Windows Server 2019 2022 samba share access
Запись создана 20 июня, 2025
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] DWORD AllowInsecureGuestAuth 1
» Запись из раздела Несортированное | Комментировать
отключаем раздел восстановления Windows Server 2022
Запись создана 20 июня, 2025
reagentc /disableудаляем раздел
diskpart list volume select volume 4 delete partition override exit
Включаем восстановление на системный диск
reagentc /setreimage /path C:\windows\system32\recovery reagentc /enable
» Запись из раздела Несортированное | Комментировать
RTSP web translation server
Запись создана 12 марта, 2025
Put this in to docker-compose.yml
--- services: restreamer: image: datarhei/restreamer:latest container_name: restreamer restart: always ports: - 80:8080 - 8181:8181 - 1935:1935 - 1936:1936 - 6000:6000/udp volumes: - /opt/restreamer/config:/core/config - /opt/restreamer/data:/core/data
and run
docker compose up -d» Запись из раздела Несортированное | Комментировать
microk8s disk consumption
Запись создана 12 февраля, 2025
24G /var/snap/microk8s/common/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots
add this strings to /var/snap/microk8s/current/args/kubelet
--image-gc-high-threshold=50 --image-gc-low-threshold=40 --maximum-dead-containers=0
and restart
snap restart microk8s
and you will see
9.1G /var/snap/microk8s/common/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots
» Запись из раздела k8s, Linux | Комментировать
OpenVPN: Real Speedup [DCO]
Запись создана 30 января, 2025
We have a test bench of two servers, connected with physical 10G ports
Let’s see what iperf3 will show
[ 5] 0.00-1.00 sec 1.08 GBytes 9.29 Gbits/sec [ 5] 1.00-2.00 sec 1.08 GBytes 9.30 Gbits/sec [ 5] 2.00-3.00 sec 1.08 GBytes 9.29 Gbits/sec
Now let’s put OpenVPN between those two and repeat iperf3
[ 5] 0.00-1.00 sec 82.0 MBytes 687 Mbits/sec [ 5] 1.00-2.00 sec 94.0 MBytes 789 Mbits/sec [ 5] 2.00-3.00 sec 96.4 MBytes 808 Mbits/sec
now, let’s enable DCO and check the speed again
[ 5] 0.00-1.00 sec 206 MBytes 1.73 Gbits/sec [ 5] 1.00-2.00 sec 227 MBytes 1.90 Gbits/sec [ 5] 2.00-3.00 sec 213 MBytes 1.79 Gbits/sec [ 5] 3.00-4.00 sec 159 MBytes 1.33 Gbits/sec [ 5] 4.00-5.00 sec 160 MBytes 1.35 Gbits/sec
What a magic! What else we can do? if it’s an virtual environment — enable AES+ option to CPU and check again
[ 5] 0.00-1.00 sec 227 MBytes 1.90 Gbits/sec [ 5] 1.00-2.00 sec 238 MBytes 2.00 Gbits/sec [ 5] 2.00-3.00 sec 234 MBytes 1.96 Gbits/sec [ 5] 3.00-4.00 sec 233 MBytes 1.95 Gbits/sec
Now is a question you have is «HOW?» let me show you a few steps and my config files!
On both side server/client
apt install openvpn-dco-dkms echo 'ovpn-dco-v2' >> /etc/modules-load.d/modules.conf
/etc/openvpn/client/test.conf
client remote test1.srv.in 1194 dev tun proto udp persist-key persist-tun tls-client script-security 2 cipher AES-256-GCM auth SHA256 data-ciphers AES-256-GCM auth-nocache remote-cert-tls server
/etc/openvpn/server/server.conf
proto udp port 1194 dev tun ifconfig 172.16.45.1 255.255.255.0 server 172.16.45.0 255.255.255.0 push "route-metric 100" keepalive 3 10 user nobody group nogroup persist-key persist-tun status server-openvpn-status.log log server-openvpn.log verb 2 client-to-client client-config-dir /etc/openvpn/ccd topology subnet cipher AES-256-GCM auth SHA256 data-ciphers AES-256-GCM fast-io sndbuf 393216 rcvbuf 393216 push "sndbuf 393216" push "rcvbuf 393216" txqueuelen 4000 tun-mtu 1420
DCO has a several limitations, you can read about it here https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html
» Запись из раздела Linux, vpn | Комментировать
Ansible playbook to add users with ssh keys and sudo
Запись создана 3 декабря, 2024
# yamllint disable rule:line-length --- - name: Add admin users hosts: all gather_facts: true become: true tasks: - name: Create account ansible.builtin.user: name: "{{ item.name }}" groups: "sudo" shell: /bin/bash append: true with_items: "{{ users }}" - name: Set authorized key taken from file ansible.posix.authorized_key: user: "{{ item.name }}" exclusive: true key: "{{ item.ssh_pub_key }}" with_items: "{{ users }}" - name: Add user to sudoers community.general.sudoers: name: "{{ item.name }}" state: present user: "{{ item.name }}" commands: 'ALL' nopassword: true with_items: "{{ users }}" vars: users: - name: mihael ssh_pub_key: "ssh-rsa AAAAB......" - name: maria ssh_pub_key: "ssh-rsa AAAAB......"
