Windows Server 2019 2022 samba share access

Запись создана 20 июня, 2025

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] 
DWORD   AllowInsecureGuestAuth  1

» Запись из раздела Несортированное | Комментировать

отключаем раздел восстановления Windows Server 2022

Запись создана 20 июня, 2025

reagentc /disable

удаляем раздел

diskpart
list volume
select volume 4
delete partition override
exit

Включаем восстановление на системный диск

reagentc /setreimage /path C:\windows\system32\recovery
reagentc /enable

» Запись из раздела Несортированное | Комментировать

RTSP web translation server

Запись создана 12 марта, 2025

Put this in to docker-compose.yml

---
services:
  restreamer:
    image: datarhei/restreamer:latest
    container_name: restreamer
    restart: always
    ports:
      - 80:8080
      - 8181:8181
      - 1935:1935
      - 1936:1936
      - 6000:6000/udp
    volumes:
      - /opt/restreamer/config:/core/config
      - /opt/restreamer/data:/core/data

and run

docker compose up -d
» Запись из раздела Несортированное | Комментировать

microk8s disk consumption

Запись создана 12 февраля, 2025

24G	/var/snap/microk8s/common/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots

add this strings to /var/snap/microk8s/current/args/kubelet

--image-gc-high-threshold=50
--image-gc-low-threshold=40
--maximum-dead-containers=0

and restart

snap restart microk8s

and you will see

9.1G	/var/snap/microk8s/common/var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots

» Запись из раздела k8s, Linux | Комментировать

OpenVPN: Real Speedup [DCO]

Запись создана 30 января, 2025

We have a test bench of two servers, connected with physical 10G ports

Let’s see what iperf3 will show

[  5]   0.00-1.00   sec  1.08 GBytes  9.29 Gbits/sec                  
[  5]   1.00-2.00   sec  1.08 GBytes  9.30 Gbits/sec                  
[  5]   2.00-3.00   sec  1.08 GBytes  9.29 Gbits/sec  

Now let’s put OpenVPN between those two and repeat iperf3

[  5]   0.00-1.00   sec  82.0 MBytes   687 Mbits/sec                  
[  5]   1.00-2.00   sec  94.0 MBytes   789 Mbits/sec                  
[  5]   2.00-3.00   sec  96.4 MBytes   808 Mbits/sec                  

now, let’s enable DCO and check the speed again

[  5]   0.00-1.00   sec   206 MBytes  1.73 Gbits/sec                  
[  5]   1.00-2.00   sec   227 MBytes  1.90 Gbits/sec                  
[  5]   2.00-3.00   sec   213 MBytes  1.79 Gbits/sec                  
[  5]   3.00-4.00   sec   159 MBytes  1.33 Gbits/sec                  
[  5]   4.00-5.00   sec   160 MBytes  1.35 Gbits/sec

What a magic! What else we can do? if it’s an virtual environment — enable AES+ option to CPU and check again

[  5]   0.00-1.00   sec   227 MBytes  1.90 Gbits/sec                  
[  5]   1.00-2.00   sec   238 MBytes  2.00 Gbits/sec                  
[  5]   2.00-3.00   sec   234 MBytes  1.96 Gbits/sec                  
[  5]   3.00-4.00   sec   233 MBytes  1.95 Gbits/sec    

Now is a question you have is «HOW?» let me show you a few steps and my config files!

On both side server/client

apt install openvpn-dco-dkms
echo 'ovpn-dco-v2' >> /etc/modules-load.d/modules.conf

/etc/openvpn/client/test.conf

client
remote test1.srv.in 1194
dev tun
proto udp
persist-key
persist-tun
tls-client
script-security 2
cipher AES-256-GCM
auth SHA256
data-ciphers AES-256-GCM
auth-nocache
remote-cert-tls server

/etc/openvpn/server/server.conf

proto udp
 port 1194
  dev tun
ifconfig 172.16.45.1 255.255.255.0
server 172.16.45.0 255.255.255.0
push "route-metric 100"
keepalive 3 10
 user nobody
group nogroup
persist-key
persist-tun
status server-openvpn-status.log
   log server-openvpn.log
  verb 2
client-to-client
client-config-dir /etc/openvpn/ccd
topology subnet
cipher AES-256-GCM
auth SHA256
data-ciphers AES-256-GCM
fast-io
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
txqueuelen 4000
tun-mtu 1420

DCO has a several limitations, you can read about it here https://docs.netgate.com/pfsense/en/latest/vpn/openvpn/dco.html

» Запись из раздела Linux, vpn | Комментировать

Ansible playbook to add users with ssh keys and sudo

Запись создана 3 декабря, 2024

# yamllint disable rule:line-length
---
- name: Add admin users
  hosts: all
  gather_facts: true
  become: true
  tasks:
    - name: Create account
      ansible.builtin.user:
        name: "{{ item.name }}"
        groups: "sudo"
        shell: /bin/bash
        append: true
      with_items: "{{ users }}"
    - name: Set authorized key taken from file
      ansible.posix.authorized_key:
        user: "{{ item.name }}"
        exclusive: true
        key: "{{ item.ssh_pub_key }}"
      with_items: "{{ users }}"
    - name: Add  user to sudoers
      community.general.sudoers:
        name: "{{ item.name }}"
        state: present
        user: "{{ item.name }}"
        commands: 'ALL'
        nopassword: true
      with_items: "{{ users }}"
  vars:
    users:
      - name: mihael
        ssh_pub_key: "ssh-rsa AAAAB......"
      - name: maria
        ssh_pub_key: "ssh-rsa AAAAB......"

