Skip to content

Instantly share code, notes, and snippets.

Avatar

Lukas Nellen lukasnellen

  • ICN-UNAM
  • Mexico
View GitHub Profile
@lukasnellen
lukasnellen / README.md
Last active Apr 6, 2020
Enable singularity v3 container --fakeroot on debian
View README.md

Singularity version 3 container --fakeroot

The --fakeroot option to some of the singularity 3 commands requires two things to work

  • Properly configured UID and GID mappeing in /etc/sub[ug]id. This is done by default on debian stretch (9) and buster (10) and other recent distributions.
  • The aility to create a process in a user namespace. On debian, this requires setting kernel.unprivileged_userns_clone = 1 in /etc/sysctl.conf.
@lukasnellen
lukasnellen / 00-centos-cloud-image-fix.md
Last active Oct 13, 2020
How to fix Centos 7 cloud images
View 00-centos-cloud-image-fix.md

Centos 7 cloud image fix

The cloud images from https://cloud.centos.org/centos/7/images/ contain a /etc/resolv.conf with a spurious nameserver 10.0.2.3 entry. According to the anaconda log, this was set by DHCP during the building of the image. For most users, this entry doesn't corresponed to an existing nameserver and will slow down ssh connections, since inverse name lookups have to time out on the spurious server.

This can be fixed using virt-sysprep from libguestfs, e.g.:

virt-sysprep -a CentOS-7-x86_64-GenericCloud-1809.qcow2 --delete '/etc/resolv.conf'

You probably also want to disable the GSSAPI authentication in ssh connections, as this is another item that can cause delays opening ssh connections. The full command for that is

@lukasnellen
lukasnellen / 00-ssh-tmux-iterm.md
Last active Sep 19, 2021
Summary of my remote tmux and ssh configuration to benefit from the iterm2-tmux integration, with ssh authentication socket refreshing
View 00-ssh-tmux-iterm.md

Configuration to use remote tmux over ssh in iterm

This is a compilation of information I found in different postings on the net.

All manual invocation

Basic remote tmux session

tmux can be invoked in command mode using tmux -CC. The simplest way to get a remote tmux session into a window of iterm is to invoke it on the remote host

@lukasnellen
lukasnellen / 00-serial-console.md
Last active Sep 1, 2021
kvm serial console for virtual machine
View 00-serial-console.md

Serial console for KVM based VM and IPMI serial channel

grub and kernel console

Set in /etc/default/grub:

...
###GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 console=tty1"
GRUB_CMDLINE_LINUX=""
@lukasnellen
lukasnellen / 00-docker-shorewall.md
Last active Sep 17, 2021
setup shorewall for docker networking beyond the default bridge network, e.g., for docker-compose
View 00-docker-shorewall.md

Docker(-compose) with shorewall

The shorewall documentation explains in http://shorewall.org/Docker.html how to configure shorewall for use with docker. The problem with the configuration is that it only allows connections from the host to the main bridge docker0. Connections to other networks on dynamically created bridges, with names starting by default with br-, is blocked. Instead of the recommended contents of /etc/shorewall/interfaces, use wild-card interface names as follows:

#ZONE	INTERFACE	OPTIONS
#dock	docker0		bridge     # disabled default recommendation
dock 	docker0		physical=docker+,routeback=1
dock 	br		physical=br-+,routeback=1