Linux Tips

TurnToJPG -->


1. samba mount

mount samba via:

# mount -t cifs //192.168.0.219/samba /mnt -o username=uuuu,password=ffff

2. CentOS ansible

On vps we start a docker instance via:

# docker run -it centos:7 /bin/bash
# yum update -y
# yum install -y epel-release
# yum update -y
# yum install -y python-pip
# mkdir ~/ansible && cd ~/ansible
# pip download ansible
# tar czvf ansible.tar.gz ansible

Download the ansible.tar.gz to local, and transfer them into the centos offline machines, install ansible via:

# tar xzvf ansible.tar.gz
# cd ansible
# pip install --no-index --find-links . ansible
# which ansible
/usr/bin/ansible
# ansible --version
ansible 2.7.10

Also you have to download the jinja2, upgrade to 2.10.1 version:

# pip download jinja2
...
# pip install --no-index --find-links . jinja2 --upgrade

3. Fast Kubespray

Download the tar.gz, untar it, then modify the Vagrantfile, then rm -f inventory/sample/hosts.ini, then vagrant up you could get all of the packages and images downloaded to your vm.

Be sure to use firewall-less networking, and set the vm’s resolv.conf to your firewall-less dns server.

# rm -f /etc/resolv.conf
# echo "nameserver 10.0.70.1">/etc/resolv.conf

4. kubeadm git tree state

Modify the file hack/lib/version.sh:

  if [[ -n ${KUBE_GIT_COMMIT-} ]] || KUBE_GIT_COMMIT=$("${git[@]}" rev-parse "HEAD^{commit}" 2>/dev/null); then
    if [[ -z ${KUBE_GIT_TREE_STATE-} ]]; then
      # Check if the tree is dirty.  default to dirty
      if git_status=$("${git[@]}" status --porcelain 2>/dev/null) && [[ -z ${git_status} ]]; then
        KUBE_GIT_TREE_STATE="clean"
      else
        KUBE_GIT_TREE_STATE="clean"
      fi
    fi

5. pandoc template

For generating pdf:

# wget https://github.com/Wandmalfarbe/pandoc-latex-template/releases/download/v1.2.2/Eisvogel-1.2.2.tar.gz
# mkdir -p ~/.pandoc/templates
# tar xzvf Eisvogel-1.2.2.tar.gz
# cp eisvogenl.tex ~/.pandoc/templates/eisvogel.latex
# cd ~/.pandoc/templates
# wget https://raw.githubusercontent.com/tzengyuxio/pages/gh-pages/pandoc/pm-template.latex

But this doesn’t work at all.

6. kubernetes leader election

Refers to:

https://tunein.engineering/implementing-leader-election-for-kubernetes-pods-2477deef8f13
https://github.com/kubernetes-retired/contrib/tree/master/election

7. reinstall rpm with dependencies

via following command:

# yum reinstall $(repoquery --requires --recursive --resolve packagename)

8. dmesg warning

After upgrading to newest kernel, I got some error message during dmesg:

[118383.485389] e1000e 0000:00:19.0 enp0s25: Detected Hardware Unit Hang:
                  TDH                  <0>
                  TDT                  <5>
                  next_to_use          <5>
                  next_to_clean        <0>
                buffer_info[next_to_clean]:
                  time_stamp           <102176c2b>
                  next_to_watch        <0>
                  jiffies              <1021c8e80>
                  next_to_watch.status <0>
                MAC Status             <80000>
                PHY Status             <7949>
                PHY 1000BASE-T Status  <0>
                PHY Extended Status    <3000>
                PCI Status             <10>

Solution is disable the TCP checksome offloading:

$ sudo ethtool -K enp0s25 tx off rx off

9. Proxmox iotop

For installing iotop on Proxmox, do following:

root@ks:~# cat /etc/issue

------------------------------------------------------------------------------

Welcome to the Proxmox Virtual Environment. Please use your web browser to 
configure this server - connect to:

  https://

------------------------------------------------------------------------------

root@ks:~# cat /etc/debian_version 
9.4

Find the debian version 9.4 is stretch, then we could find the package using google, and download iotop package then uploading to server and install it.

10. bash debugging

Enable debugging for:

# bash -x ./bash_shell.sh

10. vncviewer disable send key

Via following commands:

$ vncviewer 192.168.0.101:5900 -FullscreenSystemKeys=0

11. kubectl run

Avoid pulling images always, specify following parameter:

--image-pull-policy

12. ssh tunnel

Using a tunnel for forwarding remote ssh port to local via:

alias sshtunnel='ssh -L 0.0.0.0:10022:192.xxx.xxx.xxx:10022 dash@192.168.0.33'

After you activated ssh tunnel, use ssh -p 10022 root@localhost for accessing.

