Skip to content

Instantly share code, notes, and snippets.


Lukas Nellen lukasnellen

  • Mexico
View GitHub Profile
lukasnellen /
Last active Apr 6, 2020
Enable singularity v3 container --fakeroot on debian

Singularity version 3 container --fakeroot

The --fakeroot option to some of the singularity 3 commands requires two things to work

  • Properly configured UID and GID mappeing in /etc/sub[ug]id. This is done by default on debian stretch (9) and buster (10) and other recent distributions.
  • The aility to create a process in a user namespace. On debian, this requires setting kernel.unprivileged_userns_clone = 1 in /etc/sysctl.conf.
lukasnellen /
Last active Oct 13, 2020
How to fix Centos 7 cloud images

Centos 7 cloud image fix

The cloud images from contain a /etc/resolv.conf with a spurious nameserver entry. According to the anaconda log, this was set by DHCP during the building of the image. For most users, this entry doesn't corresponed to an existing nameserver and will slow down ssh connections, since inverse name lookups have to time out on the spurious server.

This can be fixed using virt-sysprep from libguestfs, e.g.:

virt-sysprep -a CentOS-7-x86_64-GenericCloud-1809.qcow2 --delete '/etc/resolv.conf'

You probably also want to disable the GSSAPI authentication in ssh connections, as this is another item that can cause delays opening ssh connections. The full command for that is

lukasnellen /
Last active Sep 19, 2021
Summary of my remote tmux and ssh configuration to benefit from the iterm2-tmux integration, with ssh authentication socket refreshing

Configuration to use remote tmux over ssh in iterm

This is a compilation of information I found in different postings on the net.

All manual invocation

Basic remote tmux session

tmux can be invoked in command mode using tmux -CC. The simplest way to get a remote tmux session into a window of iterm is to invoke it on the remote host

lukasnellen /
Last active Sep 1, 2021
kvm serial console for virtual machine

Serial console for KVM based VM and IPMI serial channel

grub and kernel console

Set in /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 console=tty1"
lukasnellen /
Last active Sep 17, 2021
setup shorewall for docker networking beyond the default bridge network, e.g., for docker-compose

Docker(-compose) with shorewall

The shorewall documentation explains in how to configure shorewall for use with docker. The problem with the configuration is that it only allows connections from the host to the main bridge docker0. Connections to other networks on dynamically created bridges, with names starting by default with br-, is blocked. Instead of the recommended contents of /etc/shorewall/interfaces, use wild-card interface names as follows:

#dock	docker0		bridge     # disabled default recommendation
dock 	docker0		physical=docker+,routeback=1
dock 	br		physical=br-+,routeback=1