytSSFgrCmNMM1phTG0rczdlWHRIWDF1YzdYTEFMdDFyc1dFQkYrbWFoUmxXclR2VW1PdFdsL25wQ0FTY001MlROVW0yVTUKNUI0eklxa29OeXQrdG9IS0ZZYjZpZnVPNWlBUGtwVDBNQjRFbE1KNk45b1ZPTmllNDdGV0ZJUStqVmxyNXcrbQpEQzVnbVN4eE9oaCs0MHRoc1FBN1hLSkUvY3hCaVlxMmUyckxDM1JDdTUrWXJEUUpiaFpaT2dOb2QwT2syQVpqCis4QkNSaExIOEdlcldTVUNBd0VBQWFOaE1GOHdEZ1lEVlIwUEFRSC9CQVFEQWdLRU1CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJSdQp4dEVqL3Rxenl5RWFNZ0F4NFc2SkpNeWRYVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbFFIbEtPcm1TUEZFCjNZR3p1Zm1ZaWVacUlZTXBBclJ2alR6SUFtams5SnFqbVYxK2Y2QXVFdE9CYy9NeHdwSEtuTHNZZVhRNUd1QVAKT0tsVTBiWGNiTmFocnd0Smg5YjVxWThSU1lMbmlrdTZxbHloK2taZHdZSTRxNW16dlVIeEJtUmpnaWJSbk05UQpLSE82QVkvbGtyNkQ5K0dJOHNDTlNLU2N5VUxVaVg0Um9sblpkUEdabmplbGFXNFBMMTVCRXNiMkRGTTV6WmVaCjBrR1p5RXhDWXdoWVZXKzlQVEo5aTRhcThYYmkvMDF4YlpxOWRIekhzd0E5SHBFcXpBVW1zeGJLQVJJUDhoNlAKdzRPQ21xbWFmY1MyaUtvdGtjQ0JrL1BiN0kzU0lmc09mczExTnVnNUFxOUYwUmd1a1FNUTJmT3pqM1FEbG1WYgpYcjZ5bE5ENGtRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
kind: Secret
metadata:
  labels:
    elasticsearch.k8s.elastic.co/cluster-name: dd
  name: dd-es-remote-ca
  namespace: kube-system
  ownerReferences:
    - apiVersion: elasticsearch.k8s.elastic.co/v1
      blockOwnerDeletion: true
      controller: true
      kind: Elasticsearch
      name: dd
      uid: 21e623d1-8711-4273-8d55-82d7f85ea5eb
type: Opaque
%

I'm trying to extract value from the bellow JSON:

% export test='{"a-b-c":"x-y-z"}'
% echo $test
{"a-b-c":"x-y-z"}
% echo $test | jq .a-b-c
jq: error: b/0 is not defined at <top-level>, line 1:
.a-b-c
jq: error: c/0 is not defined at <top-level>, line 1:
.a-b-c
jq: 2 compile errors
% echo $test | jq '."a-b-c"'
"x-y-z"
%

while the last line "works", my end goal is to have shell script and substitute "a-b-c" parameter with variable, however due to I must use single quotes, the actual value isn't being passed..

% export var1=a-b-c
% echo $var1
a-b-c
% echo $test | jq '."$var1"'
null
%

Please advise)

Per requirements, I did installed all the required packages, however amazon.aws.s3_object is one of those things:

• couldn't be resolved/found
• was not found in configured module paths

step(s), I used to re-produce my issue:

% docker run -it debian:stable-slim bash
root@6140e6e2c06c:/# apt-get -qq update && apt-get -yqq install ansible python3-boto3 python3-botocore
root@6140e6e2c06c:/# uname -a
Linux 6140e6e2c06c 5.15.49-linuxkit #1 SMP PREEMPT Tue Sep 13 07:51:32 UTC 2022 aarch64 GNU/Linux
root@6140e6e2c06c:/# cat /etc/debian_version
11.7
root@6140e6e2c06c:/# ansible --version
ansible 2.10.8
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
root@6140e6e2c06c:/# python3 --version
Python 3.9.2
root@6140e6e2c06c:/#
root@6140e6e2c06c:/# ansible localhost -m amazon.aws.s3_object
[WARNING]: No inventory was parsed, only implicit localhost is available
localhost | FAILED! => {
    "msg": "The module amazon.aws.s3_object was not found in configured module paths"
}
root@6140e6e2c06c:/#...