» Запись из раздела Несортированное | Комментировать

Sentry cleanup

Запись создана 2 декабря, 2024

To cleanup self hosted Sentry you can use a following script:

docker exec  -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.spans_local'
docker exec  -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.generic_metric_distributions_aggregated_local'
docker exec  -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.generic_metric_distributions_raw_local'
docker exec  -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE system.metric_log'
docker exec  -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.transactions_local'
docker exec  -it sentry-self-hosted-clickhouse-1 clickhouse-client -q 'TRUNCATE default.outcomes_raw_local'
docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "TRUNCATE TABLE nodestore_node;"
docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "VACUUM FULL"
docker exec -it sentry-self-hosted-redis-1 redis-cli FLUSHALL

If you want to delete events older than 3 days

docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "DELETE FROM nodestore_node WHERE "timestamp" < NOW()-INTERVAL '3 day';"
docker exec --tty -u postgres sentry-self-hosted-postgres-1 psql -c "vacuum full nodestore_node;"

To cleanup historey older than 7 days

docker exec -it sentry-self-hosted-worker-1 
sentry cleanup --days 7

Some times you can get a problem with terrible grow of Kafka volume, than you can recreate it:

cd /opt/sentry/install/self-hosted-23.7.1/
docker compose down --volumes
docker volume rm sentry-kafka
docker volume rm sentry-zookeeper
./install.sh
docker compose up -d

» Запись из раздела Несортированное | Комментировать

«firstBit.Сервер лицензий 2» Ubuntu Linux

Запись создана 12 ноября, 2024

/etc/systemd/system/firstBit.service

[Unit]
Description=firstBit.LicenseServer
After=syslog.target
After=network.target

[Service]
Type=simple
Restart=on-failure
PIDFile=/run/firstBit.pid
KillMode=control-group
ExecStart=/opt/firstBit.LicenseServer/linux/licenseserver --run --allow-ui-from-ip=*
ExecStop=/bin/sh -c '[ -n "$1" ] && kill -s TERM "$1"' -- "$MAINPID"
RestartSec=10s
User=root
Group=root
LimitNOFILE=8192

[Install]
WantedBy=multi-user.target
mkdir /opt/firstBit.LicenseServer/
cd /opt/firstBit.LicenseServer/
wget https://static.1cbit.online/updates/license-server/download/LicenseServer-v2.7z
7za x LicenseServer-v2.7z
chmod +x /opt/firstBit.LicenseServer/linux/licenseserver
systemctl daemon-reload 
systemctl start firstBit.service

» Запись из раздела Несортированное | Комментировать

HPE Smart Array E208i-a SR Gen10 firmware update

Запись создана 24 октября, 2024

No drives were found in this system.You may need to reboot

You can obtain an rpm package here: https://downloads.linux.hpe.com/SDR/repo/spp-gen10/redhat/8/x86_64/current/

If you use RedHat based distro just install the rpm, otherwise extract it:

rpm2cpio firmware-smartarray-f7c07bdbbd-4.11-1.1.x86_64.rpm | cpio -idmv

and run an update process:

./usr/lib/x86_64-linux-gnu/firmware-smartarray-f7c07bdbbd-4.11-1.1/setup
Supplemental Update / Online ROM Flash Component for Linux (x64) - HPE Smart Array P408i-p, P408e-p, P408i-a, E208i-p, E208e-p, E208i-a, P816i-a SR Gen10 (4.11), searching...
1) HPE Smart Array E208i-a SR Gen10 in Slot 0 (3.53)
Select which devices to flash [#,#-#,(A)ll,(N)one]&gt; A
Flashing HPE Smart Array E208i-a SR Gen10 in Slot 0 [ 3.53 -&gt; 4.11 ]
Deferred flashes will be performed on next system reboot
============ Summary ============
Smart Component Finished
 
Summary Messages
================
Reboot needed to activate 1 new FW image
 
Exit Status: 1
Deferred flashes will be performed on next system reboot
A reboot is required to complete update.

update firmware to 7.11 for correct work with iLo

» Запись из раздела Linux | Комментировать

GrayLog: Hostname datanode not verified

Запись создана 23 октября, 2024

After updating a graylog we get an errors like:

Unable to retrieve version from Elasticsearch node: Hostname datanode not verified 
Host name 'datanode' does not match the certificate subject provided 

This can be fixed disabling ssl/tls betwen containers

put into .env this string:

GRAYLOG_DATANODE_INSECURE_STARTUP=true

then restart containers

docker compose stop
docker compose up -d

» Запись из раздела Несортированное | Комментировать

следующая страница »