Author: Алексей Пышонкин

UNIX system administrator

possible workarounds of fortigate VPN client changing DNS server

Since VPN technology is used to connect sites and users, usually most it’s implementations provide an ability to change DNS servers to available on remote side. But not all of them are able to do this neatly and without breaking existing configuration. And if routing configuration works fine in most use cases, dealing with resolv.conf

Continue Reading…

ansible template parsing workaround

Whilst trying to template a python script with ansible 2.4 I’ve got a weird error: fatal: [HOSTNAME]: FAILED! => { “changed”: false, “failed”: true, “msg”: “AnsibleError: template error while templating string: Missing end of comment tag. String: #!/usr/bin/python\nimport os\nimport json\n\nif __name__ == \”__main__\”:\n # Iterate over all block devices, but ignore them if they are

Continue Reading…

crontab truncates file path to 100 symbols

I use crontab’s ability to load it’s configuration from file in my deployment scripts. But today it refused to load the configuration due to inability to find the file, despite all permissions were correct for this file. Using stdin (cat $ABSOLUTE_PATH | crontab -) worked correctly, but I was curious why this happens in the

Continue Reading…

nginx IP rules beyond DDoS guard

I use ngx_http_access_module‘s allow/deny directives to protect sensitive parts of my websites from public access. But if a website is protected by CloudFlare, or same-scheme DDoS protection/CDN provider, your nginx will get only CloudFlare’s IPs, so your blocking (or any another IP-based, e.g. GeoIP) rules will not work. This HOWTO is written for CloudFlare. P.S.

Continue Reading…

unable to find LVM volume pve/root

I found out that my recently installed Proxmox hypervisor sporadically can’t boot due to inability to find it’s LVM logical volumes: This situation means that our initramfs is successfully loaded, unpacked and finished it’s work, and now, when the OS should run the real filesystem, disks are not present. First of all, you need to

Continue Reading…

jenkins can’t connect to slaves after update to 2.55 or higher

Jenkins is a continuous integration tool, which is written in Java and provides very useful toolchain for DevOps software cycle. After update to version 2.55 my master server was unable to connect to it’s own slaves. I began receiving messages like this after an update whilst trying to connect to slave: ERROR: Connection terminated java.io.IOException:

Continue Reading…

atop log does not rotate in debian stretch

atop is a sar-like tool which saves system diagnostic data and allows to view it if a fancy readable way. By default it’s configured to rotate logs every midnignt, but recently I found out that they aren’t rotating for a month, which made impossible finding any useful info: # ls -ltrh /var/log/atop/ total 7.8G -rw-r–r–

Continue Reading…

hairpin nat alternative

Hairpin NAT (aka loopback NAT) is a technology used to resolve the situation when the resourse, usually web server, is located in internal network, but has an external IP address. It can be accessible from outside interface (in Cisco terminology), but since it has the same gateway as your machine (of course, I mean the

Continue Reading…

atlassian crowd hangs on login after server ip change

Unlike other Atlassian products, Crowd has it’s server IP hardcoded in settings. So, if you have a timeout error on login (in my case it was 504) after server IP changed, you need to change it in crowd.properties file or /etc/hosts, depending on your configuration. Here are messages from crowd log file which describe the

Continue Reading…