Latest Server related questions

I have a question about the OOM killer logs. We are expecting a lot of OOM kills.

The ecosystem

My ecosystem looks like below:

I have a server with 4 cores and 8 GB of RAM. I am running there the following most resource-consuming programs:

1. PostgreSQL database
2. Two applications with processes called vega - native binaries compiled from Go code.

I cannot isolate applications from PostgreSQL because ...

I try to install a dockerized owncloud instance behind a nginx server (on the same virtual machine). The whole vm-server (redhat8) is behind a netscaler (type unknown, managed by my company) which handles the ssl handshake via wildcard certificate. The nginx server is reached only via port 80 http. My nginx-conf:

server {

    listen 80;
    server_name cloud.mydomain.com;

    location / {

       ...

The web site is running, Gigicorn has multipule workers. For some reason the url_calling : http://web?id=value the id=value do not propagate coherently, (sometimes it works, but most of the time it doesn't) what am I missing?

Gigicorn conf :

#bind = ['127.0.0.1:8000', '127.0.0.1:8001', '127.0.0.1:8002','127.0.0.1:8003','127.0.0.1:8004','127.0.0.1:8005','127.0.0.1:8006','127.0.0.1:8007','127.0.0.1:8008' ...

Context :
oVirt 4.4.9.3-1.el8
glusterfs 8.6
Self-hosted engine

Problem:
Since I update my certificates (with engine-setup) because of the warning that my certs will expire soon, I can't open the noVNC console anymore.

In the logs on engine, I have these :
in /var/log/messages :

ovsdb-server[510110]: ovs|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive
error: Protocol error
ovsdb-server ...

I'm working on a C# application, handling TCP sockets.

I have a server application (Hercules) on the remote machine, trying to keep a socket open.
I have my application on my machine, subscribing to that open socket.

I'm using Microsoft's TCPViewer to follow what's happening.

After some minutes, I see the socket turning from an established into a time wait state, and then the socket connection drops.

Looking at my 1.23 GKE cluster under "observability", I see memory usage of 200%+. The breakdown shows most of it is by the v2k-system namespace, which AFAIK is GKE's internals. Why does it use over 2x memory than what it actually requests? I've got my own pods trying to get memory and fail - I suspect it's because v2k-system pods take up all the memory

I am managing a server that uses 2 nvme ssds on RAID 1 connectivity. At once point I lost access to one of the 2 and got my normal raid array degraded mails from mdadm.

So I asked from the hosting company to check it out and they said that the array's contacts needed cleaning to make better contact and once they did that the machine picked up the nvme and started rebuilding the array.

When rebuildin ...

0

I have configured exim4 and am trying to send out emails using port 587 and the email is being sent but on the mail server it show connecting at port 25. I am using:

echo "Subject:Hello All" | sendmail -v -port 587 [email protected]

T: remote_smtp for [email protected] Connecting to gmail-smtp-in.l.google.com [2607:f8b0:4004:c08::1a]:25 ... LOG: MAIN (Not pasting the entire output of the ...

I have 2 NTP servers. One synchronized directly with a GPS clock (I will call this server 185), so st 0. Then I have a second one (Let's call it 186) that should synchronize with the 185 since it is st 1 but instead it synchronizes with LOCAL.

[root@185 ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
======================================================== ...

I have a self signed certificate which I wish to trust. Adding it a traditional way is not working - I still have SSL errors in browser and curl. What else am I supposed to do? Fedora 37 x64.

[aleksandr@fedora ~]$ sudo cp Downloads/localhost.pem /etc/pki/ca-trust/source/anchors/
[aleksandr@fedora ~]$ cat /etc/pki/ca-trust/source/anchors/localhost.pem
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgII ...

I'm trying to initialise a kubernetes cluster using kubeadm, unfortunately this isn't working as expected. This is the kubeadm config file:

apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
kubernetesVersion: "v1.19.16"
networking:
  podSubnet: "10.230.0.0/16"
  dnsDomain: "company.internal"
etcd:
  external:
    endpoints:
      - https://kube-etcd-1:2379
      - https://kube-etcd-2:23 ...

I'm under an unreliable ISP/AS, something like the GFW. They actively try to sabotage a TCP+TLS session by attacks such as sending SYN RST to established connections, making the connection timeout, messing with handshaking etc.

Is there a utility in the networking stack to find out if the server is under such quality-of-service attacks?

For example, to detect a SYN RST from someone other than client/ser ...

1. Just started es report: [2022-12-21T02:15:32,549][WARN ][o.e.c.r.a.DiskThresholdMonitor] [es-node0] flood stage disk watermark [10gb] exceeded on [NV7q65SBQBWdsgLjTxbQOw][es-node0][/usr /share/elasticsearch/data/nodes/0] free: 3.2gb[3.3%], all indices on this node will be marked read-only.
2. After I cleared the disk space of the Linux system and restarted the es service under docker, the java prog ...

I'm running Ubuntu 20.04. It works well by forwarding http requests directed at port 8080 of the local machine to another machine's port 80. But when I set iptables rules to forward smb requests directed at a local machine to another machine running a smb server, it failed. There are only hits in PREROUTING, but no in POSTROUTING. The iptables commands are the following:

sudo iptables -t nat -A PRE ...

For some reason, I am suffering very poor disk performance on RAID 10, but normal performance on RAID 5.

For context, I have 4 x 1 TB hard drives in a server. They are the physical volumes within the volume group.