Thank you in advance!

My environment:

# cat /etc/debian_version
11.7
# ansible-playbook --version
ansible-playbook [core 2.13.1]
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/dist-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible-playbook
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]
  jinja version = 3.1.2
  libyaml = True
#

The following task is part of my Ansible role:

- name: _file - state:absent
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ find.files | flatten }}"
  register: file
  when: find.matched is defined and find.matched != 0

yet, I've noticed a warning message:

[WARNING]: TASK: XYZ : _file - state:absent: The loop variable 'item' is already in use. You should set the loop_var value in the loop_control option for the task to something else to avoid variable collisions and unexpected behavior.

after reading some:

• Defining inner and outer variable names with loop_var
• Adding controls to loops

I modified my task to something like this:

- name: _file - state:absent
  ansible.builtin.file:
    path: "{{ item.path }}"
    state: absent
  loop: "{{ find.files | flatten }}"
  loop_control:
    label: "{{ item.path }}"
    loop_var: find
  register: file
  when: find.matched is defined and find.matched != 0

this task is being called twice within my role, while first time it works fine, second time it fails

TASK [XYZ : _file - state:absent] ******************************************************************************************************************************************************************************
[WARNING]: TASK: XYZ : _file - state:absent: The loop variable 'find' is already in use. You should set the `loop_var` value in the `loop_control` option for the task to something else to avoid variable
collisions and unexpected behavior.
failed: [127.0.0.1] (item=None) => {"ansible_loop_var": "find", "changed": false, "find": {"atime": 1683511713.8529496, "checksum": "ecd34202c34bf761e4c2c9800a39e18dffad5d9e", "ctime": 1683511714.972948, "dev": 2049, "gid": 0, "gr_name": "root", "inode": 150677, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1683511714.972948, "nlink": 1, "path": "tmp/FILE.CSV", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 642, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, "msg": "Failed to template loop_control.label: 'item' is undefined", "skip_reason": "Conditional result was False"}

Please advise.

I'm trying to run docker-compose (which was installed via pip), yet running into following error:

# pip install --quiet docker-compose
# docker-compose ps
/usr/local/lib/python2.7/dist-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
  from cryptography.hazmat.backends import default_backend
Traceback (most recent call last):
  File "/usr/local/bin/docker-compose", line 7, in <module>
    from compose.cli.main import main
  File "/usr/local/lib/python2.7/dist-packages/compose/cli/main.py", line 24, in <module>
    from ..config import ConfigurationError
  File "/usr/local/lib/python2.7/dist-packages/compose/config/__init__.py", line 6, in <module>
    from .config import ConfigurationError
  File "/usr/local/lib/python2.7/dist-packages/compose/config/config.py", line 51, in <module>
    from .validation import match_named_volumes
  File "/usr/local/lib/python2.7/dist-packages/compose/config/validation.py", line 12, in <module>
    from jsonschema import Draft4Validator
  File "/usr/local/lib/python2.7/dist-packages/jsonschema/__init__.py", line 21, in <module>
    from jsonschema._types import TypeChecker
  File "/usr/local/lib/python2.7/dist-packages/jsonschema/_types.py", line 3, in <module>
    from pyrsistent import pmap
  File "/usr/local/lib/python2.7/dist-packages/pyrsistent/__init__.py", line 3, in <module>
    from pyrsistent._pmap import pmap, m, PMap
  File "/usr/local/lib/python2.7/dist-packages/pyrsistent/_pmap.py", line 98
    ) from e
         ^
SyntaxError: invalid syntax
# 

# cat /etc/debian_version 
9.13
# python2 --version
Python 2.7.13
# python3 --version
Python 3.5.3
# 

Is there a way to force docker-compose to use python3 instead of python (python2)?

