Convert Proxmox Template to VM
In Proxmox web interface, there is no option to convert back template to VM. In order to do this, use Shell session, delete template: 1 line in the configuration file under /etc/pve/qemu-server/<vm_id>.conf file.
Commands for Signed SSH Certificates using Hashicorp Vault
Commands for Signed SSH Certificates using Hashicorp Vault
List down the commands required.
Client
Generate SSH Admin token (One time)
export VAULT_ADDR='https://vault.bx.net:8200'
export VAULT_TOKEN="<ROOT_TOKEN>"
vault token create -field token -policy=ssh-admin-policyRenew Admin token
export VAULT_TOKEN="<SSH_ADMIN_TOKEN>"
vault token renewGenerate signed certificate
export VAULT_TOKEN="<SSH_ADMIN_TOKEN>"
vault token lookup
vault write -field=signed_key ssh-client-signer/sign/my-role public_key=@$HOME/.ssh/id_rsa.pub > ~/.ssh/signed-cert.pubSSH using signed certificate
ssh -i ~/.ssh/signed-cert.pub -i ~/.ssh/id_rsa <host>Server
Save CA key
export VAULT_ADDR='https://vault.bx.net:8200'
export VAULT_TOKEN="<ROOT_TOKEN>"
vault read -field=public_key ssh-client-signer/config/ca > /etc/ssh/trusted-user-ca-keys.pemConfigure /etc/ssh/sshd_config
Add following lines in /etc/ssh/sshd_config
TrustedUserCAKeys /etc/ssh/trusted-user-ca-keys.pem
CASignatureAlgorithms ^ssh-rsaNote: Comment out last line if SSH got error
Troubleshooting
Server SSL cert
The SSL cert in vault server needs to be trusted by local client, otherwise, following server occurred.
Error writing data to ssh-client-signer/sign/my-role: Put "<role_name>": x509: certificate signed by unknown authorityReferences
Unable to list docker containers
Unable to list docker containers
Issue
When list docker containers using docker ps -a command, there is nothing in the list, but using systemctl status docker can see running processes. And the docker container services are running in the servers.
Fix
The issue was fixed by removing docker and lxc from snap.
References
Install Kubernetes Dashboard
Install Kubernetes Dashboard
Installation
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yamlReferences
Install nginx-ingress-controller for kubernetes
Install nginx-ingress-controller for kubernetes
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespaceReferences
Helm Basic
Helm Basic
Installation
Script
Pros
- The script will be in
/usr/local/bin, same location askubectl, can be run by normal user
Cons
- No auto update
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.shPackage Manager
Pros
- The script will be in
/usr/sbin, it is difficult to be run by normal user if path is not defined $PATH.
Cons
- With auto update using
apt
curl https://baltocdn.com/helm/signing.asc | sudo apt-key add -
sudo apt-get install apt-transport-https --yes
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update
sudo apt-get install helmSnap
Pros
- No change on system configuration, such as package repo, etc.
- Easy to remove as well
sudo snap install helm --classicReferences
Kubernetes Service External IPs
Kubernetes Service External IPs
After external service created in Kubernetes, the external IPs are not assigned unless the underlying infrastructure supports the automatic creation of Load Balancers and have the respective support in Kubernetes, as is the case with the Google Cloud Platform and AWS.
In such case, all internal IPs are able to be accessed using service port. This is the same as Docker Swarm.
Minikube
Run following command to assign an external IP
minikube service <service_name>Another one is to run minikube tunnel to assign the IP.
kubeadm
Manually assign IP using following configuration file
spec:
type: LoadBalancer
externalIPs:
- 192.168.0.10MetalLB
MetalLB hooks into your Kubernetes cluster, and provides a network load-balancer implementation.
References
Kubernetes service external ip pending
Using minikube tunnel
Ingress class
Load Balancer Service type for Kubernetes
Service Mesh - Kubernetes LoadBalancer Service External IP pending
MetalLB
Service Mesh - Build Kubernetes & Istio environment with kubeadm and MetalLB
Windows 7 File Recovery for Windows 10/11
Windows 7 File Recovery for Windows 10/11
class invalid
The error is shown as below
The validation information class requested was invalid. (0x80070544).To fix this issue, prefix the username with target system name. For example
truenas\backup_userLocation cannot be used
The error is shown as below
0x80070544: The specified network location cannot be used.This is because no write access to the target folder.
References
Error code 0x80070544 when attempting to back up Windows 8 onto NAS over Samba
Correct VIM auto indent issue for YAML files
Correct VIM auto indent issue for YAML files
Add following lines in ~/.vimrc
filetype plugin indent on
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtabReferences
Proxmox VM with AVX support
Proxmox VM with AVX support
To install MongoDB in Proxmox VM, the CPU needs to have AVX support. Otherwise, following error appears
WARNING: MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that!Solution
Change CPU type to host, which by pass the CPU simulation.
For container cluster, such as docker swarm, kubernetes, MongoDB might need to be run on specific worker node which have CPU type equals to host.
Impact
Once the CPU set to be host, the live migration may not work, because the hosts have different CPU type. But host will give maximum performance.
References
AVX2
KVM: Which CPU for VM ('host' vs 'kvm64') to use for web load?