Blog

Blog

Setup dnsmasq for DNS, DHCP and TFTP

Posted on by Bian Xi Leave a Comment on Setup dnsmasq for DNS, DHCP and TFTP

Setup dnsmasq for DNS, DHCP and TFTP

To setup DNS, DHCP and TFTP server using dnsmasq, need to consider them separately.

Environment

To ease of setup and backup, consider use docker container to run dnsmasq.

Configure macvlan

As DHCP server requires special network communication, macvlan can be used for this purpose.

Create macvlan on interface bond0 with IP address 192.168.1.250

docker network create -d macvlan -o parent=eth0 --subnet=192.168.1.0/24 --gateway=192.168.1.254 --ip-range=192.168.1.250/32 my_macvlan_250

Configure bridge macvlan

By default, the host machine who configured macvlan communicates with macvlan container, in such case, the DNS server running in dnsmasq will not be accessable by host machine.

In order to allow host machine also use DNS service running in macvlan, following configuration needs to be done, which creates another macvlan in host as bridge mode with IP address 192.168.1.249, and use it to access macvlan in docker with IP address 192.168.1.250.

Add following lines in /etc/network/interfaces

up ip link add my_macvlan_249 link eth0 type macvlan mode bridge
up ip addr add 192.168.1.249/32 dev my_macvlan_249
up ip link set my_macvlan_249 up
up ip route add 192.168.1.250/32 dev my_macvlan_249

Untested setup

Other setup likes using normal bridge network interface on physical network interface, I have tried it, so maybe it is also working.

Start container

Start container and map container /data folder to /app/dnsmasq/data, which can be used to save configuration files

docker run --name dnsmasq -d -it --restart unless-stopped -v /app/dnsmasq/data:/data --network my_macvlan_250 dnsmasq

Above command will run following command in container

dnsmasq -q -d --conf-file=/data/dnsmasq.conf --dhcp-broadcast

Troubleshooting dnsmasq

In order to debug dnsmasq, following command can be used.

docker logs -f dnsmasq

Due to so many requests on DNS from everywhere, if only want to debug DHCP service, following command can be used, and it filter out lines start with dnsmasq: .

docker logs -f dnsmasq --since 1m | grep -v -e "^dnsmasq: "

The DHCP log messages start with dnsmasq-dhcp: .

docker logs -f dnsmasq --since 1m | grep -e "^dnsmasq-dhcp: "

Note: As suggested in configuration, comment log-queries should disable logs for DNS too, but looks like useless.

#log-queries
log-dhcp

Configure TFTP boot

Configure TFTP server

Enable TFTP server

enable-tftp
tftp-root=/data/tftp

Configure DHCP boot

Sample configuration to select boot file according to option client-arch

dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-match=set:efi-x86_64,option:client-arch,9
dhcp-match=set:efi-x86,option:client-arch,6
dhcp-match=set:bios,option:client-arch,0
dhcp-boot=tag:efi-x86_64,efi64/syslinux.efi
dhcp-boot=tag:efi-x86,efi32/syslinux.efi
dhcp-boot=tag:bios,bios/lpxelinux.0

Actual configuration

dhcp-match=set:efi-x86_64,option:client-arch,7
dhcp-boot=tag:efi-x86_64,ipxe.efi
#dhcp-boot=tag:efi-x86_64,grubx64.efi

Set tag for iPXEBOOT, and configure ipxe options

# set tag to IPXEBOOT when has option 175
dhcp-match=IPXEBOOT,175
#dhcp-match=set:ipxe,175 # iPXE sends a 175 option.

dhcp-boot=tag:!IPXEBOOT,undionly.kpxe,dnsmasq,192.168.1.250
dhcp-boot=tag:IPXEBOOT,boot.ipxe,dnsmasq,192.168.1.250

# Configure iSCSI for ipxe boot
#dhcp-option=175,8:1:1
#dhcp-option=tag:IPXEBOOT,17,"iscsi:192.168.1.17::::iqn.2012-12.net.bx:ds1812.pxe-ubuntu"
#dhcp-option-force=vendor:175, 190, user
#dhcp-option-force=vendor:175, 191, password

Configure DHCP

DHCP global configuration, and set host using files in /data/hosts folder, and dhcp-host using files in /data/ethers folder.