@Micromegas / @MikaelH

# apt-get -q install python3-pip
# pip3 install --quiet docker-compose
# docker-compose ps
/usr/local/lib/python3.5/dist-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 3.5 support will be dropped in the next release ofcryptography. Please upgrade your Python.
  from cryptography.hazmat.backends import default_backend
Name   Command   State   Ports
------------------------------
# 

I'm following Taking Solr to Production | Apache Solr Reference Guide 8.5, however unable to overcome warning while restarting solr service:

# service solr restart
*** [WARN] *** Your open file limit is currently 1024.
 It should be set to 65000 to avoid operational disruption.
 If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to false in your profile or solr.in.sh
*** [WARN] ***  Your Max Processes Limit is currently 1024.
 It should be set to 65000 to avoid operational disruption.
 If you no longer wish to see this warning, set SOLR_ULIMIT_CHECKS to false in your profile or solr.in.sh
Sending stop command to Solr running on port 8983 ... waiting up to 180 seconds to allow Jetty process 16065 to stop gracefully.
Waiting up to 180 seconds to see Solr running on port 8983 [\]
Started Solr server on port 8983 (pid=16320). Happy searching!

# 

My system:

# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.10 (Santiago)
# uname -a
Linux X.X.X 2.6.32-754.30.2.el6.x86_64 #1 SMP Fri May 29 04:45:43 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux
# 

after doing man 5 limits.conf:

# cat /etc/security/limits.d/498-solr.conf
solr    hard    nofile  65000
solr    hard    nproc   65000
#

however, I am still getting that warning message while restart of solr service.

Please advise)

Thanks in advance!

@MirceaVutcovici:

# grep 'Max processes' /proc/$(pgrep solr)/limits
grep: /proc//limits: No such file or directory
# pgrep solr
# echo $?
1
# ps ax | grep solr
 1926 ?        Sl     2:37 java -server -Xms512m -Xmx512m -XX:+UseG1GC -XX:+PerfDisableSharedMem -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=250 -XX:+UseLargePages -XX:+AlwaysPreTouch -verbose:gc -XX:+PrintHeapAtGC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCApplicationStoppedTime -Xloggc:/var/solr/logs/solr_gc.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=9 -XX:GCLogFileSize=20M -Dsolr.jetty.inetaccess.includes= -Dsolr.jetty.inetaccess.excludes= -Dsolr.log.dir=/var/solr/logs -Djetty.port=8983 -DSTOP.PORT=7983 -DSTOP.KEY=solrrocks -Dhost=rlos.uftwf.local -Duser.timezone=UTC -Djetty.home=/opt/solr/server -Dsolr.solr.home=/var/solr/data -Dsolr.data.home= -Dsolr.install.dir=/opt/solr -Dsolr.default.confdir=/opt/solr/server/solr/configsets/_default/conf -Dlog4j.configurationFile=/var/solr/log4j2.xml -Xss256k -Dsolr.jetty.https.port=8983 -Dsolr.log.muteconsole -XX:OnOutOfMemoryError=/opt/solr/bin/oom_solr.sh 8983 /var/solr/logs -jar start.jar --module=http
 9029 pts/0    S+     0:00 grep solr
# grep 'Max processes' /proc/1926/limits
Max processes             1024                 65000                processes
#

I'm trying to follow parameters/examples, yet running into following WARNING message while executing Ansible'playbook:

TASK [apt (pre)] ********************************************************************************************
[WARNING]: The value True (type bool) in a string field was converted to u'True' (type string). If this does
not look like what you expect, quote the entire value to ensure it does not change.

relevant part of playbook:

- name: apt (pre)
  apt:
    update_cache: yes
    upgrade: yes

Please advise.

