What is netfilter's Connection Tracking system? The connection tracking system often referenced as nf_conntrack is part of the Netfilter framework. It allows the Linux kernel to keep track...

...of all logical network connections and sessions. In combination with iptables this feature is used to achieve a stateful firewall. Why to care about nf_conntrack? All connections are stored...

The terraform documentation states the...

...syntax as (grouping mode*. See: Grouping-Results). But this seems not the be the whole truth. Instead the...

...syntax behaves like Go's Ellipsis expression...

...is only available for for expressions. This can be especially useful when creating data structures in loops: users = { users = { "Bob.Bobster" = { name = { given_name = "Bob" family_name = "Bobster" } email = "bob.bobster@foobaringen.com"

on the bash (issued as postgres user) Start/Stop/Restart PostgreSQL pg_ctl -D $configdir start|stop|restart Start/Stop/Restart the corresponding PostgreSQL using the given configuration directory. The configuration directory should contain...

...the postgresql.conf file. The following example would start the PostgreSQL of our governor instances: pg_ctl -D /var/lib/postgresql/config start PostgreSQL fast shutdown pg_ctl -D $configdir stop -m fast

...you want to automatically delete old container images from your Elastic Container Registry, the solution is a quite simple ECR Lifecycle Rule that deletes images e.g. 7 days after they...

...is a floating tag always associated with the image currently deployed to production, the situation suddenly is not so simple any more. ECR does not provide a keep action in...

To get a good overview about load, cpu frequency, temperature sensors, etc. we found s-tui quite useful. It's included in Ubuntu's default repositories: $ sudo apt install...

$ s-tui While it's possible to run s-tui as root for even more information and optionally also make use of stress for benchmarking, those methods did...

...command on a server which continues to run after the SSH session is closed. Consider systemd-run as alternative. It will turn every command in a systemd service unit:

...openssl speed` as unit run-benchmark.service $ sudo systemd-run --unit=run-benchmark openssl speed # Query the current status $ systemctl status run-benchmark.service ● run-benchmark.service - /usr/bin/openssl speed Loaded: loaded (/run/systemd/transient/run-benchmark.service; transient) Transient: yes

When restoring a barman PITR backup you may encounter this error: Copying required WAL segments. EXCEPTION: {'ret': 2, 'err': '/bin/sh: 1: cannot open /var/lib/barman/foopostgres/wals/00000007.history: No such file\n', 'out': ''}

...present in the wals directory of your backup. The most likely reason is that someone deleted this file in the past. If you do not need this file for restoring...

Add apt source: apt update -y && apt install -y gpg sudo wget curl sudo install -dm...

.../etc/apt/keyrings wget -qO - https://mise.jdx.dev/gpg-key.pub | gpg --dearmor | sudo tee /etc/apt/keyrings/mise-archive-keyring.gpg 1> /dev/null echo "deb [signed-by=/etc/apt/keyrings/mise-archive-keyring.gpg arch=amd64] https://mise.jdx.dev/deb stable main" | sudo tee /etc/apt/sources.list.d/mise.list

If your railscomplete-deployment uses the net-ssh-gem please ensure you use version 5.2.0 or newer to ensure you can deploy via Capistrano. It's best to use...

To completely remove the old host key on the client run: # remove host entry ssh-keygen -f "$HOME/.ssh/known_hosts" -R appserver.makandra.de # remove IP entry ssh-keygen -f "$HOME/.ssh/known_hosts" -R $(getent...

A severe bug was found in ImageMagick by Bryan Gonzalez from Ocelot Team. It allows to embed the content of an arbitrary remote file when ImageMagick parses PNG files.

...on updated Packages for Ubuntu (https://ubuntu.com/security/CVE-2022-44268). Due to that we patched our systems as follows: Ubuntu 22.04: Get package source on a Ubuntu 22.04 system: apt-get source...

...a MacBook that uses an M1 or M2 Chip. Documentation on the Internet is sparse and not even the Geniuses at the Genius Bar are 100% sure. We found out...

