Blog

Blog

Proxmox Virtual Environment

Proxmox Virtual Environment

Proxmox is a KVM hypervisor and Linux Containers (LXC), thinking using it replace TrueNAS. But after research, found that it can not use thin disk, this is a big issue for me to save disk space.

TrueNAS still got some better points compare with Proxmox VE, such as the storage management, TrueNAS ZFS management looks more fesible than Proxmox can do. But Proxmox has some other points, such as support multiple hosts, more complex networking, file based VM image. TrueNAS uses ZFS volume to manage VM image, which creates many snapshots, hope the TrueNAS can have lesser bugs, especially on ZFS snapshots.

In the end, I think I will still use TrueNAs, I need ZFS pool feature to avoid disk issue.

References

Proxmox Virtual Environment

Server Overlay and Serverless

Server Overlay and Serverless

Can application layer isolated from OS layer?

Overlay

Docker uses overlay system, but it requires docker file to rebulid docker image. My colleague was asking me about the image patching and I told him that upper layer can overwrite the lower layer, there is no way to prevent this.

Layering

If the layering can be done in managed way, then it could be a better option to deploy applications. So the ideal is to separate platform to more layers as below

  • OS layer - Kernal and all OS packages are sitting in this layer
  • OS configuration layer - This layer consists of operating system configurations, such as network configuration, application filesystem configuration, etc.
  • OS to APP Patch layer - Some specific OS requirements for specific application.
  • Middleware layer - This includes middleware packages
  • Data layer - This includes all data required to run application
  • Application layer - This is the actual application

Docker or Containerd

The Docker or Containerd packages can be in OS layer, but the actual configuration should be Middleware layer.

CoreOS

The CoreOS implementation is a good example for this layering.

Sample implementation

solve raspbian SD card corruption issues with read-only mounted root partition

Steps

  • Copy the script in next section to /sbin/overlayRoot.sh and make it executable
sudo chmod +x /sbin/overlayRoot.sh
  • Disable swap:
sudo dphys-swapfile swapoff
sudo dphys-swapfile uninstall
sudo update-rc.d dphys-swapfile remove
  • Add following line to the end of cmdline.txt file in the boot partition:
init=/sbin/overlayRoot.sh
  • reboot

Script

The copy of script is listed below

#!/bin/sh
#  Read-only Root-FS for Raspian using overlayfs
#  Version 1.1
#
#  Version History:
#  1.0: initial release
#  1.1: adopted new fstab style with PARTUUID. the script will now look for a /dev/xyz definiton first 
#       (old raspbian), if that is not found, it will look for a partition with LABEL=rootfs, if that
#       is not found it look for a PARTUUID string in fstab for / and convert that to a device name
#       using the blkid command. 
#
#  Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script
#  (raspbian does not use an initramfs on boot)
#
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see
#    <http://www.gnu.org/licenses/>.
#
#
#  Tested with Raspbian mini, 2018-10-09
#
#  This script will mount the root filesystem read-only and overlay it with a temporary tempfs 
#  which is read-write mounted. This is done using the overlayFS which is part of the linux kernel 
#  since version 3.18. 
#  when this script is in use, all changes made to anywhere in the root filesystem mount will be lost 
#  upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly
#  helps to prolong its life and prevent filesystem coruption in environments where the system is usually
#  not shut down properly 
#
#  Install: 
#  copy this script to /sbin/overlayRoot.sh, make it executable and add "init=/sbin/overlayRoot.sh" to the 
#  cmdline.txt file in the raspbian image's boot partition. 
#  I strongly recommend to disable swapping before using this. it will work with swap but that just does 
#  not make sens as the swap file will be stored in the tempfs which again resides in the ram.
#  run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option:
#  sudo dphys-swapfile swapoff
#  sudo dphys-swapfile uninstall
#  sudo update-rc.d dphys-swapfile remove
#
#  To install software, run upgrades and do other changes to the raspberry setup, simply remove the init= 
#  entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more. 