13. ifupdown

When encounting following error in vagrant:

/sbin/ifup 'eth1'

Stdout from the command:



Stderr from the command:

bash: line 4: /sbin/ifdown: No such file or directory
bash: line 20: /sbin/ifup: No such file or directory

Install apt-get install -y ifupdown, you could fix your problem.

14. usb networking issue

After upgrading to 5.1.6 kernel, my asix ethernet card won’t working, install following packages for making it worked.

$ yaourt asix-dkms

15. delegate to issue

When using kubespray you got delegate to issue, do following:

# export ANSIBLE_INVALID_TASK_ATTRIBUTE_FAILED=False
# vagrant up --provider=libvirt

16. usb ethernet issue

via lsusb -t you could view the usb device tree and its speed.

17. view nvidia gpu temperature

via :

nvidia-smi -q -d temperature

18. pip network error

Install pip again via:

# curl https://bootstrap.pypa.io/get-pip.py | python

19. consola issues

If you use gnome-terminal, then it’s hard to choose yahei consola, so we have to use xfce4-terminal.

20. Use cdrom as repository

Following steps will use ubuntu iso for installation:

sudo mkdir /aptoncd-mountpoint
sudo mount /media/USB/aptoncd.iso ~/aptoncd-mountpoint -oloop
sudo apt-cdrom -d=/aptoncd-mountpoint add

21. apt-get down

download the packages into /var/cache via:

# apt-get -d install xxxxxxxYourPackageName

22. ansible warning

How to resolve this warning.

 [WARNING]: flush_handlers task does not support when conditional

23. build goharbor

with chartmuseum support, do following:

# make package_offline GOBUILDIMAGE=golang:1.9.2 COMPILETAG=compile_golangimage  NOTARYFLAG=true

Make on arm64 architecture:

/media/sda/harbor/harbor-arm64-develop# make package_offline GOBUILDIMAGE=golang:1.9.2 COMPILETAG=compile_golangimage VERSIONTAG=1.7.0-arm64 PKGVERSIONTAG=1.7.0-arm64 CLAIRFLAG=true NOTARYFLAG=true CHARTFLAG=true

24. Get rpi temperature

via following command:

cpu=$(</sys/class/thermal/thermal_zone0/temp);echo "$((cpu/1000)) c"

25. Force dns query using tcp

Add following options into the /etc/resolv.conf:

options use-vc
nameserver 1.2.3.4

26. tips on Friday

working progress:

1. python-pip should be installed and docker-compose needed to be compile. 
2. some packages are located in 128, also libssl/libssl-dev have to be added into the repository
3. secure registry server not stable, why? 
4. package dependency problem should be solved. 
5. docker push is ok, now we could push to the registry. 
6. harbor need to be verified. 

27. VncServer

not only listening on localhost, try following:

# vncserver -localhost no

28. delegate_to

Newest ansible version(v2.8.1) has changed the feature, so we have to use following commands:

# ANSIBLE_INVALID_TASK_ATTRIBUTE_FAILED=False
# ansible-playbook -i xxxx xxxx.cluster.yml

29. aarch64 vagrant issue

Encounter following:

Error while creating domain: Error saving the server: Call to virDomainDefineXML failed: unsupported configuration: ACPI requires UEFI on this architecture

pflash vs rom.

30. Copy only Packages.gz included

via following commands:

for i in `cat /root/Packages  | grep '^Package:' | awk {'print $2'}`
do
        echo cp $i"_*.deb" /root/pure/ | bash -

        #cp $i_* /root/pure
done

31. kubespray openssl issue

Change the openssl signature for v3_ext definition.

[ v3_ext ]
authorityKeyIdentifier=keyid,issuer:always
basicConstraints=CA:FALSE
keyUsage=keyEncipherment,dataEncipherment
extendedKeyUsage=serverAuth,clientAuth
subjectAltName=@alt_names
root@arm02:/media/md0/Rong1907/roles/etcd# grep -i "v3_ext" ./ -r
./templates/openssl.conf.j2:[ v3_ext ]
./templates/make-ssl-etcd.sh.j2:        openssl x509 -req -in member-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out member-${host}.pem -days {{certificates_duration}} -extensions v3_ext -extfile ${CONFIG} > /dev/null 2>&1
./templates/make-ssl-etcd.sh.j2:        openssl x509 -req -in admin-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out admin-${host}.pem -days {{certificates_duration}} -extensions v3_ext  -extfile ${CONFIG} > /dev/null 2>&1
./templates/make-ssl-etcd.sh.j2:        openssl x509 -req -in node-${host}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out node-${host}.pem -days {{certificates_duration}} -extensions v3_ext  -extfile ${CONFIG} > /dev/null 2>&1

32. run commands in term

In linux via:

# xterm -hold -e 'apropos editor' &