Sysadmin Mega Thread

Dynamic_Gravity · March 19, 2021, 4:05pm

Found this comment:

Rsync is a very powerful tool, perfectly capable of doing what you are asking. Simply use the following options: -aAX --numeric-ids , where:

-a means “archive”, and it implies several other options;

-A means “Access Lists”, and it is needed to backup the NTFS security descriptors;

-X means “Extended Attributes”, and it copy any additional meta-stream attached to the file;

--numeric-ids means to not mangle the UID/GID attached to the files. NOTE: if you Windows and Linux machines have persistent UID/GID (eg: by being joined to a AD/LDAP domain), you can safely skip this option.

I suggest you to directly install CygWin/Rsync on the Windows machine, bypassing the Linux mount entirely. Moreover, please consider using rsync via rsnapshot: it is a very good utility with incremental backup feature.

cotton · March 19, 2021, 5:22pm

The SAMBA server is a linux machine with about 10 clients. Only one client is Windows.

oO.o · March 21, 2021, 12:48am

Does anyone have any experience with this?

oO.o · March 23, 2021, 9:52pm

Does anyone use Spiceworks?

2FA · March 25, 2021, 1:36am

Came across Uyuni which is SUSE’s fork of Spacewalk. Setting up a test system to see how it performs, seems pretty robust from what I can tell at an initial glance. Only downside so far is that there isn’t a lot of 3rd party info out there about it so the documentation is probably your best friend.

Dynamic_Gravity · March 26, 2021, 7:28pm

Finally got all the parts hooked up to use a Netapp DS4243 to my TrueNAS 2U server.

Twas a long journey.

Trooper_ish · March 27, 2021, 2:04am

I did not realise there was a ZFS - module for Cockpit yet… still in testing, but seems pretty sweet

oO.o · March 27, 2021, 3:16am

Wonder if 45drives people helping with that

Trooper_ish · March 27, 2021, 3:17am

I saw it on the recent Lawrence systems video, and pretty sure Tom mentioned that.

cdoublejj · March 28, 2021, 12:46am

anyone setup lancache? i can’t tell if ubuntu server is blocking the ports or snapd is doing something weird with docker. but, dns doesn’t seem to work when i point dns to lancache dns

nx2l · March 28, 2021, 1:35am

yes… i made a how-to
with podman…

cdoublejj · March 28, 2021, 4:28am

how long ago?

i disabled ufw and disabled systemd listening on port 53 as per lancahce common TSing. when ever i disabled DNS masq in dd-wrt and set to my ubuntu vm running docker as per my specified in my .env file and yet dns BREAKS, my machines can’t resolve hgtv.com or espn.com etc etc.

said machines can ping ubuntu vm, i do not see any ip conflicts

…what gives…? what am i not seeing and missing.

are there commands i can run to see if my lancache containers can do dnslookups to it’s dns server (8.8.8.8)? is my lancahce dns server starving for dns data?

nx2l · March 28, 2021, 11:28am

I wont be much help with ubuntu, sorry.

You can try to exec into the container to run commands.

Guide - steamcache on Centos7/podman Wikis & How-to Guides

Preface: I write this guide from POV of the root user I wont cover OS install or drive/disk/filesystem setup I am using a file system mounted at /mnt/cached mkdir -p /mnt/cached/cache/{riot,origin,blizzard,steam}/{data,logs} I set selinux on that directory: semanage fcontext -a -t container_file_t ‘/mnt/cached(/.*)?’ The number of IP addresses you need to use can vary. If only doing steamcache: two Ip addresses should be enough Be sure to use whatever you desire for your upstream dns * Step one: install Centos7 (minimal) Step two: setup static networking vim /etc/sysconfig/network-scripts/ifcfg-eth0 nmcli con reload && nmcli con up eth0 ip add or nmtui nmcli con reload && nmcli con up eth0 ip add Step three: install packages and updates yum install vim bash-completion setroubleshoot epel-release net-snmp && yum upgrade shutdown -r +4 wait for reboot yum install podman Step four: scripts Create three executable scripts from the below text Edit them if you have different IP’s or are using a different folder/mount point. The first two should be all you need, unless you need to cleanup and start over. #!/bin/bash # Steam sudo podman run \ --restart always -d \ --name steam-cache \ -v /mnt/cached/cache/steam/data:/data/cache \ -v /mnt/cached/cache/steam/logs:/data/logs \ -p 192.168.0.50:80:80 \ lancachenet/generic:latest #Origin sudo podman run \ --restart always -d \ --name origin-cache \ -v /mnt/cached/cache/origin/data:/data/cache \ -v /mnt/cached/cache/origin/logs:/data/logs \ -p 192.168.0.51:80:80 \ lancachenet/generic:latest #Blizzard / Battle.net sudo podman run \ --restart always -d \ --name blizzard-cache \ -v /mnt/cached/cache/blizzard/data:/data/cache \ -v /mnt/cached/cache/blizzard/logs:/data/logs \ -p 192.168.0.52:80:80 \ lancachenet/generic:latest #Riot Games sudo podman run \ --restart always -d \ --name riot-cache \ -v /mnt/cached/cache/riot/data:/data/cache \ -v /mnt/cached/cache/riot/logs:/data/logs \ -p …