fail(){
    echo -e "$1"
    /bin/bash
}

# load module
modprobe overlay
if [ $? -ne 0 ]; then
    fail "ERROR: missing overlay kernel module"
fi
# mount /proc
mount -t proc proc /proc
if [ $? -ne 0 ]; then
    fail "ERROR: could not mount proc"
fi
# create a writable fs to then create our mountpoints 
mount -t tmpfs inittemp /mnt
if [ $? -ne 0 ]; then
    fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs"
fi
mkdir /mnt/lower
mkdir /mnt/rw
mount -t tmpfs root-rw /mnt/rw
if [ $? -ne 0 ]; then
    fail "ERROR: could not create tempfs for upper filesystem"
fi
mkdir /mnt/rw/upper
mkdir /mnt/rw/work
mkdir /mnt/newroot
# mount root filesystem readonly 
rootDev=`awk '$2 == "/" {print $1}' /etc/fstab`
rootMountOpt=`awk '$2 == "/" {print $4}' /etc/fstab`
rootFsType=`awk '$2 == "/" {print $3}' /etc/fstab`
echo "check if we can locate the root device based on fstab"
blkid $rootDev
if [ $? -gt 0 ]; then
    echo "no success, try if a filesystem with label 'rootfs' is avaialble"
    rootDevFstab=$rootDev
    rootDev=`blkid -L "rootfs"`
    if [ $? -gt 0 ]; then
        echo "no luck either, try to further parse fstab's root device definition"
        echo "try if fstab contains a PARTUUID definition"
        echo "$rootDevFstab" | grep 'PARTUUID=\(.*\)-\([0-9]\{2\}\)'
        if [ $? -gt 0 ]; then 
        fail "could not find a root filesystem device in fstab. Make sure that fstab contains a device definition or a PARTUUID entry for / or that the root filesystem has a label 'rootfs' assigned to it"
        fi
        device=""
        partition=""
        eval `echo "$rootDevFstab" | sed -e 's/PARTUUID=\(.*\)-\([0-9]\{2\}\)/device=\1;partition=\2/'`
        rootDev=`blkid -t "PTUUID=$device" | awk -F : '{print $1}'`p$(($partition))
        blkid $rootDev
        if [ $? -gt 0 ]; then
        fail "The PARTUUID entry in fstab could not be converted into a valid device name. Make sure that fstab contains a device definition or a PARTUUID entry for / or that the root filesystem has a label 'rootfs' assigned to it"
        fi
    fi
fi
mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower
if [ $? -ne 0 ]; then
    fail "ERROR: could not ro-mount original root partition"
fi
mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot
if [ $? -ne 0 ]; then
    fail "ERROR: could not mount overlayFS"
fi
# create mountpoints inside the new root filesystem-overlay
mkdir /mnt/newroot/ro
mkdir /mnt/newroot/rw
# remove root mount from fstab (this is already a non-permanent modification)
grep -v "$rootDev" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab
echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab
echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab
echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab
# change to the new overlay root
cd /mnt/newroot
pivot_root . mnt
exec chroot . sh -c "$(cat <<END
# move ro and rw mounts to the new root
mount --move /mnt/mnt/lower/ /ro
if [ $? -ne 0 ]; then
    echo "ERROR: could not move ro-root into newroot"
    /bin/bash
fi
mount --move /mnt/mnt/rw /rw
if [ $? -ne 0 ]; then
    echo "ERROR: could not move tempfs rw mount into newroot"
    /bin/bash
fi
# unmount unneeded mounts so we can unmout the old readonly root
umount /mnt/mnt
umount /mnt/proc
umount /mnt/dev
umount /mnt
# continue with regular init
exec /sbin/init
END
)"

Upgrade Synology DS1812+ Memory

Upgrade Synology DS1812+ Memory

As the Synology DS1812+ NAS officially only supports 3GB RAM, I used 3GB RAM NAS for many years.

Recently, I got one 1Rx8 4GB DDR3 RAM, wanted to try to see whether DS1812+ can use it.

After installed, luckily it is working. Plus 1GB on board memory, it has about 5GB memory now.

root@ds1812:~# free
              total        used        free      shared  buff/cache   available
Mem:        5072432      901144      323456       15908     3847832     3761546
Swap:       5140404      460920     4679484
root@ds1812:~# cat /proc/meminfo 
MemTotal:        5072432 kB
MemFree:          890332 kB
Buffers:            6104 kB
Cached:          3018256 kB
SwapCached:        29084 kB
Active:           662768 kB
Inactive:        2548468 kB
Active(anon):      94080 kB
Inactive(anon):   108664 kB
Active(file):     568688 kB
Inactive(file):  2439804 kB
Unevictable:        5804 kB
Mlocked:            5804 kB
SwapTotal:       5140404 kB
SwapFree:        4675032 kB
Dirty:             18444 kB
Writeback:          3860 kB
AnonPages:        188544 kB
Mapped:            76504 kB
Shmem:             15376 kB
Slab:             261456 kB
SReclaimable:      63788 kB
SUnreclaim:       197668 kB
KernelStack:       14400 kB
PageTables:        69604 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     7676620 kB
Committed_AS:    4152632 kB
VmallocTotal:   34359738367 kB
VmallocUsed:      478460 kB
VmallocChunk:   34359221580 kB
DirectMap4k:       16876 kB
DirectMap2M:     5214208 kB
root@ds1812:~# 

Implement ReCatpcha in WordPress

Implement ReCatpcha in WordPress

To save time on reviewing comment in WordPress, I decided to implement ReCatpcha in WordPress.

