How can i fix iotop to show PRIO correct value?
I have two scripts, what I would like to do is:
- at 1am, the first one runs
- once the first one stops, and this is a condition, the second one fires
So, should i use:
[Service]
ExecStartPre = script.py
ExecStart = secondscript.py
or
[Service]
Type = oneshot
ExecStart = first.py
ExecStart = second.py
man notes this:
Note that
ExecStartPre=may not be used to start long-running processes. All processes forked off by processes invoked viaExecStartPre=will be killed before the next service process is run.
And my scripts can be long-running ones (some hours each).
Or is there a better way to ensure second runs only after first is fully-executed?
Also, this service is called by a timer:
[Timer]
OnCalendar=*-*-* 1:00:00
Unit = script.service
and i want only one instance of this running; even if the script.service takes 3 days to run, the next run should be reported to the next day after it finishes, at 1:00:00. Is this the default?
I'm trying, in a dev box (Ubuntu 20.04), to setup for the first time a chroot.
Here is my PHP-FPM pool (Apache 2.4 as Webserver):
[test]
prefix = /srv/users/$pool
user = $pool
group = $pool
listen = /srv/users/$pool/run/php-fpm.sock
listen.owner = $pool
listen.group = www-data
listen.mode = 660
chroot = $prefix
chdir = /
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMPDIR] = /srv/users/$pool/tmp
env[TEMP] = /srv/users/$pool/tmp
env[TMP] = /srv/users/$pool/tmp
php_admin_value[doc_root] = /srv/users/$pool/app
php_admin_value[upload_tmp_dir] = /srv/users/$pool/tmp
php_admin_value[sys_temp_dir] = /srv/users/$pool/tmp
With this setup, without further configurations, I'm able to install Wordpress, use their Plugins store (so, DNS resolution works) send emails with a SMTP configured, etc.
Problem (or not?) is that I've read here, or here that several files need to be either copied over or mount --bind on the chroot to these functions to work.
Who can I make sure my chroot is working properly and not misconfigured?
My php-fpm pools look like this (as per https://www.php.net/manual/en/install.fpm.configuration.php#example-24 this is a very valid synthax:)
[vmtest]
prefix = /srv/users/vmtest
user = vmtest
group = vmtest
listen = /srv/users/vmtest/run/php-fpm.sock
listen.owner = vmtest
listen.group = www-data
listen.mode = 660
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMPDIR] = /srv/users/vmtest/tmp
env[TEMP] = /srv/users/vmtest/tmp
env[TMP] = /srv/users/vmtest/tmp
slowlog = /srv/users/vmtest/log/php.slow.log
php_admin_value[error_log] = /srv/users/vmtest/log/php.error.log
php_admin_value[mail.log] = /srv/users/vmtest/log/php.mail.log
php_admin_value[doc_root] = /srv/users/vmtest/app
php_admin_value[upload_tmp_dir] = /srv/users/vmtest/tmp
Everything works fine here, except php_admin_value values. When I load phpinfo() for any pool, it shows:
error_log => no value => no value
mail.log => no value => no value
doc_root => no value => no value
upload_tmp_dir => no value => no value
Check the NIC ring buffer:
# ethtool -g eth0
Ring parameters for eth0:
Pre-set maximums:
RX: 4096
RX Mini: 0
RX Jumbo: 0
TX: 4096
Current hardware settings:
RX: 256
RX Mini: 0
RX Jumbo: 0
TX: 256
One can set "RX/TX" up to the limit shown in the "Pre-set maximums" like:
# ethtool -G eth0 rx 4096 rx 4096
Question is: by default;, why are these set so low (in every server I have, all of them are at 256) instead of a higher value, or their Hardware max capabilities? Is there any drawbacks (if yes, wich?) increasing these values?
My setup is :
upstream http_backend {
server 127.0.0.1:81;
keepalive 16;
}
server {
...
location / {
proxy_pass http://http_backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}
But I get a 403 on every page.
If I comment #proxy_set_header Connection ""; pages are loaded. But accordingly to nginx docs, it should be cleared:
For HTTP, the proxy_http_version directive should be set to “1.1” and the “Connection” header field should be cleared:
Is there anything i must set at Apache side so i can set keeplive between nginx (proxy and ssl offloader) and apache (mpm_event and php-fpm)? KeepAlive is set to On already.
With OnCalendar systemd timer i can create something like this to run every 5 minutes.
OnCalendar=*:0/5
Is it possible to run it at every minute ending at 5 (00:05, 00:15, 00:25...) only?
And/or at every minute ending with a 0 (00:00, 00:10, 00:20...) only?
Main goal is to have a timer on 2 server, so each one runs at spare times; in case one fails, the other will at least run every 10 minutes (instead of 5).
I've created a container named jobs some months ago, and today i see another container named jobs_segments holding several Gigabytes of data.
I've read that it is created to hold the individual parts when doing a segmented SWIFT upload.
Questions are :
- can or should this container or files inside it be deleted once the segmented upload has finished?
- is there any option to avoid this second container
_segmentsand work only at the main one,jobs?
I capture the server name like this:
server_name ~^(?<account>.+)\.myapp\.io$;
an later i try to use it on the same file, like:
include $account.conf;
but it returns:
nginx: [emerg] open() "/etc/nginx/$account.conf" failed (2: No such file or directory)
of course, the file exists.
If i use it somewhere else, it works, like:
access_log /var/log/nginx/$account-access.log;
I wish to BLOCK all sshd connection BUT one dynamic IP assigned to a <subdomain>.ddns.net so I've put this in /etc/hosts.deny:
sshd: ALL EXCEPT <subdomain>.ddns.net
This does not allow me to connect to SSH.
Instead, if I place the IP resolved (a dig <subdomain>.ddns.net confirms it) by that hostname, it works:
sshd: ALL EXCEPT <ipv4.resolved.by.hostname>
I've also tried with UseDNS yes or no in sshd_config, but it changes nothing.
Firewall (UFW) is open by the rule ufw limit ssh
My actual /etc/ssh/sshd_config here below:
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms [email protected]
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]
PermitRootLogin no
AllowUsers remotessh
IgnoreRhosts yes
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
PubkeyAuthentication yes
AllowTcpForwarding no
AllowStreamLocalForwarding no
GatewayPorts no
PermitTunnel no
UseDNS no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server