  PV         VG Fmt  Attr PSize    PFree
  /dev/sda1  vg lvm2 a--  <931.51g    0 
  /dev/sdb1  vg lvm2 a--  <931.51g    0 
  /dev/sdc1  vg lvm2 a--  <931.51g    0 
  /dev/sdd1  vg l ...

I work for a school district that uses AirWatch/Workspace One (version 2203) by VMWare to manage our Apple devices (mostly iPads) for students. One of the ways we deploy our applications is through the legacy AirWatch catalog (i.e. you can generally configure it by going into Groups & Settings -> All Settings -> Apps -> Workspace ONE -> AirWatch Catalog); from the user side, this appear ...

I feel a bit embarrassed to ask this, because I am not able to figure it out myself.

I run a vaultwarden instance (open source bitwarden) on a public VPS on the open Internet. It is properly set up with an nginx reverse proxy with proper SSL termination and LetsEncrypt certificates. I also have yubikey required access enabled.

I should be fine.

Nevertheless, I am wondering why I should have a service a ...

So my problem is that my site is accessible also with IP like https://xx.xx.xx.xxx something that I don't want. I only need domain name accessing servers IP. I tried virtual hosts on apache2 to redirect to domain but I think I can't make it after many tries like

<VirtualHost *:443>
ServerName test.com
DocumentRoot /var/www/html

SSLEngine on
SSLCertificateFile /path/to/your/ssl/certificate.crt
S ...

My system:

• most recent Debian 11 image
• vServer running at my hosting provider
• virtualized via Xen
• normal HDD, no SSD; no lvm or raid used

Somehow I managed to install Debian 11 with misaligned partitions. (this question is a follow-up of this one)
fdisk says:

Device     Boot      Start        End    Sectors  Size Id Type
/dev/xvda1               2 2095151103 2095149056  999G 83 Linux
/dev/xvda2      20 ...

Have an on premise Exchange 2019 server. Trying to restrict OWA users from downloading attachments. All online documentation I have found says to disable direct file download to both public and private computers. I did this using the PowerShell commands. However, it doesn't appear to work. Users can still choose to save an attachment when logged into OWA. Anyone else seen this? Know where I messed up? A ...

We are trying to set up a Site-to-Site VPN with IKE v2 using Windows Server 2012 R2 machines as the tunnel endpoints on each end. We are able to PING and get replies in one direction, but we are not able to PING and get replies in the other direction. Also, the tunnel can be initiated from the same side that the pings are working, but not from the other side. We are using RRAS Demand Dial interfaces o ...

I have set up an Azure Files share with Azure AD Kerberos as the authentication source.

I get the error below when running the connection script (Active Directory authentication) on an end user's PC.

The PC is Azure AD-joined, with the user logging in with an Azure AD account.

Users need to be able to access the Azure Files share when they are not on the local domain.

New-PSDrive : The system cannot co ...

I'm using PFsense and i have this situation: Network Example

I have a Pfsens already connected with "Site1" through OpenVPN. I can acess the "Device" normally in Pfsense network.

But now i have to make another VPN with "Concessionaria" but this network ask-me address in another range (172.25.16.0/24). Basically, the "Concessionaria" wants access "Device" through Pfsense using the address 172.25.16 ...

Somehow I managed to install a server with misaligned partitions.
fdisk says:

Device     Boot      Start        End    Sectors  Size Id Type
/dev/xvda1               2 2095151103 2095149056  999G 83 Linux
/dev/xvda2      2095153150 2097149951    1996802  975M  5 Extended
/dev/xvda5      2095153152 2097149951    1996800  975M 82 Linux swap / Solaris

Consequences:

• my partitions are misaligned so  ...

I have 2 domains, A and B. We are migrating our user profiles and computers from A to B using ADMT. Our test accounts and machines migrate fine, however the only issue is that it updates the SID, so users would lose access to their desktop/files. Is there any way to associate the accounts on domain B to the desktops they had on domain A?

I have seen some registry edits for this, but since this wi ...

This is a plain vanilla fresh install of FreeBSD 13.1. The resolv.conf file is as follows and Unbound is not enabled.

nameserver 192.0.2.1

DNS resolution on the local machine is ignoring /etc/hosts. What is missing from the configuration?

I want to add the 'my_session' cookie value in the Apache error log. I have added an access log 'LogFormat' as below:

<IfModule mod_ssl.c>

    <VirtualHost *:443>

        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" [%{my_session}C : %{UNIQUE_ID}e]" detailed
        CustomLog ${APACHE_LOG_DIR}/ssl.www.example.com_access.log detailed

        ErrorLogForma ...

I work in a research laboratory with multiple physical machines with different specifications. The machines have different CPUs (some Intel, some AMD), different RAM sizes, some have discrete GPUs, and some don't.

Our current solution is based on SSSD and Kerberos, so that users can log in to their accounts from every terminal and have access to their files. The problem is that this way, users ar ...

I have a server for Euro Truck Simulator 2 which is called by the following command:

LD_LIBRARY_PATH='$ORIGIN/../../linux64' eurotrucks2_server

When the server is running, sometimes I get these lines in console (and I'd like to hide them):

src/steamnetworkingsockets/clientlib/steamnetworkingsockets_sdr_common.h (564) : m_pServer->m_nReplyTimeoutsSinceLastRecv == 0

But whenever I append a | grep -v "T ...

I have ADFS on my environment and it's currently authenticating via active directory perfectly fine. I'm trying to enable certificate authentication so they can authenticate with their smart cards. Currently, the smart cards are imported into their AD accounts and they can successfully get prompted to select the correct certificate and login (just not from ADFS). I also checked that the clients Root CA' ...