Steps

Download plugin

Download Advanced noCaptcha & invisible Captcha plugin, because it supports many forms, including Contact Form 7 which I'm using currently.

Configure Google reCAPTCHA keys

Get Google reCAPTCHA keys and configure them into two fields in settings of plugin.

  • Site Key
  • Secret Key
  • Enable all forms in Enabled Forms
  • Set recaptcha.net as Recaptcha Domain

Note: I chose V3.

Result will be a smal box at right bottom corner on each page.

Configure Contact Form 7

In Contact Form 7 plugin configuration, click on the form which used and add following statement.

[anr_nocaptcha g-recaptcha-response]

There is an issue after turned on.

The contact form has one empty non-editable box, very annoying.

References

How to get Google reCAPTCHA keys?
Adding any type of CAPTCHA check to Contact Form 7 forms
Contact Form 7 ReCaptcha SPAM Issues

Time Machine stuck at Stopping

Time Machine stuck at Stopping

Recently upgraded my DS1812+ memory, the backup job was stuck, but I don't know whether they are related. Because I was rebooting in the morning, but the backup was stuck at 4pm.

Fix

To fix the issue, run following command

sudo killall backupd

Some people mentioned commands

sudo service com.apple.metadata.mds stop
sudo service com.apple.metadata.mds start

But there is no service command in my MacOS.

References

10.5: How to abort a stuck Time Machine backup

Command `rmlint`usage

Command rmlintusage

The command rmlint can be used to dedup the files, which can support reflink.

I was using reflink dedup for BTRFS, but end up, I changed to hardlink. I think hardlink is more commonly used in Unix environment

Command

rmlint -T df --config=sh:handler=hardlink /dedup

This will dedup the files in /dedup directory, and will generate a file called rmlint.sh in current directory. Run that shell script, will change duplicated files to hard link.

The -T df means dedup files.
The config=sh means generate shell script
The handler=hardlink means generate script using hardlink dedup

Other options

There are many options, but I don't use them.

References

Gentle Guide to rmlint
2 examples for rmlint

Docker folder removed after removed Docker package in Synology

Docker folder removed after removed Docker package in Synology

I was changing harddisk in Synology DSM 7 in the volume with Docker package installed by recreating the volume, it requires docker package to be removed. I thought the docker folder (/volumeX/docker) might not removed, so backed up the container images into docker folder. But I was wrong, the docker folder was removed.

The docker folder was created by Docker package, which can be moved to other volume after stopped Docker package. I didn't see any data in it, and I don't know what the usage of this folder is and it is zero in size.

eWeLink could not detect new Sonoff switch

eWeLink could not detect new Sonoff switch

Spent a few hours troubleshoot the eWeLink could not add Sonoff switch issue.

  • Tried to move the switch near to WiFi router
  • Separate bands in router
  • Connect to different router
  • Change phone, between iPhone and Android phone

After a few hours, still could not detect Sonoff switch.

In the evening, the suddenly can detect, but could not download device info, got error 401. Then I think it was caused by me after reset password, then used the phone which performed password reset to try again. Finally the device was added successfully.

Then tried at night again, everything ok.

Possible cause

I think it was caused by eWeLink website issue, which could not register new device. And once issue happened, need to reset the device to let the eWeLink App detects again, and I didn't notice the message as well.

eweLink has made some changes last week. API needs updating

Strange result of verifying APE Audio File

Strange result of verifying APE Audio File

In Monkey’s Audio, there is a function called Verify, which should verify integrity of APE audio files.

But after I downloaded the latest version of Monkey's Audio (version 7.21), then I don't believe it can do any more.

I got a few files which are different than another set of same files. They come from same source, shoud be identical, but there are a few bytes different. Then I used Monkey's Audio to test all of them, they all past the verification.

There are some other issues too, the Monkey's Audio could not add directory, I tried many time, just nothing added. But I can add files.

References

Possible to check integrity of APE files?
Monkey's Audio
Why use the APE Audio File Format to Back Up Your Audio CD? Monkey’s Audio Explained