The Intel Xeon 6208U CPU is advertised to have a base frequency of 2.9 GHz and Turbo Boost frequency of 3.9 GHz - but that is for one core, which is not very useful (and IMO, highly misleading). I'm interested in the Turbo Boost frequency for all cores. Intel now intentionally hides this information but cpu-monkey.com shows it to be 2.6 Ghz. Is this possible? What does it mean for the Turbo Boost frequency to be lower than the base frequency?
I have a monitoring script (running as an unprivileged user) that needs to check all instances of Postgres currently running on the same host (Ubuntu Linux 18.04). Is there an easy way to find all their port numbers?
I was thinking of listing all files matching /var/run/postgresql/.s.PGSQL.* but I'm not sure whether this is reliable or the easiest way.
I'm using HAProxy 1.8 to proxy requests to my HTTP API and now want to load-balance between multiple servers, so something like this:
backend http-in-backend
balance roundrobin
server api-server1 10.1.1.1:1234
server api-server1 10.1.1.2:1234
However, there are some requests that need to be sent to all servers. It's OK to return the response from any of them to the client in this case, as the response should be the same. Is there a way to do this? I can conditionally send those requests to a separate backend, of course. So the problem is really: how do I send one request to multiple servers and return the response from any one of them?
One of our Supermicro servers reports an error like this during POST:
Failing DIMM: DIMM location (Correctable memory component found)
DIMMB2
I can also see this in the Health Event Log in the IPMI web interface:
Failing DIMM: DIMM location. (Correctable memory component found) (DIMMB2)
Until I rebooted it (for unrelated reasons), the server has been running fine, so I had no idea anything was wrong with its RAM. Is there any way to find errors like this without rebooting the server, e.g. some ipmitool command?
If not, is there a way to at least a scriptable way to see these errors after a server has been rebooted, i.e. without using the web interface? I tried ipmitool sel elist, but it shows these entries as "Unknown" events:
5 | 10/11/2019 | 11:21:25 | Unknown #0xff | | Asserted
Edit: I found that Supermicro's proprietary tool, IPMICFG, can show these events (IPMICFG-Linux.x86_64 -sel list) but it would still be nice to have a way to do this with ipmitool and, most importantly, without rebooting.
I want to manage UFW firewall rules on a number of remote Ubuntu 18.04 machines using Ansible. If a change to the firewall rules prevents me from re-connecting to the machines via SSH that would be very difficult to fix (go to the data centre in a hurry, type in complicated root passwords one by one, edit firewall config manually). Is there a way to test that a firewall rule change won't prevent me from re-connecting before the change is applied?
Alternatively, is there a way to automatically restore firewall rules if they are applied and I am locked out? (I could make my own back-up and set up a cron job to restore it, then connect again and delete the cron job, but maybe something like this already exists?)
I was testing how an Ubuntu 16.04 machine handles low memory conditions and had several suspended jobs that that used up almost all the RAM on the server. I was still able to run normal bash commands when I left work last night. In the morning (without anyone doing anything to the server) all commands (ps, free, ls, etc.) gave the following error:
-bash: fork: Cannot allocate memory
I was eventually able to run jobs and kill %1 to recover the machine. It was lucky that I kept an SSH session open, because further SSH connections failed (the client simply didn't show a command prompt after authentication).
The fact that regular userland programs can effectively bring down the entire server to the point where, if there wasn't an existing SSH session, it would have to be hard-rebooted, is highly concerning! My understanding was that Linux (or any OS, really) should kill processes to free up RAM before the entire system gets to such an unusable state. How do I make it do that?
My Postfix mail server is set up with opportunistic TLS. Is there a way to get some statistics on how many incoming and outgoing emails actually use TLS? It would be nice to know which of the domains that my mails server talks to support and don't support TLS as well.
I have a Windows batch script that copies an EXE or batchfile to a remote fileshare and runs it on the remote server using PowerShell WinRM. The line that runs the command remotely looks like this:
ECHO Invoke-Command -Authentication CredSSP -Credential %USERDOMAIN%\%USERNAME% -ComputerName %SERVER_NAME% -ScriptBlock { cd (gwmi Win32_Share -Filter "name='%SHARE_NAME%'").Path ; .\%MY_EXE_TO_RUN% } |PowerShell.exe -Command -
I need to change the current directory to the fileshare directory where the EXE/batch file to be run is located (it relies on this). It also must be a local directory - if I try to CD \\%SERVER_NAME%\%SHARE_NAME% this works for an EXE, but fails for a batch file, cmd.exe doesn't support a UNC path as current directory. However, I also don't want to hardcode in the script the local path for the share, so I try to look it up in WMI.
This works fine for admins, but fails for non-admins with an Access denied error. These non-admin users can RDP to the server, open PowerShell and successfully run gwmi Win32_Share there. So it seems like the permissions checks are somehow different when running via WinRM!
I found http://www.adilhindistan.com/2013/10/permissions-to-access-wmi-remotely.html but it seems pretty complicated to do on many servers. I don't need remote WMI access for anything other than this. Perhaps there is another way to resolve the local path for the share? Or, alternatively, can I somehow run the WMI query and have the local permission checks applied to it? After all, I am already code on the remote server, so there should be some way to do this.
I want to apply the following PowerShell settings on many servers:
Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 12345
Set-Item WSMan:\localhost\Plugin\Microsoft.PowerShell\Quotas\MaxMemoryPerShellMB 12345
I found https://technet.microsoft.com/en-us/library/hh751276(v=sc.12).aspx and tested that the Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify maximum amount of memory in MB per Shell setting changes localhost\Shell\MaxMemoryPerShellMB, but is there a way to change localhost\Plugin\Microsoft.PowerShell\Quotas\MaxMemoryPerShellMB ?
Our Windows Server 2012 R2 VMware virtual machines have scheduled tasks defined to reboot them weekly using shutdown.exe /r and some of these servers fail to restart some of the time. When I connect to the server via VMRC I see a screen like this:
I have to power cycle the server to get it to work again. The System event log doesn't contain any errors. The last messages before shutdown are:
The IKE and AuthIP IPsec Keying Modules service entered the stopped state.
The kernel power manager has initiated a shutdown transition.
After power-cycling there is a message like this:
The last shutdown's success status was false. The last boot's success status was false.
I tried enabling boot logging, but there are no logs at all for the failed boot in %SystemRoot%\ntbtlog.txt. So either the problem occurs before the first log entry is written or it's actually failing to shut down.
If I manually reboot the server, including by running shutdown /r from a command prompt this works. What else can I do to troubleshoot this?
I'd like to perform an unattended installation of PostgreSQL 9.5 on a number of Windows 7 machines, ideally by assigning an MSI via Group Policy. There seems to be no MSI file, but the EnterpriseDB EXE installer supports "--mode unattended". That should be workable, but I also want to change some options in postgresql.conf and pg_hba.conf (to enable SSPI authentication, for example). What's the easiest way to do this? Is there a way I can edit the files inside the installer EXE, for example? (7-zip fails to extract it.) Or do I have to write my own script to modify the config files and restart the service afterwards?
Our Active Directory domain consisting of Windows Server 2012 R2 servers and Windows 7 workstations configures Internet Explorer security zones using this Group Policy setting:
Computer Configuration/Policies/Administrative Template/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Site to Zone Assignment List
However, this has no effect on the servers, which have IE Enhanced Security Configuration enabled. How do I configure them using Group Policy? Ideally, I'd want the same settings to apply both with and without ESC without listing them twice.