no-hosts
hostsdir=/data/hosts
#addn-hosts=/data/banner_add_hosts
dhcp-hostsdir=/data/ethers
dhcp-leasefile=/data/dnsmasq.leases
expand-hosts
dhcp-option=44,192.168.1.250 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=option:domain-search,bx.net,bianxi.com

DHCP Domain and rang

Following lines set up for dhcp hosts which are tagged as home

domain=bx.net,192.168.1.0/24
dhcp-range=tag:home,192.168.1.96,192.168.1.127,255.255.255.0,12h
dhcp-option=tag:home,option:router,192.168.1.254

DHCP mapping

To map MAC address to IP, tag, etc., use dhcp-host. Sample of mapping are shown below

dhcp-host=00:1b:77:07:08:af,set:home
dhcp-host=00:26:4a:18:82:c6,192.168.1.9,set:home
dhcp-host=win10,192.168.1.235,set:home

Note: contents in dhcp-host file, such as /etc/ethers should not have prefix of dhcp-host= as in main configuration file dnsmasq.conf does.

00:1b:77:07:08:af,set:home
00:26:4a:18:82:c6,192.168.1.9,set:guest
win10,192.168.1.235,set:home

DHCP reject unknown hosts

Using following configuration line to ignore all unknown hosts, so all hosts much registered using dhcp-host option.

dhcp-ignore=tag:!known

Guest domain

Another way to deal with unknown hosts is to setup guest network.

Following lines define a DHCP services for hosts without tag home

dhcp-range=tag:!home,192.168.1.128,192.168.1.143,255.255.255.0,4h
dhcp-option=tag:!home,option:router,192.168.1.254
dhcp-option=tag:!home,option:domain-name,guest.net
#dhcp-option=tag:!home,option:domain-search,guest.net

Another way is to define guest network range as below for those hosts with tag guest.

#domain=guest.net,192.168.1.0/24
#dhcp-range=tag:guest,192.168.1.128,192.168.1.143,255.255.255.0,4h
#dhcp-option=tag:guest,option:router,192.168.1.254

#dhcp-host=00:a0:98:5f:9e:81,set:guest

DHCP mapping consideration

The logic of DHCP tags is described below

  • Host request DHCP, then it has one tag, which is interface name, such as eth0

  • If it is mapped with one dhcp-host line, they will be tagged as known

  • Tags can be given by various ways

    • Set in dhcp-host line. For example, set guest in following line
    dhcp-host=00:a0:98:5f:9e:81,set:guest
    • Set by IP range
    dhcp-range=set:red,192.168.0.50,192.168.0.150
    • Set by host matching
    dhcp-vendorclass=set:red,Linux
dhcp-userclass=set:red,accounts
dhcp-mac=set:red,00:60:8C:*:*:*

  • Tags can be used by various ways

    • Used in IP range
    dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h

  • Tags can be used in not condition

    dhcp-option=tag:!home,option:router,192.168.1.254

DHCP options

DHCP options and their numbers, can be found in DHCP log, such as below.