I have following output from git status, how do I grep for everything after Untracked files:

[alexus@wcmisdlin02 Test]$ git status 
# On branch master
#
# Initial commit
#
# Changes to be committed:
#   (use "git rm --cached <file>..." to unstage)
#
#   new file:   app/.gitignore
#   new file:   app/app.iml
#   new file:   app/build.gradle
#   new file:   app/proguard-rules.pro
#   new file:   app/src/androidTest/java/org/alexus/test/ApplicationTest.java
#   new file:   app/src/main/AndroidManifest.xml
#   new file:   app/src/main/java/org/alexus/test/MainActivity.java
#   new file:   app/src/main/res/layout/activity_main.xml
#   new file:   app/src/main/res/menu/menu_main.xml
#   new file:   app/src/main/res/mipmap-hdpi/ic_launcher.png
#   new file:   app/src/main/res/mipmap-mdpi/ic_launcher.png
#   new file:   app/src/main/res/mipmap-xhdpi/ic_launcher.png
#   new file:   app/src/main/res/mipmap-xxhdpi/ic_launcher.png
#   new file:   app/src/main/res/values-w820dp/dimens.xml
#   new file:   app/src/main/res/values/dimens.xml
#   new file:   app/src/main/res/values/strings.xml
#   new file:   app/src/main/res/values/styles.xml
#
# Untracked files:
#   (use "git add <file>..." to include in what will be committed)
#
#   .gitignore
#   .idea/
#   Test.iml
#   build.gradle
#   gradle.properties
#   gradle/
#   gradlew
#   gradlew.bat
#   settings.gradle
[alexus@wcmisdlin02 Test]$ 

Like this, but without specifying number of lines, like the -A parameter in GNU grep:

[alexus@wcmisdlin02 Test]$ git status | grep -A100 'Untracked files'
# Untracked files:
#   (use "git add <file>..." to include in what will be committed)
#
#   .gitignore
#   .idea/
#   Test.iml
#   build.gradle
#   gradle.properties
#   gradle/
#   gradlew
#   gradlew.bat
#   settings.gradle
[alexus@wcmisdlin02 Test]$ 

Is there a way to do it?

[alexus@wcmisdlin02 Test]$ grep --version
grep (GNU grep) 2.20
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Written by Mike Haertel and others, see <http://git.sv.gnu.org/cgit/grep.git/tree/AUTHORS>.
[alexus@wcmisdlin02 Test]$ 

I'm playing around with Red Hat's High Availability Add-On, everything seems working fine however I have one issue:

Whenever I reboot one of nodes 7test2, resource group g1 migrates to 7test1 (by design) and then when 7test2 comes back online resource group g1 migrates back, it's like it has some sort of stickiness or something.

[root@7test1 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.1 (Maipo)
[root@7test1 ~]# rpm -q pcs 
pcs-0.9.137-13.el7.x86_64
[root@7test1 ~]# pcs status
Cluster name: 7test
Last updated: Thu Apr 23 17:11:10 2015
Last change: Thu Apr 23 17:00:02 2015
Stack: corosync
Current DC: 7test1.uftwf.local (1) - partition with quorum
Version: 1.1.12-a14efad
2 Nodes configured
3 Resources configured


Online: [ 7test1.uftwf.local 7test2.uftwf.local ]

Full list of resources:

 rhevm  (stonith:fence_rhevm):  Started 7test1.uftwf.local 
 Resource Group: g1
     IPaddr (ocf::heartbeat:IPaddr2):   Started 7test2.uftwf.local 
     MailTo (ocf::heartbeat:MailTo):    Started 7test2.uftwf.local 

PCSD Status:
  7test1.uftwf.local: Online
  7test2.uftwf.local: Online

Daemon Status:
  corosync: active/enabled
  pacemaker: active/enabled
  pcsd: active/enabled
[root@7test1 ~]# 

How can I set resource stickiness in pacemaker?

I have Subversion repository that contains multiple projects, and now I'm trying to separate each project into it's own repository.

system:

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.11 (Tikanga)
# rpm -q subversion
subversion-1.6.11-12.el5_10
# 

subversion:

$ svnadmin dump http://svn/repo1/proj1/
svnadmin: E205000: 'http://svn/repo1/proj1/' is a URL when it should be a local path
$ 

according to following document - svnadmin—Subversion Repository Administration

Since svnadmin works via direct repository access (and thus can only be used on the machine that holds the repository), it refers to the repository with a path, not a URL.

that explains why it didn't work for me. What other alternatives ways to accomplish that?

