Latest Server related questions

I am following this tutorial on kubernetes site to reconfigure my nodes so that I can change gracefullshutdown from 0s to 30s.

after generating the configz file from kubectl proxy, I made the changes and pushed it to the control plane kube-system config location.

running: k get configmap -n kube-system yields the below:

NAME                                 DATA   AGE
coredns                       ...

I have been trying to get it work for a while, I have an openvpn server (installed using Angristan https://github.com/angristan/openvpn-install ) on Openvz 7 vps running debian 10 . So most of the configuration things were handled by it. It created a client config file (myClient.ovpn) which I downloaded on client. On client (which is linux mint 20.3), I am testing connecting using :

openvpn --clien ...

We have an Active Directory setup. We have a bunch of Linux servers where we create a folders/directory where we need to give only Users in specific AD groups permissions.

How do we create directories and assign only read and write permissions to specific folders only to members of specific AD groups.

On Linux based LDAP this is a breeze. However when AD users access these folders via AD authenticat ...

We currently have a kubernetes cluster (using calico) where all worker nodes are connected together with lacp bonds (2x10GB links with LACP Mode 4 - 802.3ad).

However, the maximum throughput we manage to get between 2 pods is 10 GB/s. According to some documentation, we should be able to achieve 20 GB/s. According to wikipedia, it seems to be a normal behavior:

This selects the same NIC slave for e ...

I am planning implementation of Microsoft’s Active Directory tier administrative model, and I was wondering how to overcome the problem of system administration over VPN. One of the security principals is to have all admin accounts in a Protected Users group, and the other is to use privileged access workstations. Using this in combination with working from home crates a problem. How to login  ...

First, this issue becomes a problem only on CentOS8, while it works well on CentOS7. This is the version:

# cat /etc/redhat-release
CentOS Linux release 8.3.2011

I tried to make a service to execute bash commands to change route. Here is the executable bash /root/route_degrade.sh:

#!/bin/bash
# ensure router role
echo "1" > /proc/sys/net/ipv4/ip_forward
systemctl start firewalld
firewall-cmd --add-ma ...

How do I refresh a set element's timeout/expires value with nft before it is expired?

Adding an existing element to the set does not reset the timeout/expires value:

nft add element ip mytable myset { 10.10.10.1 timeout 60s }
# wait 10s
nft add element ip mytable myset { 10.10.10.1 timeout 60s expires 60s }
nft list set ip mytable myset

With iptables/ipset I could refresh timeouts by adding existing elem ...

We have an issue with the use of Hetzner Cloud's Network with Hetzner Robot's vSwitch. I'm setting up a new project, where I have 2 dedicated Robot servers. They are set up in a vSwitch with a /28 public subnet. We need those IP's for whitelisting to/from external parties.

Because we have a very dynamic application load, we use Cloud servers with a scaling mechanism for handling all the applicati ...

Is it possible to somehow "forward" all traffic from one computer destined for another network to another computer on the same network?

Here's an example to clarify.

Say we have Computer A and Computer B both on Network 1. Computer A is also connected to Network 2 via VPN. Computer B is not connected to Network 2 at all. Is it possible for Computer B to somehow access Network 2 through Computer A, b ...

I"m getting a nosrv error. In this case its expected, since the drone address can't be resolved. Its from a docker network.

gateway_1          | [WARNING]  (1) : parsing [/usr/local/etc/haproxy/haproxy.cfg:50] : 'server D4M1' : could not resolve address 'drone', disabling server.
gateway_1          | [NOTICE]   (1) : New worker #1 (8) forked
gateway_1          | <150>Mar 26 06:35:23 haproxy[8 ...

I followed these instructions to install Alpine Linux on EC2. Everything went well and I was able to create an AMI from which I can launch new instances.

My instance is supposed to act like a NAT Gateway. I, then, enabled net.ipv4.ip_forward and configured iptables similar to how it's described in the AWS documentation, but for Alpine instead. Then, I created a new AMI, which, in theory, should've be ...

I have a problem with MariaDB 10.3.16. I was trying to convert a rather large table (26GB) from MyISAM to InnoDB and unfortunately the disk space ran out during this process. When it got full, it logged plenty messages like this:

2022-03-25 0:03:54 18688637 [ERROR] InnoDB: preallocating 26935820288 bytes for file ./mydatabase/#sql-22ba_11d2a7d.ibd failed with error 28

...and then MariaDB crashed ...

On my single DNS server, bind9 (version 9.11.5-P4-5.1), I have configured a Response Policy Zone (RPZ) to block certain domains. The IP of the DNS server is 192.168.1.5

Now I am going to put the relevant parts to the configuration of the different files and commands:

On the server:

In /etc/bind/named.conf.options

acl trusted {
    localhost; # this server
    192.168.1.0/24; #my net
}

Also

// Only a ...