dnsmasq-dhcp: 2177430021 available DHCP range: 192.168.1.96 -- 192.168.1.127
dnsmasq-dhcp: 2177430021 available DHCP range: 192.168.1.128 -- 192.168.1.143
dnsmasq-dhcp: 2177430021 vendor class: MSFT 5.0
dnsmasq-dhcp: 2177430021 client provides name: baidu-windows
dnsmasq-dhcp: 2177430021 DHCPREQUEST(eth0) 192.168.1.113 00:a0:98:1d:b0:fc 
dnsmasq-dhcp: 2177430021 tags: home, known, eth0
dnsmasq-dhcp: 2177430021 DHCPACK(eth0) 192.168.1.113 00:a0:98:1d:b0:fc baidu-windows
dnsmasq-dhcp: 2177430021 requested options: 1:netmask, 3:router, 6:dns-server, 15:domain-name, 
dnsmasq-dhcp: 2177430021 requested options: 31:router-discovery, 33:static-route, 43:vendor-encap, 
dnsmasq-dhcp: 2177430021 requested options: 44:netbios-ns, 46:netbios-nodetype, 47:netbios-scope, 
dnsmasq-dhcp: 2177430021 requested options: 119:domain-search, 121:classless-static-route, 
dnsmasq-dhcp: 2177430021 requested options: 249, 252
dnsmasq-dhcp: 2177430021 bootfile name: undionly.kpxe
dnsmasq-dhcp: 2177430021 server name: dnsmasq
dnsmasq-dhcp: 2177430021 next server: 192.168.1.250
dnsmasq-dhcp: 2177430021 broadcast response
dnsmasq-dhcp: 2177430021 sent size:  1 option: 53 message-type  5
dnsmasq-dhcp: 2177430021 sent size:  4 option: 54 server-identifier  192.168.1.250
dnsmasq-dhcp: 2177430021 sent size:  4 option: 51 lease-time  12h
dnsmasq-dhcp: 2177430021 sent size:  4 option: 58 T1  6h
dnsmasq-dhcp: 2177430021 sent size:  4 option: 59 T2  10h30m
dnsmasq-dhcp: 2177430021 sent size:  4 option:  1 netmask  255.255.255.0
dnsmasq-dhcp: 2177430021 sent size:  4 option: 28 broadcast  192.168.1.255
dnsmasq-dhcp: 2177430021 sent size:  6 option: 15 domain-name  bx.net
dnsmasq-dhcp: 2177430021 sent size: 23 option: 81 FQDN  03:ff:ff:62:61:69:64:75:2d:77:69:6e:64:6f...
dnsmasq-dhcp: 2177430021 sent size:  4 option:  6 dns-server  192.168.1.250
dnsmasq-dhcp: 2177430021 sent size:  4 option:  3 router  192.168.1.254
dnsmasq-dhcp: 2177430021 sent size:  4 option: 44 netbios-ns  192.168.1.250

Configure DNS

Set up link DNS server

# DNS Server
server=165.21.83.88
#server=165.21.100.88
server=8.8.8.8

DNS mapping

DNS entries are defined as the format of /etc/host file

192.168.1.1     host1 host-alias

Sample configuration steps

Add a static IP entry for a known mac address

In ethers file, add following entry for DHCP

44:55:66:77:88:99,192.168.1.222,set:home

In banner_add_hosts file add following entry for DNS

192.168.1.222    cat

Overlay Filesystem Basic

Posted on by Bian Xi Leave a Comment on Overlay Filesystem Basic

Overlay Filesystem Basic

Overlay filesystem merges lower and upper directories into merged directory.

Mount writable

mount -t overlay overlay -o lowerdir=/lower1:/lower2:/lower3,upperdir=/upper,workdir=/work /merged

The above example will have the order:

/upper
/lower1
/lower2
/lower3

  • The lower directory can be read-only or could be an overlay itself.
  • The upper directory is normally writable.
  • The work directory is used to prepare files as they are switched between the layers, it needs to be an empty directory on the same filesystem mount as the upper directory.
  • All changes in the merged directory are still reflected in upper.
  • New files created in lower and upper will be shown in merged.
  • All files before opened directory, the content is still mapped according to layer.
  • All files after opened in merged directory, the content will not be reflected in merged directory.

Mount read-only

To mount as read only, no upper and work directory are required.

mount -t overlay overlay -o lowerdir=/lower1:/lower2 /merged

Whiteout files

Whiteout is to simulate a file removed from upper layer directory. It is created as a character device with 0/0 device number.

Opaque directories

Opaque is to simulate a directory removed from upper layer directory. It is made by setting the xattr “trusted.overlay.opaque” to “y”.

References

Overlay filesystem
Overlay Filesystem
Explaining OverlayFS – What it Does and How it Works

Placing fingers for FPS gaming

Posted on by Bian Xi Leave a Comment on Placing fingers for FPS gaming

Placing fingers for FPS gaming

Frames per second (FPS) gaming requires muscle memory, fast response is not only needs for screen, but also for player, there is no time to move eyes from screen to hands at all.

Keyboard

Place fingers correctly while gaming can take advantage, such as fast response, less mistake, less stress, etc. Following placement just a guide for some games, such as genshin impact, etc.

  • Middle finger on W and alternate it between S
  • Index finger on D
  • Ring finger on A
  • Pinky finger on shift alternating to Ctrl when needing to crouch
  • Thumb finger over space alternating to C/X/Z for the commands

If you put keyboard flat, you may able to use the palm near to your pinky finger to hit control. In this case, you need to use Middle/Index/Ring to hit C/X/Z, anyway, thumb is not easy to reach them as well.