...your MacBook, using more than one external display is only possible with workarounds. Docking stations Whenever you're considering using more than 1 external display, it makes sense to consider...

Are My Indexes Affected? If your database has been created on an operating system with glibc version < 2.28 and later upgraded to an operating system with glibc >= 2.28, you...

...affected. To find out which indexes in our database are affected, run the following slightly modified query from the PostgreSQL documentation: CREATE extension amcheck; SELECT bt_index_check(index => c.oid...

With Ubuntu 24.04 it's not longer possible to setup FDE with BTRFS The new installer won't offer you any options for manually created dm-crypt volumes

...btrfs subvolume snapshot . @ rmdir @/ext2_saved ls | grep -Ev "@|ext2_saved" | xargs rm -rf btrfs subvolume set-default @ Create additional subvolumes btrfs subvolume create @home cp -ax --reflink=always @/home/* @home...

...has a very different disk usage on it's nodes you can use these steps to rebalance the shards. Before we begin it's important to understand how Elasticsearch defines...

The balance of the cluster depends only on the number of shards on each node and the indices to which those shards belong. It considers neither the sizes of...

Intel CPUs receive updates, including security relevant upgrades, through 2 channels: Firmware/UEFI BIOS updates can also update the microcode in CPUs. This is the preferred and persistent way

How to install an microcode update? If one is available and deemed sufficiently stable from Debian's or Ubuntu's perspective, the intel-microcode package is updated and...

...good thing. It's possible to configure this requirement at the web- or proxy server level, where nginx or apache will just redirect every request on http to https. Some...

...if the URL they've been called with contains the http or the https scheme and issue their own redirect response (usually 301 or 302) to https. This card is...

How can I configure virtual IP's? There are two parameter to set up virtual ips in Keepalived: virtual_ipaddress Addresses defined here are included into the VRRP Packages and...

...specified interface instead of the one in `interface. Why are the floating getting dropped by systemd-networkd/netplan? Read Prevent systemd from dropping IP-Addresses configured from other processes.

If the project you're working on has, say, 39 repositories and counting in GitLab and you need all the repos checked out for some reason, here's how to...

...a personal access token for GitLab that has the API permissions. In your terminal, store this key in an env variable. For each group you want to check out:

...measurement metrics in Linux. These are the differences: Code Name Description vsz virtual memory size Total amount of memory a process may hypothetically access. Includes swapped memory, memory from external...

...libraries and allocated memory that’s not used. rss resident set size Total amount of non-swapped used physical memory. Includes memory from external shared libraries. pss proportional share size...

...to do a VACUUM FULL without holding an exclusive lock during processing. There is still a need of one exclusive lock at the beginning and the end of the repacking...

Install pg_repack, e.g. for Ubuntu install the package according to your PostgreSQL Server version. There is no need to restart the PostgreSQL Server. $ sudo apt-get install postgresql...

If you have a single node elasticsearch instance and indices with replicas enabled your cluster state will be yellow. If you have replica shards they should be moved to a...

...different node for high availability purposes. With a single node this can't be accomplished. So you either build a ES cluster or you disable the replicas. Building a cluster...

...your lambda function via terraform, this code is usually zipped and uploaded to Amazon S3 by terraform. The ZIP file's hash is then stored to terraform's state. However...

...you're collaborating with colleages e.g. via git, each run of terraform will possibly see a different hash of the code's ZIP archive and try to replace the lambda...

...use puppet-lint to find dead code in your project: # You probably need to set some ENV Variables, see https://github.com/voxpupuli/puppet-ghostbuster#environment-variables export HIERA_YAML_PATH="/home/bob/code/puppet/hiera.yaml" export PUPPETDB_URL...

...agent manually. Example: # exec resource: exec { "update_rubygems_${user}_${version}": command => "${home}/.rbenv/shims/gem update --system ${version}", unless => "${home}/.rbenv/shims/gem -v | /bin/grep ${version}", } This does execute rbenv commands. If puppet runs...