Welcome to tinman alley!
The Internet Archive is a wonderful and much needed resource. They helped preserve valuable historic data that you can’t get anywhere.
Recently the IA came under attack by the powerful and greedy (IMHO) recording industry for trying to preserve sounds on 78 LP records. If you have a few moments, please help spread the word and give whatever supports you can to the Internet Archive.
Hypocrite Elon Musk has finally banned all Jet tracker accounts on Twitter, despite claiming that he supports freedom of expressions. Of course, the hypocrite only supports expression about things he agree with.
In any case, Jet tracker has moved to Maston. Here https://mastodon.social/@elonjet
Original article here: https://techcrunch.com/2022/12/14/elon-jet-the-twitter-account-tracking-elon-musks-flights-was-permanently-suspended/
This is a cookbook style on how to set a limit (ulimit style) on your custom services that is managed by systemd.
Why would you want to do something like this?
You might be running on a small server (or instance if you are using cloud services) and want to prevent your application from affecting other services sharing that server (think of noisy neighbor problem).
Generally, Linux kernel scheduler does a good job of fairly sharing system resources, but that is assuming you have a well behaved application.
Sometime you want to pack applications tightly and don’t mind less performant applications.
In summary, there are lots of reasons why you might want to tune the resources allocated to your applications.
Luckily, if you are using systemd as the controller, you can take advantage of its capabilities.
Note:
There are some caveats. You need to be using a fairly recent kernel and Linux distrob, either Ubuntu/Debian or recent CentOS/RedHat/Fedora.
I am going to show you how to get cloudquery run under systemd on an Ubuntu 20.04 LTS. The reason that I want to do this is because cloudquery will use as much memory as it can and trigger Linux OOM killer.
There are 3 files needed:
Once you have all 3 files in place and edited the values to match your particular system, you need to tell systemd to check its directory for the new service, by running
systemctl daemon-reload
Once you have done that, you can check to see if systemd see your new service, by running
systemctl list-unit-files|grep query
Test to see if everything works by starting your service.
systemctl start cloudquery
Check (and debug) the status of your new service via
systemctl status cloudquery
and journalctl -xe
Thanks to the posts from https://unix.stackexchange.com/questions/436791/limit-total-memory-usage-for-multiple-instances-of-systemd-service for pointing me in the right direction.
Surprisingly this was an extremely hard to find piece of information on the topic. At least one that fit my need. There were lots of questions in various online posts, but no completely working answers with all the relevant details in one place.
I am going to document it here.
Aggregation router is a pair of Cisco 6506E in VSS mode, active-active. They have ip helper pointing to my DHCP server.
There was a pretty useful post about single DHCP server, multiple subnets on one interface here. But this does not work for my situation. He’s using a fairly simple network, and his DHCP server run on the gateway.
I have a gateway/router that aggregates multiple VLANs, one of which is a management VLAN that my DHCP server sits on. All the other VLANs has the DHCP relay helper address pointing to my DHCP server (see graph above).
Using the “shared-network” statement in dhcpd.conf does not work as that will pool all of the subnet declaration into that single network. This is why the blog post uses the classes along with “match if” statements to put DHCP client requests into the correct subnets. I have anywhere from 200 to 300+ servers in each VLAN, and they are a mix of gears/vendors. There is no way that I can use hardware (MAC) address, without it getting very complicated, not to mention the horror of maintaining that mapping.
ISC DHCP actually supports what I wanted out of the box. The trick was to make all the subnet declaration, but don’t use the “shared-network” statement. Make sure the DHCP relay are setup correctly, and when client make DHCP requests, they will arrive at the DHCP server with the relay address in it as the GIADDR (gateway IP address). The DHCP server will see that and know which subnet it should provide addresses from.
Here is the dhcpd.conf portion of the working config. Note that I also do PXE and kickstart boot from this dhcpd server.
authoritative;
# this is the most important line. It specifies the method
# to use to connect to the DNS server and update it.
ddns-update-style none;
ddns-domainname "example.com";
ignore client-updates;
option host-name = config-option server.ddns-hostname;
include "/etc/rndc.key";
option domain-name "example.com";
option domain-name-servers 10.1.14.10,10.1.14.11,10.1.14.12;
option time-offset -18000; # Pacific Standard Time
option ntp-servers 10.1.14.11;
one-lease-per-client off;
default-lease-time 86400;
max-lease-time 604800;
option ip-forwarding off;
# PXE
next-server install;
filename "/linux-install/pxelinux.0";
# Subnet for internal hosts
subnet 10.1.0.0 netmask 255.255.254.0 {
range 10.1.1.200 10.1.1.253;
option routers 10.1.0.1;
option subnet-mask 255.255.254.0;
#failover peer "dhcp";
}
subnet 10.1.2.0 netmask 255.255.254.0 {
range 10.1.3.200 10.1.3.253;
option routers 10.1.2.1;
option subnet-mask 255.255.254.0;
#failover peer "dhcp";
}
subnet 10.1.4.0 netmask 255.255.254.0 {
range 10.1.5.200 10.1.5.253;
option routers 10.1.4.1;
option subnet-mask 255.255.254.0;
#failover peer "dhcp";
}
....and so on....
Watch out if you are using libraries and code from public repositories. Supply chain attacks are (have been) on the rise.
The latest one is on Rust.
I was cleaning my collection of documents, software…. ok, boxes and boxes of books, manuals, floppies, QIC tapes, DAT tapes and 8mm tapes….
When I found a box of 
and here is what’s inside the box.
Wow, that brings back memories.
You must be logged in to post a comment.