Complete instructions…
https://www.answertopia.com/rocky-linux/creating-a-rocky-linux-kvm-networked-bridge-interface/#google_vignette
Virt-manager bridge network
October 24, 2023Common Kubernetes issues for DevOps
October 3, 20231. 𝐏𝐨𝐝 𝐒𝐜𝐡𝐞𝐝𝐮𝐥𝐢𝐧𝐠 𝐅𝐚𝐢𝐥𝐮𝐫𝐞𝐬:
– 𝐄𝐫𝐫𝐨𝐫: Pods not scheduling due to resource constraints or node affinity/anti-affinity rules.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Ensure proper resource requests and limits, adjust scheduling rules, or scale your cluster as needed.
2. 𝐂𝐨𝐧𝐭𝐚𝐢𝐧𝐞𝐫 𝐈𝐦𝐚𝐠𝐞 𝐈𝐬𝐬𝐮𝐞𝐬:
– 𝐄𝐫𝐫𝐨𝐫: Pulling or running container images fails.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Verify image availability, credentials, and ensure the correct image name and version.
3. 𝐊𝐮𝐛𝐞𝐫𝐧𝐞𝐭𝐞𝐬 𝐀𝐏𝐈 𝐑𝐚𝐭𝐞 𝐋𝐢𝐦𝐢𝐭𝐢𝐧𝐠:
– 𝐄𝐫𝐫𝐨𝐫: Frequent 429 (Too Many Requests) errors from the Kubernetes API.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Implement rate limiting and retries in your applications, or consider horizontal pod autoscaling to handle increased API requests.
4. 𝐍𝐞𝐭𝐰𝐨𝐫𝐤𝐢𝐧𝐠 𝐏𝐫𝐨𝐛𝐥𝐞𝐦𝐬:
– 𝐄𝐫𝐫𝐨𝐫: Services or pods cannot communicate with each other.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Check network policies, DNS resolution, firewall rules, and ensure that pods are in the correct namespaces.
5. 𝐒𝐭𝐨𝐫𝐚𝐠𝐞 𝐈𝐬𝐬𝐮𝐞𝐬:
– 𝐄𝐫𝐫𝐨𝐫: Persistent Volume (PV) or Persistent Volume Claim (PVC) issues, like access mode conflicts or insufficient storage.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Verify PV/PVC configurations, adjust access modes, and monitor storage usage.
6. 𝐂𝐫𝐚𝐬𝐡𝐋𝐨𝐨𝐩𝐁𝐚𝐜𝐤𝐎𝐟𝐟:
– 𝐄𝐫𝐫𝐨𝐫: Pods enter a continuous restart loop.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Inspect pod logs, check for misconfigurations, and address application errors.
7. 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞 𝐄𝐱𝐡𝐚𝐮𝐬𝐭𝐢𝐨𝐧:
– 𝐄𝐫𝐫𝐨𝐫: Cluster nodes or resources running out of capacity.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Monitor resource utilization, autoscale clusters, and optimize resource requests/limits.
8. 𝐒𝐞𝐜𝐫𝐞𝐭𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭:
– 𝐄𝐫𝐫𝐨𝐫: Secrets exposed or misconfigured.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Use Kubernetes-native secret management, rotate secrets regularly, and limit access to sensitive information.
9. 𝐑𝐁𝐀𝐂 (𝐑𝐨𝐥𝐞-𝐁𝐚𝐬𝐞𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 𝐂𝐨𝐧𝐭𝐫𝐨𝐥) 𝐏𝐫𝐨𝐛𝐥𝐞𝐦𝐬:
– 𝐄𝐫𝐫𝐨𝐫: Permission issues or unauthorized access.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Review RBAC policies and roles, grant appropriate permissions, and practice the principle of least privilege.
10. 𝐂𝐥𝐮𝐬𝐭𝐞𝐫 𝐔𝐩𝐠𝐫𝐚𝐝𝐞𝐬:
– 𝐄𝐫𝐫𝐨𝐫: Problems during cluster upgrades.
-𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Follow Kubernetes upgrade documentation carefully, backup critical data, and test upgrades in a non-production environment first.
11. 𝐂𝐮𝐬𝐭𝐨𝐦 𝐑𝐞𝐬𝐨𝐮𝐫𝐜𝐞 𝐃𝐞𝐟𝐢𝐧𝐢𝐭𝐢𝐨𝐧 (𝐂𝐑𝐃) 𝐈𝐬𝐬𝐮𝐞𝐬:
– 𝐄𝐫𝐫𝐨𝐫: Problems with custom resource definitions and controllers.
– 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧: Debug CRD controllers, validate CRD configurations, and ensure compatibility with Kubernetes versions.
FIX: AliExpress N5105 226v router – OpenBSD
July 25, 2023In my previous post, OpenBSD has an issue on this appliance mentioned here in the OpenBSD mailing list…
link: https://marc.info/?l=openbsd-misc&m=168962426022811&w=2
You have to download a file here…
its an ISO. Make it bootable. I used Rufus as one of the guys on the post instructed (use GPT partition). It will create it as a UEFI boot so make sure thats enabled in the BIOS. Set it to boot first. It will automatically install. Once finished, unplug the power, and plug it back in. Should be good.