Controller

Most of buttons and sticks are very obvious, except bumpers and triggers.

  • Index finger on bumper
  • Middle finger on trigger

Xbox Series X|S Wireless Controller

Posted on by Bian Xi Leave a Comment on Xbox Series X|S Wireless Controller

Xbox Series X|S Wireless Controller

The Xbox Series X|S wireless controller works with Xbox One, Windows 10, and cloud gaming devices.

Layout

N Name N Name
1 Left stick 10 Expansion port
2 Left bumper 11 Right stick
3 View button 12 Left trigger
4 Xbox button 13 USB-C power port
5 Share button X X button
6 Menu button Y Y button
7 Right bumper A A button
8 Directional pad (D-pad) B B button
9 3.5-mm port

References

Get to know your Xbox Series X|S Wireless Controller

Btrfs Basic

Posted on by Bian Xi Leave a Comment on Btrfs Basic

Btrfs Basic

Status

btrfs device states /app
btrfs fi show /app

Convert raid

Convert to raid0 and remove one disk

btrfs balance start -f -sconvert=single -mconvert=single -dconvert=single /app
btrfs device remove /dev/bcache0 /app

Add disk and convert to raid1

btrfs device add -f /dev/bcache0 /app
btrfs balance start -dconvert=raid1 -mconvert=raid1 /app

Check raid level

# btrfs fi df /app
Data, RAID1: total=2.69GiB, used=2.51GiB
System, RAID1: total=32.00MiB, used=16.00KiB
Metadata, RAID1: total=317.94MiB, used=239.55MiB
GlobalReserve, single: total=12.03MiB, used=0.00B
#

If contains multiple block group profiles, could happen when a profile conversion using balance filters was interrupted.

Data, RAID1: total=2.03GiB, used=1.86GiB
Data, single: total=704.00MiB, used=665.56MiB
System, RAID1: total=32.00MiB, used=16.00KiB
Metadata, RAID1: total=288.00MiB, used=239.56MiB
GlobalReserve, single: total=11.94MiB, used=0.00B
WARNING: Multiple block group profiles detected, see 'man btrfs(5)'.
WARNING:   Data: single, raid1

Perform rebalance again

# btrfs balance start -dconvert=raid1 -mconvert=raid1 /app
Done, had to relocate 12 out of 12 chunks

Scrub

btrfs scrub start /app
btrfs scrub status /app

Error

To correct error, first find out corrupted file, then restore from backup or delete the file

dmesg -T | grep BTRFS | grep 'check error' | grep path

Then reset error count to zero

btrfs device states -z /app

Then scrub again.

References

BTRFS-MAN(5)

Snap Basic

Posted on by Bian Xi Leave a Comment on Snap Basic

Snap Basic

To check the snap utility version, you need to use snap --version command as shown below.

Basic Commands

snap install <snap_name>
snap remove <snap_name>
snap remove <snap_name> --purge       # No snapshot generated
snap list
snap list --all
snap info <snap_name>
snap find <snap_name>
snap revert <snap_name>
snap enable <snap_name>
snap disable <snap_name>
snap download <snap_name>

Snap updates

snap refresh <snap_name>
snap refresh --list

Snap Channels (releases)

They are stable, edge, beta and candidate.

# snap install --edge <snap_name>
# snap install --beta <snap_name>
# snap install --candidate <snap_name>

Snap Changes

snap changes

Snap Connections

snap connections <snap_name>

Snap Model/Version

snap model
snap --version

Snap Service

snap services lxd
snap restart lxd
snap stop lxd
snap start lxd
snap logs lxd

Snap Alias

snap alias <snap_name> <alias_name>
snap aliases
snap unalias <alias_name>

Snap Snapshot

snap save
snap check-snapshot <snapshot_num>
snap restore <snapshot_num>
snap forget <snapshot_num>        # Delete a snapshot
snap saved
snap saved --id=<snapshot_num>        # View a snapshot

Snap login

snap login
snap logout

Snap Config

snap set system refresh.retain=2
snap get system refresh.retain
snap unset system refresh.retain

References

36 Popular Snap command examples in Linux for Beginners

VIM Basic

Posted on by Bian Xi Leave a Comment on VIM Basic

VIM Basic

This is not a full guide, but those new functions to me.

