Archive for the ‘sysadmin’ Category

Dynamic DNS helper scripts

Friday, December 1st, 2017

While dynamic DNS is a wonderful tool for automation and orchestration, tools for easy cleaning up and logging changes are needed. This post describes a couple of scripts that may help.

Read the rest of this post on Redpill Linpro SysAdvent Calendar.

copr packages of varnish-5.2, varnish-modules and miscellaneous vmods for el6 and el7

Friday, October 27th, 2017

Some weeks ago, the Varnish Cache project released a new upstream version 5.2 of varnish cache. I have built a copr repo with varnish packages for el6 and el7 based on the fedora package, and a selection of matching vmods.

The following vmods are available:

Included in varnish-modules:
vmod-cookie
vmod-header
vmod-saintmode
vmod-softpurge
vmod-tcp
vmod-var
vmod-vsthrottle
vmod-xkey

Packaged separately:
vmod-geoip
vmod-basicauth
vmod-curl
vmod-digest
vmod-memcached
vmod-querystring
vmod-rfc6052
vmod-uuid

Please test and report bugs. If there are enough interest, I may consider pushing these to fedora as well. Packages are available at https://copr.fedorainfracloud.org/coprs/ingvar/varnish52/

OCSP: What, why, how?

Thursday, January 12th, 2017

While debugging a problem with OCSP, I had to sit down and understand what it really does and why. So What is OCSP, and why do we use it?

Read the rest of this entry

Deduplication of old filesystems

Sunday, December 18th, 2016

Modern filesystems, and even storage systems, might have built-in deduplication, but common filesystems still do not. So checking for redundant data and do deduplication when possible might save disk space.

Once up on a a time, there was a system, were we had this 6TB spool of binary files on an production ext4 filesystem, and the volume was running out of disk space. The owner of the data thought it likely that there were duplicates in the vast ammount of files, and wanted to check this up. We checked using fdupes, and yes, there were a lot of duplicates.

Read the rest of the post at Redpill Linpro’s sysadvent blog

Bash: Random numbers for fun and profit

Tuesday, December 13th, 2016

bash has many things that just works automagically. Did you know it has a built-in pseudorandom number generator? Let’s play some games! Read rest of the post here!

varnish-5.0, varnish-modules-0.9.2 and hitch-1.4.1, packages for Fedora and EPEL

Thursday, October 20th, 2016

The Varnish Cache project recently released varnish-5.0, and Varnish Software released hitch-1.4.1. I have wrapped packages for Fedora and EPEL.

varnish-5.0 has configuration changes, so the updated package has been pushed to rawhide, but will not replace the ones currently in EPEL nor in Fedora stable. Those who need varnish-5.0 for EPEL may use my COPR repos at https://copr.fedorainfracloud.org/coprs/ingvar/varnish50/. They include the varnish-5.0 and matching varnish-modules packages, and are compatible with EPEL 5, 6, and 7.

hitch-1.4.1 is configure file compatible with earlier releases, so packages for Fedora and EPEL are available in their respective repos, or will be once they trickle down to stable.

As always, feedback is warmly welcome. Please report via Red Hat’s Bugzilla or, while the packages are cooking in testing, Fedora’s Package Update System.

Varnish Cache is a powerful and feature rich front side web cache. It is also very fast, and that is, fast as in powered by The Dark Side of the Force. On steroids. And it is Free Software.

Redpill Linpro is the market leader for professional Open Source and Free Software solutions in the Nordics, though we have customers from all over. For professional managed services, all the way from small web apps, to massive IPv4/IPv6 multi data center media hosting, and everything through container solutions, in-house, cloud, and data center, contact us at www.redpill-linpro.com.

IPV6: clatd, a component of 464XLAT, for Fedora and EPEL

Friday, September 2nd, 2016

The World is running out of IPv4 addresses, but luckily, we have IPv6 here now, and running the whole data center on IPv6 only is not just happening, it’s becoming the standard. But what if you have an app, a daemon, or a container that actually needs IPv4 connectivity? Then you may use 464XLAT to provide an IPv4 tunnel through your IPv6 only infrastructure. clatd is one component in 464XLAT.

clatd is a CLAT / SIIT-DC Edge Relay implementation for Linux. From the github wash label:

clatd implements the CLAT component of the 464XLAT network architecture specified in RFC 6877. It allows an IPv6-only host to have IPv4 connectivity that is translated to IPv6 before being routed to an upstream PLAT (which is typically a Stateful NAT64 operated by the ISP) and there translated back to IPv4 before being routed to the IPv4 internet. This is especially useful when local applications on the host requires actual IPv4 connectivity or cannot make use of DNS64 (…) clatd may also be used to implement an SIIT-DC Edge Relay as described in RFC 7756.