Bash prompt
July 17, 2023PS1="\[\e[32m\][\[\e[m\]\[\e[31m\]\u\[\e[m\]\[\e[33m\]@\[\e[m\]\[\e[32m\]\h\[\e[m\]:\[\e[36m\]\w\[\e[m\]\[\e[32m\]]\[\e[m\]\[\e[1;33m\]\\$\[\e[m\] "AliExpress N5105 226v router firewall appliance
June 6, 2023
I just bought a AliExpress N5105 router box with 4 x Intel 226v NICs. Seems to be an issue with some OS’s not being able to reboot properly. When you reboot, it just shuts off and you cant turn it back on unless you unplug the power cable and back in again. It has done it with Proxmox (per another source) and with Windows 11 Pro. It seems Windows doesn’t handle the C-State setup in the BIOS very well. I just disabled the C-State completely. This resolved it.
Press DEL -> Bios Go to Advanced -> Power & Performance Go to CPU – Power Mgmt Control Scroll down to C States -> change to disabled
Then I like for my device to stay on after a power loss, so go back to Advanced -> hardware monitor -> change power recovery to “stay on”.
Maybe Windows has an update for this or firmware update to fix this issue. I will be installing OpenBSD on this so doesnt matter for me.
NOTE:
I had no issues with Ubuntu 23.04 (latest) and OpenBSD 7.3 under the default BIOS settings with C States enabled. I looked for firmware updates in Windows and in Ubuntu, there were none.
Update:
OpenBSD doesn’t handle the c states well either. the ACPI process had the first cpu core pegged high with acpi0 interrupts. No adjustments I tried worked. I installed FreeBSD and its legit. No issues so far. This is probably due to the fact that PFsense backports all their drivers for these small router devices into FreeBSD upstream.
Update 7/25/2023:
So there is a BIOS update that will fix the OpenBSD ACPI issue. See my latest post.
Fedora 37/38 Palo Alto GlobalProtect client alternative
April 20, 2023Every since Fedora 33/34 Ive had issues with the official Palo Alto GP client, and it sucks, especially if you using SAML. I was using COPR dwmw2/openconnect in combo with networkmanager/NetworkManager 1.40 debug repo to use Gnome Openconnect GP vpn and it worked well! The reason for this was because with these versions of openconnect you had a “User-Agent” box in the gnome vpn setup. You need this for SAML.
Long story short, upgraded to Fedora 38 the other day. Because Gnome uses a newer GTK, openconnect is not working in vpn connection editor of NetworkManager. So I did try using a few versions of official GP Client but that failed as well.
I found our savior….
https://github.com/yuezk/GlobalProtect-openconnect
Easy to install and setup. Help the guy out by donating, he’ll save you some headache. Worth it.
Openvpn client-connect script
December 6, 2022Allow only 1 vpn profile connection at a time. Script below will also work on disconnect but not using it for that.
- create a folder in /etc/openvpn called “connection_files”
- add a file named {username}_ip. Put the remote client’s IP address in there.
- create a file named connectScript.sh, make it executable and put the following code in it…
#!/bin/bash
function handle_connect {
CLIENTFILE=/etc/openvpn/connection_files/${username}_ip
CONNECTIONS=/etc/openvpn/connection_files/${username}_conn
if [ -e $CLIENTFILE ]; then
MYIP=$(cat $CLIENTFILE)
/usr/sbin/ss | grep $MYIP > $CONNECTIONS
NUMCONN=$(cat $CONNECTIONS | wc -l)
if [ $NUMCONN -eq 2 ]; then exit 1; fi
fi
}
function handle_disconnect {
CLIENTFILE=/etc/openvpn/connection_files/$username
if [ -e "$CLIENTFILE" ]; then
NUMCONN=$(cat $CLIENTFILE)
NEWCONN=$(expr $NUMCONN - 1)
echo $NEWCONN >$CLIENTFILE
fi
}
case "$script_type" in
up)
;;
client-connect)
"handle_connect"
;;
client-disconnect)
"handle_disconnect"
;;
esac
Then add these lines to your server.conf files or whatever you named your server conf files….has to be in all of them in order to work.
script-security 3
client-connect /etc/openvpn/connectScript.sh
Embrava Blynclight for Linux
November 21, 2022python3 -m pip install –user busylight-for-humans[webapi]
Thinkpad T480 docking on Fedora 36
November 7, 2022Bought a dock for my Thinkpad. Fedora 36 works with the dock, I’m sure the others do too. You just have to disable a few things or change a few settings.
- to use the DisplayPort connections, you’ll have to set your display settings in Fedora to 59.94Hz. At least for my monitors. I was using HDMI before and it was on 60Hz. Kept messing up the dual display one one of the monitors (Asus Tuf Gaming VG289)
- in Gnome-Tweaks, you’ll need to disable “suspend when laptop lid is shut”. I keep my laptop screen down and only use my monitors. Docking and undocking makes it more smooth with this setting.
Fedora/RedHat NetworkManager SAML/SSO VPN
October 24, 2022Palo Alto's Global Protect VPN client sucks for Linux. NetworkManager openconnect works amazingly, you just have to upgrade it to the below versions. There is a weird deal where you may need to hit the "login" button twice or "connect" twice, cant remember, it will go thru. After that, it will just sign in, works like a charm. NetworkManager 1.40.1 openconnect 9.01.git.55.92084ea NetworkManager-openconnect 1.2.9.git.80.2f48f84 With these COPRs: https://copr.fedorainfracloud.org/coprs/dwmw2/openconnect/ https://copr.fedorainfracloud.org/coprs/networkmanager/NetworkManager-1.40-debug/ Source: https://bugzilla.redhat.com/show_bug.cgi?id=2035411
.:|:. Network Geek .:|:. 