I'm trying to configure NFS between two RHEL7 nodes:

first node:

[root@ip-10-164-175-246 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.0 (Maipo)
[root@ip-10-164-175-246 ~]# rpm -q nfs-utils
nfs-utils-1.3.0-0.el7.x86_64
[root@ip-10-164-175-246 ~]# cat /etc/exports
/var/www/html/  ip-10-184-161-46.ec2.internal(rw)
[root@ip-10-164-175-246 ~]# 

second node:

[root@ip-10-184-161-46 ~]# mount ip-10-164-175-246.ec2.internal:/var/www/html/ /mnt/
[root@ip-10-184-161-46 ~]# touch /mnt/$$
touch: cannot touch ‘/mnt/3326’: Permission denied
[root@ip-10-184-161-46 ~]# 

Why can't I write anything to /mnt/ over NFS?

I just created an Amazon AWS EC2 instance running RHEL7:

[root@ip-10-184-161-46 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.0 (Maipo)
[root@ip-10-184-161-46 ~]# 

And even though I selected 10GB as my storage capacity, for whatever reason I'm only seeing 6GB that's available for me to use right away:

[root@ip-10-184-161-46 ~]# mount | grep xfs | grep -v selinux
/dev/xvda1 on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
[root@ip-10-184-161-46 ~]# df -h | grep xvda
/dev/xvda1      6.0G  2.2G  3.9G  37% /
[root@ip-10-184-161-46 ~]# fdisk -l /dev/xvda

Disk /dev/xvda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0000b85c

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *        2048    12584959     6291456   83  Linux
[root@ip-10-184-161-46 ~]# 

this is what I did:

[root@ip-10-164-175-246 ~]# fdisk -l /dev/xvda

Disk /dev/xvda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0000b85c

    Device Boot      Start         End      Blocks   Id  System
/dev/xvda1   *        2048    12584959     6291456   83  Linux
/dev/xvda2        12584960    20971519     4193280   83  Linux
[root@ip-10-164-175-246 ~]# xfs_growfs /
meta-data=/dev/xvda1             isize=256    agcount=4, agsize=393216 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0
data     =                       bsize=4096   blocks=1572864, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal               bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
[root@ip-10-164-175-246 ~]# df -h | grep xvda
/dev/xvda1      6.0G  2.3G  3.8G  38% /
[root@ip-10-164-175-246 ~]# 

Where are my other 4GB? I thought running xfs_growfs / will increase the size of my xfs partition.

What am I doing wrong?

Is there a way to temporarily ignore my ~/.ssh/known_hostsfile?

mbp:~ alexus$ ssh 10.52.11.171
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Please contact your system administrator.
Add correct host key in /Users/alexus/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/alexus/.ssh/known_hosts:155
RSA host key for 10.52.11.171 has changed and you have requested strict checking.
Host key verification failed.
mbp:~ alexus$ 

NOTE:

.. by a few answer(s)/comment(s) i realize that my question is a bit misleading, so short it is expected behavior), so it's normal (in my case) there is a valid reason behind it on why I want to see "ignore it")

I need to schedule a Task inside of my Windows 2012 to run every minute, how would one accomplish that? This is my Task:

C:\>C:\Users\Administrator\Downloads\wget\bin\wget.exe --spider --quiet http://XXX/XXX.aspx
SYSTEM_WGETRC = c:/progra~1/wget/etc/wgetrc
syswgetrc = C:\Users\Administrator\Downloads\wget/etc/wgetrc

C:\>

I've tried Task Scheduler->Create Task, but I can't figure out how to schedule to run it every minute.

this is equivalent in *NIX world:

$ crontab -l
* * * * *   wget --spider --quiet http://XXX/XXX.aspx
$ 

any ideas? thanks!

How does one block either IP address of network range inside of Varnish's VCL file?

How can I compare two directories with sub dirs to see where is the difference?

I need to restrict certain user(s) so that they can only SSH in using ssh keys and other users can login using key or password.

an example:

i'd like for root user to be able to login remotely (through sshd) using key, so no password would be accepted (even if password is right)

and for other users (everyone on the system) they can log in using key and/or password

how would I do that?

is there a way to block users on firewall level from using torrents?