Note that clatd relies on Tayga for the actual translation of packets between IPv4 and IPv6.

Yesterday, I pushed clatd for fedora testing and epel testing. Please test and report feedback by bugzilla.

For more information on clatd, see the documentation included in the package, or the clatd github home. For more info on Tayga, visit http://www.litech.org/tayga/.

For general information about the process of transisioning to the britght future of IPv6, consider https://en.wikipedia.org/wiki/IPv6_transition_mechanism

Redpill Linpro is the market leader for professional Open Source and Free Software solutions in the Nordics, though we have customers from all over. For professional managed services, all the way from small web apps, to massive IPv4/IPv6 multi data center media hosting, and everything through container solutions, in-house, cloud, and data center, contact us at www.redpill-linpro.com.

varnish-4.1.3 and varnish-modules-0.9.1 for fedora and epel

Wednesday, August 10th, 2016

The Varnish Cache project recently released varnish-4.1.3 and varnish-modules-0.9.1. Of course, we want updated rpms for Fedora and EPEL.

While there are official packages for el6 and el7, I tend to like to use my Fedora downstream package, also for EPEL. So I have pushed updates for Fedora, and updated copr builds for epel5, epel6, and epel7.

An update of the official supported bundle of varnish modules, varnish-modules-0.9.1, was also released a few weeks ago. I did recently wrap it for Fedora, and am waiting for its review in BZ #1324863. Packages for epel5, epel6, and epel7 are in copr as well.

Fedora updates for varnish-4.1.3 may be found at https://bodhi.fedoraproject.org/updates/?packages=varnish

The Copr repos for epel are here: https://copr.fedorainfracloud.org/coprs/ingvar/varnish41/

Test and reports are very welcome.

Varnish Cache is a powerful and feature rich front side web cache. It is also very fast, and that is, fast as in powered by The Dark Side of the Force. On steroids. And it is Free Software.

Redpill Linpro is the market leader for professional Open Source and Free Software solutions in the Nordics, though we have customers from all over. For professional managed services, all the way from small web apps, to massive IPv4/IPv6 multi data center media hosting, and everything through container solutions, in-house, cloud, and data center, contact us at www.redpill-linpro.com.

hitch-1.2.0 for fedora and epel

Thursday, April 28th, 2016

Hitch is a libev-based high performance SSL/TLS proxy. It is developed by Varnish Software, and may be used for adding https to Varnish cache.

hitch-1.2.0 was recently released. Among the new features in 1.2.0, might be mentioned more granular per-site configuration. Packages for Fedora and EPEL6/7 were requested for testing today. Please test and report feedback.

Redpill Linpro is the market leader for professional Open Source and Free Software solutions in the Nordics, though we have customers from all over. For professional managed services, all the way from small web apps, to massive IPv4/IPv6 multi data center media hosting, and everything through container solutions, in-house, cloud, and data center, contact us at www.redpill-linpro.com.

Tayga, stateless NAT64 implementation

Monday, January 25th, 2016

If you are planning for an IPv6 only Data Center (and if you plan for the future, you are doing that) you may have noticed that there are applications out there that are just not ready for IPv6 yet. So you need some kind of 6-4 translation, either locally or in the network. From the Tayga wash label:

TAYGA is an out-of-kernel stateless NAT64 implementation for Linux that uses the TUN driver to exchange IPv4 and IPv6 packets with the kernel. It is intended to provide production-quality NAT64 service for networks where dedicated NAT64 hardware would be overkill.

Tayga is production quality software. We use it for ipv4 access for large amounts of production nodes every day. It is for example well suited for giving 6-to-4 network access for docker nodes. You may find more information about Tayga on it’s homepage: http://www.litech.org/tayga/

I pushed tayga-0.9.2-3 to Fedora 22 and 23 stable today. It will trickle down to your local mirrors in a couple of days. I have also forked tayga for epel5, epel6, and epel7. Please contribute by testing tayga for EPEL: https://bodhi.fedoraproject.org/updates/?packages=tayga

Update: tayga is now available in EPEL

Redpill Linpro is the market leader for professional Open Source and Free Software solutions in the Nordics, though we have customers from all over. For professional managed services, all the way from small web apps, to massive IPv4/IPv6 multi data center media hosting, and everything through container solutions, in-house, cloud, and data center, contact us at www.redpill-linpro.com.