» Запись из раздела Несортированное | Комментировать
Sentry cleanup
Запись создана 2 декабря, 2024
To cleanup self hosted Sentry you can use a following script:
docker exec -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.spans_local' docker exec -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.generic_metric_distributions_aggregated_local' docker exec -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.generic_metric_distributions_raw_local' docker exec -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE system.metric_log' docker exec -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.transactions_local' docker exec -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.outcomes_raw_local' docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "TRUNCATE TABLE nodestore_node;" docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "VACUUM FULL" docker exec -it sentry-self-hosted-redis-1 redis-cli FLUSHALL
If you want to delete events older than 3 days
docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "DELETE FROM nodestore_node WHERE "timestamp" < NOW()-INTERVAL '3 day';" docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "vacuum full nodestore_node;"
To cleanup historey older than 7 days
docker exec -it sentry-self-hosted-worker-1 sentry cleanup --days 7
Some times you can get a problem with terrible grow of Kafka volume, than you can recreate it:
cd /opt/sentry/install/self-hosted-23.7.1/ docker compose down --volumes docker volume rm sentry-kafka docker volume rm sentry-zookeeper ./install.sh docker compose up -d
» Запись из раздела Несортированное | Комментировать
«firstBit.Сервер лицензий 2» Ubuntu Linux
Запись создана 12 ноября, 2024
/etc/systemd/system/firstBit.service
[Unit] Description=firstBit.LicenseServer After=syslog.target After=network.target [Service] Type=simple Restart=on-failure PIDFile=/run/firstBit.pid KillMode=control-group ExecStart=/opt/firstBit.LicenseServer/linux/licenseserver --run --allow-ui-from-ip=* ExecStop=/bin/sh -c '[ -n "$1" ] && kill -s TERM "$1"' -- "$MAINPID" RestartSec=10s User=root Group=root LimitNOFILE=8192 [Install] WantedBy=multi-user.target
mkdir /opt/firstBit.LicenseServer/ cd /opt/firstBit.LicenseServer/ wget https://static.1cbit.online/updates/license-server/download/LicenseServer-v2.7z 7za x LicenseServer-v2.7z chmod +x /opt/firstBit.LicenseServer/linux/licenseserver systemctl daemon-reload systemctl start firstBit.service
» Запись из раздела Несортированное | Комментировать
HPE Smart Array E208i-a SR Gen10 firmware update
Запись создана 24 октября, 2024
No drives were found in this system.You may need to reboot
You can obtain an rpm package here: https://downloads.linux.hpe.com/SDR/repo/spp-gen10/redhat/8/x86_64/current/
If you use RedHat based distro just install the rpm, otherwise extract it:
rpm2cpio firmware-smartarray-f7c07bdbbd-4.11-1.1.x86_64.rpm | cpio -idmv
and run an update process:
./usr/lib/x86_64-linux-gnu/firmware-smartarray-f7c07bdbbd-4.11-1.1/setup Supplemental Update / Online ROM Flash Component for Linux (x64) - HPE Smart Array P408i-p, P408e-p, P408i-a, E208i-p, E208e-p, E208i-a, P816i-a SR Gen10 (4.11), searching... 1) HPE Smart Array E208i-a SR Gen10 in Slot 0 (3.53) Select which devices to flash [#,#-#,(A)ll,(N)one]> A Flashing HPE Smart Array E208i-a SR Gen10 in Slot 0 [ 3.53 -> 4.11 ] Deferred flashes will be performed on next system reboot ============ Summary ============ Smart Component Finished Summary Messages ================ Reboot needed to activate 1 new FW image Exit Status: 1 Deferred flashes will be performed on next system reboot A reboot is required to complete update.
update firmware to 7.11 for correct work with iLo
» Запись из раздела Linux | Комментировать
GrayLog: Hostname datanode not verified
Запись создана 23 октября, 2024
After updating a graylog we get an errors like:
Unable to retrieve version from Elasticsearch node: Hostname datanode not verified
Host name 'datanode' does not match the certificate subject provided
This can be fixed disabling ssl/tls betwen containers
put into .env this string:
GRAYLOG_DATANODE_INSECURE_STARTUP=true
then restart containers
docker compose stop
docker compose up -d» Запись из раздела Несортированное | Комментировать