2FA · March 30, 2021, 12:37am

This is my compose file:

services:
  dns:
    image: lancachenet/lancache-dns:latest
    env_file: .env
    restart: unless-stopped
    ports:
      - ${DNS_BIND_IP}:53:53/udp
  sniproxy:
    image: lancachenet/sniproxy:latest
    env_file: .env
    restart: unless-stopped
    ports:
      - 443:443/tcp
  monolithic:
    image: lancachenet/monolithic:latest
    env_file: .env
    restart: unless-stopped
    ports:
      - 80:80/tcp
    volumes:
      - ${CACHE_ROOT}/cache:/data/cache
      - ${CACHE_ROOT}/logs:/data/logs

And my .env

LANCACHE_IP=10.20.1.34
DNS_BIND_IP=10.20.1.34
UPSTREAM_DNS=10.20.1.35
CACHE_ROOT=/cache
CACHE_DISK_SIZE=10000000m
CACHE_MEM_SIZE=500m
CACHE_MAX_AGE=3650d

I have systemd-resolved set to listen on 127.0.0.53 which I believe is the default. Not sure if you knew but not specifying an IP in the port mapping makes it bind to all IPs. I specifically binded to 10.20.1.34 so that it doesn’t interfere with the DNS resolution of systemd-resolved.

Also the commands docker events and docker logs <container name> are super handy for troubleshooting.

cotton · March 31, 2021, 9:11pm

Does anyone have any docs for creating an SMTP system such as the one below:

Basically, There are mulitple applications which need to relay to a single FQDN. Say smtp.example.com. That relay needs to then be able to forward the message to the correct endpoint on the right. The rules are applications connect to the relay using SMTP. To the right of the relay the same endpoint is used — smtp.3rdpartysmtprelay.com.

I’ve done this once already, using postfix and some interesting dns stuff, but I’d like to know if anyone has any alternative suggestions.

mutation666 · April 1, 2021, 2:32pm

IP KVMs what ones have you used/liked? Looking to update one at work wanted to know if anyone had any opinions on them.

cdoublejj · April 2, 2021, 3:07am

very interested, they are all a few $k USD last i looked, all i can afford is old java windows xp based stuff. it’s almost cheaper to buy an asrock PAUL for each machine.

rcxb · April 2, 2021, 5:19am

If you only need to control a small number of a systems, PiKVM is an option. Perhaps combine it with a (non-IP) KVM with either keyboard based, RS232 or other type of remote control option.

For more systems, some old gear is cheap and still works well…
You can get a 2161DS-2 for under $90. Then the SIP/POD for each computer for $12/ea. If you want to connect more than 16 systems, 0FG697 Expansion modules are fairly cheap as well.

Yeah, to get a web based console on those, you need to use Internet Explorer or something else old that supports java plugins, BUT you can download the stand-alone utility, which still works well on modern versions of Windows and Linux.

BEWARE of other IP-KVMs on eBay like Avocent. You’ll find some selling for $20 but they won’t do anything until you pay for a license which you must renew forever.

cdoublejj · April 3, 2021, 3:32am

2FA:

This is my compose file:
services:
  dns:
    image: lancachenet/lancache-dns:latest
    env_file: .env
    restart: unless-stopped
    ports:
      - ${DNS_BIND_IP}:53:53/udp
  sniproxy:
    image: lancachenet/sniproxy:latest
    env_file: .env
    restart: unless-stopped
    ports:
      - 443:443/tcp
  monolithic:
    image: lancachenet/monolithic:latest
    env_file: .env
    restart: unless-stopped
    ports:
      - 80:80/tcp
    volumes:
      - ${CACHE_ROOT}/cache:/data/cache
      - ${CACHE_ROOT}/logs:/data/logs
And my .env
LANCACHE_IP=10.20.1.34
DNS_BIND_IP=10.20.1.34
UPSTREAM_DNS=10.20.1.35
CACHE_ROOT=/cache
CACHE_DISK_SIZE=10000000m
CACHE_MEM_SIZE=500m
CACHE_MAX_AGE=3650d
I have systemd-resolved set to listen on 127.0.0.53 which I believe is the default. Not sure if you knew but not specifying an IP in the port mapping makes it bind to all IPs. I specifically binded to 10.20.1.34 so that it doesn’t interfere with the DNS resolution of systemd-resolved.

Also the commands docker events and docker logs <container name> are super handy for troubleshooting.

i just disabled the system d thingies as per common issue on lancache site. idk what the system d dns even is needed for?

2FA · April 3, 2021, 1:50pm

So the local system, in this case your Lancache system, can resolve DNS. If you want Lancache to listen on 0.0.0.0, so all IP addresses on the system, you have to disable resolved. I don’t have to do that because I have mine specifically set to one IP address.

I have mine set that way because I have a couple Windows DNS servers in front of my Lancache for local records. Mine is like Client–>AD DNS–>Lancache–>AdGuard Home. AdGuard forwards to Quad9 over HTTPS. Looking at the documentation for Lancache, apparently you can set your own local records so I might do that instead of the AD DNS as it is kind of overkill lol