Blog

Blog

Building dnsmasq docker-compose file with DHCP enabled

Posted on by Bian Xi Leave a Comment on Building dnsmasq docker-compose file with DHCP enabled

Building dnsmasq docker-compose file with DHCP enabled

Creating Dockerfile

Create Dockerfile as below, the VOLUME /data is pointing to configuration folder

FROM ubuntu:latest

VOLUME /data

RUN apt update
RUN apt install dnsmasq -y
RUN apt install iproute2 -y

CMD dnsmasq -q -d --conf-file=/data/dnsmasq.conf --dhcp-broadcast

Creating docker-compose.yml file

Must add cap_add parameter.

version: '2'

services:
  dnsmasq:
    container_name: dnsmasq
    image: dnsmasq
    build:
      context: .
      dockerfile: Dockerfile.dnsmasq
    restart: unless-stopped
    volumes:
      - /app/dnsmasq/data:/data
    networks:
      - my_macvlan_250
    cap_add:
      - NET_ADMIN

networks:
  my_macvlan_250:
    external: true

This is the same as below command

docker run --cap-add=NET_ADMIN --name dnsmasq -d -it --restart unless-stopped -v /app/dnsmasq/data:/data --network my_macvlan_250 dnsmasq

References

OSIM Sundown Marathon 2023

Posted on by Bian Xi Leave a Comment on OSIM Sundown Marathon 2023

OSIM Sundown Marathon 2023

Event stated at 11:30 PM on 20 May 2023 for 42KM. During running, I got stomachache , could not even have deep breath, only can walk after 25km. Maybe because this is the first time I tried energy gels. Although got vomiting a bit, felt a bit better, still felt pain. Or maybe because ran too fast in first 21km (1:56), wanted to check my half marathon speed. Or maybe because inhaled water a few times, caused severe coughing. Still unclear.

Medals

Result

OSIM Sundown Marathon 2023 - Result Website

By Chip

By start

Map

Map

Race Guide

Race Guide

References

Sundown Website

Install Synology CA Certificate into Linux OS

Posted on by Bian Xi Leave a Comment on Install Synology CA Certificate into Linux OS

Install Synology CA Certificate into Linux OS

To trust Synology self generated CA in Linux OS, following steps can be used.

Export Synology CA Certificates from NAS

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button
  • Select the certificate named as synology
  • Select Explore certificate, then Next

There will be 4 files in the downloaded ZIP file

cert.pem
privkey.pem
syno-ca-cert.pem
syno-ca-privkey.pem

Copy the Synology CA certificate

Copy file syno-ca-cert.pem to server folder and rename it to .crt

cp syno-ca-cert.pem /usr/local/share/ca-certificates/syno-ca-cert.crt
update-ca-certificates

Note: the certificate file name must be .crt

Restart service

For any services used certificate generated by Synology CA certificate, restart the service

systemctl restart <service>

Test CA

Use openssl command

Run following commands

openssl s_client -connect server_address:443 -CAfile /usr/local/share/ca-certificates/syno-ca-cert.crt
openssl s_client -connect server_address:443 -CApath /etc/ssl/certs

Should return 0 (ok)

Verify return code: 0 (ok)

Use curl command

curl --verbose <URL> --cacert /usr/local/share/ca-certificates/syno-ca-cert.crt
curl --verbose <URL>

References

Install self generated CA certificate into Linux OS

Posted on by Bian Xi Leave a Comment on Install self generated CA certificate into Linux OS

Install self generated CA certificate into Linux OS

To trust self generated CA from client system, following steps can be used.

Retrieve CA certificate from server

Copy from CA certificate using browser

Click on lock icron beside address bar of browser, then view certificates.

Copy from server,

The self generated CA certificate normally can be found in server, such as xxxx.ca.crt.

Run command to retrieve from service

Following command will print out CA certificate, remove unnecessary lines, such as DONE, if any.

Note: I haven't validated the certificate retrieved using this method.

openssl s_client -showcerts -connect [server_address]:[port] < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

Install CA certificate

Copy CA certificate into /usr/local/share/ca-certificates directory, such as xxxx.ca.crt, then run update-ca-certificates command to update system CA, then restart impacted service.

cp <xxxx.ca.crt> /usr/local/share/ca-certificates
update-ca-certificates
systemctl restart <service>

Note: the certificate file name must be .crt

Test CA

Run following command, should return 0 (ok) as below.

openssl s_client -connect server_address:443 -CApath /etc/ssl/certs

...
Verify return code: 0 (ok)

Lost network after PVE rebooted

Posted on by Bian Xi Leave a Comment on Lost network after PVE rebooted

Lost network after PVE rebooted

Error

After reboot of PVE, network interfaces detected, but no link activated, ip address command shows all physical interfaces are down, and interfaces LED lights are shut off when loading OS.

Getting permission denied error when run ifup command, when using python3 /usr/sbin/ifup -a command, getting error as another instance of this application is already running

After using strace python3 /usr/sbin/ifup -a command, found that the command tried to access folder /run/network, but it doesn't exist.

Solution

Create folder /run/network after rebooted, then run command python3 /usr/sbin/ifup -a to bring up network manually.

Note: This is only a temporary solution, because the folder /run/network will disappear. Will troubleshoot again when got time.

References

Renew Self Signed Certificate Using Synology DSM with custom CA

Posted on by Bian Xi Leave a Comment on Renew Self Signed Certificate Using Synology DSM with custom CA

Renew Self Signed Certificate Using Synology DSM with custom CA

Renew server certificate

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button
  • Select Renew certificate, then Next
  • Fill up information for Create certificate signed request (CSR), then Next
  • Click on Download

Following files are created in downloaded ZIP file

  • server.csr
  • server.key

Generate certificate

Following the steps in the page below to create and import the certificates

Use Synology DSM to create Self Signed Certificate with custom CA

References

Use Synology DSM to create Self Signed Certificate with custom CA

Split Mirror in RHEL

Posted on by Bian Xi Leave a Comment on Split Mirror in RHEL

Split Mirror in RHEL

To copy one LV to another VG using LV mirror method. This method can not be performed on-line because of vgsplit command.

Note: RHEL doesn't have cplv command.

Steps

vgcreate vg01 /dev/vdb
lvcreate -L 1G -n test1 vg01
vgextend vg01 /dev/vdc
lvconvert --type raid1 --mirrors 1 /dev/vg01/test1 /dev/vdc
lvdisplay -m vg01/test1
lvconvert --splitmirrors 1 --name test2 /dev/vg01/test1
lvdisplay -m vg01/test1
lvdisplay -m vg01/test2
vgchange -a n vg01
vgsplit -t -v /dev/vg01 /dev/vg02 /dev/vdc
vgsplit -v /dev/vg01 /dev/vg02 /dev/vdc
lvs
vgchange -a y vg01
vgchange -a y vg02

References

How to move / copy logical volume (lv) to another volume group (vg)?