Movement

Scrolling

^E - down (End)
^Y - up (Hard to remember and use)

Jumping

H - High (Top)
M - Middle
L - Low (Bottom)

Object

w - words
s - sentences
p - paragraphs
t - tags (in XML/HTML file)

Selection

a -- all (whole + border)
i - in (whole)
t - 'til (find but no border)
f - find
F - find backword

Command

d y v
c i a o

Basic Example

diw
caw
yi)
va"

Macro

Register

q{key}
...
q

Play

@{key}

Register

View

:reg

Paste with number 

"<n>p

Plugins

vundle - plugin manager
nerdtree - file drawer
ctrlp - fuzzy file finder
fugitive - git tool
syntastic - systax checker / linter

References

nicknisi / vim-workshop

Firewalld conflict between Docker and KVM

Posted on by Bian Xi Leave a Comment on Firewalld conflict between Docker and KVM

Firewalld conflict between Docker and KVM

After install docker, KVM bridge network can not access anything on network.

Identify

To identify the issue came from firewall and created by docker, the following facts had been collected.

  • After rebooted server, VM can access network, and restart firewalld without issue
  • After start docker service, VM can not access network any more
  • Then VM can access network after stop firewalld, but docker can not start container, because iptables is not accessible

Issue

No matter how to change iptables rules, and accept all traffics from everywhere, but VM was still isolated.

Commands used

Following commands were used for troubleshooting

Firewalld

In fact, there is no chain, rule, or passthroughs in firewall-cmd output. But after stop firewalld, the iptables rules became empty.

systemctl restart firewalld
firewall-cmd --list-all
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -i bridge0 -j ACCEPT
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -o bridge0 -j ACCEPT
firewall-cmd --reload

firewall-cmd --permanent --direct --get-all-chains
firewall-cmd --permanent --direct --get-all-rules
firewall-cmd --permanent --direct --get-all-passthroughs
firewall-cmd --permanent --direct --remove-passthrough ipv4 -I FORWARD -o bridge0 -j ACCEPT

firewall-cmd --get-default-zone
firewall-cmd --get-active-zone
firewall-cmd --get-zones
firewall-cmd --get-services
firewall-cmd --list-all-zones

iptables

iptables -L -v
iptables -L -v FORWARD
iptables -I FORWARD -i br0 -o br0 -j ACCEPT
iptables -I FORWARD -j ACCEPT
iptables -I FORWARD 1 -j ACCEPT
iptables -d FORWARD 1
iptables-save
iptables-restore

others

Following commands are used to collect info and compare the differences between before and after.

brctl-show
ip a
netstat -rn

Potential issues

Following possiblities caused this issue or wrong troubleshooting

  • The iptables might not be used in the system, but the counters are refreshing.
  • Some rules in intables might not appearred in the iptables list

Debugging

For firewald, FIREWALLD_ARGS=--debug needs to be added into /etc/sysconfig/firewalld.

For iptables, -j LOG --log-prefix "rule description" needs to be added into iptables rules which require debugging.

Suggestions from others

Add ACCEPT rules

Run following commands to add ACCEPT rules

#!/bin/sh

# If I put bridge0 in trusted zone then firewalld allows anything from 
# bridge0 on both INPUT and FORWARD chains !
# So, I've put bridge0 back into the default public zone, and this script 
# adds rules to allow anything to and from bridge0 to be FORWARDed but not INPUT.

BRIDGE=bridge0
iptables -I FORWARD -i $BRIDGE -j ACCEPT
iptables -I FORWARD -o $BRIDGE -j ACCEPT

Conclusion

After many testings, found that docker is directly adding rules into iptables, not go thru firewalld. This can be noticed using following steps.

  1. Stop both firewalld and docker, iptables has no rules
  2. Start docker, iptables has only docker's rules
  3. Start filewalld, in short period time, LIBVIRT rules appear, after seconds, replaced by docker rules

Another testing

  1. Stop both firewalld and docker again
  2. Start firewalld, only the LIBVIRT rules appear
  3. Start docker, both docker and LIBVIRT rules appear

One issue was facing during reboot, if both docker and firewalld are enabled, the server might hung during reboot, maybe this is because root filesystem is on iSCSI disk, but can not confirm.

Above behaivor shows iptables is not supporting firewalld, which directly inserts rules into iptables periodically, which corrupts firewalld rules.

Solution

Run script

This solution disables firewalld and enable docker

systemctl disable firewalld
systemctl enable docker

Then run following command to add iptables rules to enable traffics

iptables -I FORWARD -i br0 -j ACCEPT
iptables -I FORWARD -o br0 -j ACCEPT

This script can be put in /etc/rc.local, which will be executed when during boot up.

Install iptables services

This solution also disables firewalld and enable docker as previous solution, then add two FORWARD rules into default iptables rules /etc/sysconfig/iptablesas below.

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-A FORWARD -o br0 -j ACCEPT
-A FORWARD -i br0 -j ACCEPT
:OUTPUT ACCEPT [0:0]
#-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#-A INPUT -p icmp -j ACCEPT
#-A INPUT -i lo -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Then both LIBVIRT and docker will add their rules later after system started.

Modify firewalld rules

For this solution, failed last time, I will try it again later.

firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -i bridge0 -j ACCEPT
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -o bridge0 -j ACCEPT

Feature

If possible, define firewalld rules which cover both LIBVIRT and docker.

References

Configure FirewallD to allow bridged virtual machine network access
Debug firewalld
How to configure iptables on CentOS

Less related topic
Do I need to restore iptable rules everytime on boot?
need iptables rule to accept all incoming traffic

Enable zRAM as swap in Linux

Posted on by Bian Xi Leave a Comment on Enable zRAM as swap in Linux

Enable zRAM as swap in Linux

The problem with swap on SD boot OS, such as Raspberry Pi 4, is slow and increase SD write counts, in fact, SD card is slower than hard disk and expensive. For Raspberry Pi 4, it has 8 GB ram, enough for normal operation, but if don't turn on swap, there is no visibility of current memory usage whether causing memory swapping.

Traditional swap space

Fixed swap partition is rquired if use traditional swap space. Some facts as below

  • Fixed swap partition is rquired
  • Hard to resize or move
  • Waste storage space if it is not using most of time

Loopback device as swap

To have dynamic swap device, create a regular file and make it as loopback block device for swap, is a solution to have no fixed partition. The steps as below.

  • Create a file with fixed size using dd or some other commands
  • Create loopback device on newly created file
  • Init swap on loopback device using mkswap command
  • Change /etc/fstab to point to the new device

Issue as below

  • The loopback device needs to be initialized everytime after reboot

File as swap

In fact, swap can be directly created on file as below.

  • Create a file with fixed size using dd or some other commands
  • Init swap on file using mkswap command
  • Change /etc/fstab to point to the that file

Issue as below

  • Still wasting space if swap is not using
  • Hard to adjust size
  • Manual tasks involved

dphys-swapfile

The dphys-swapfile package can be installed to automate the tasks described above. It is not an entry in /etc/fstab, but a service.

  • Install dphys-swapfile package
  • Adjust config in /etc/dphys-swapfile
  • Enable dphys-swapfile service
  • Can run dphys-swapfile <swapon|swapoff> command

Issue as below

  • Still wasting space if swap is not using

zRAM

The zRAM module is installed by default, service is using systemd.

  • Check zram module available
modprobe zram
lsmod | grep zram
  • Add module and set module options
echo zram > /etc/modules-load.d/zram.conf
echo "options zram num_devices=1" > /etc/modprobe.d/zram.conf
  • Create zram0 device when booting by adding following line in /etc/udev/rules.d/99-zram.rules
KERNEL=="zram0", ATTR{disksize}="512M",TAG+="systemd"
  • Create systemd service file /etc/systemd/system/zram.service
[Unit]
Description=Swap with zram
After=multi-user.target

[Service]
Type=oneshot 
RemainAfterExit=true
ExecStartPre=/sbin/mkswap /dev/zram0
ExecStart=/sbin/swapon /dev/zram0
ExecStop=/sbin/swapoff /dev/zram0

[Install]
WantedBy=multi-user.target
  • Enable service, then reboot
sudo systemctl enable zram
  • Check swaps
cat /proc/swaps
swapon -s

Issue with zram

  • When memory not enough, then use swap space, but swap uses ram
  • It is the same solution as compress ram

References

How to enable the zRAM module for faster swapping on Linux