Year: 2022

Security

Disabling uncategorized internal Suricata rules in pfSense

I want to enable only particular rules categories. Do not want to have all these internal Suricate rules as they cover too broad variaty of cases including loads of false-positive. If one would like to go for deep traffic analysis then they would be fine, but in case you see “STUN Binding Request On Non-Standard High Port” and know that is your P2P camera in the LAN then it’s worth disabling all of that things at once. To disable them it is a little bit tricky on pfSense installation. Go to Interfaces and selected desired one. Be sure to uncheck

Technology

Multiple ZFS pools on single drive

Image a hypothetical scenario having two 512 GB drives and want to use a Proxmox ZFS VM replication onto a second server with one 1 TB drive. Solution is quite simple. By using fdisk, create two primary partitions on the bigger drive and then go to Disks.ZFS.CreateZFS and you will be able to select a partition for the particular pool. One downside of such a setup is that ZFS liks to have whole drive for it’s own, please keep in mind that the performance may vary.

Technology

disk/partition ‘/dev/sdX’ has a holder (500)

Having LVM on the disk causes system to automatically active such volumes. I installed used drive with Ubuntu on it to my Proxmox server. Using Proxmox’s UI you will not be able to wipe this drive, because volume group has been already auto-activated. You need to log into shell and then: After this, you are ready to wipe drive from the UI.

Technology

Package is in a very bad inconsistent state

Aborting Ubuntu packages update via Ansible gave me some weird state of libatk-wrapper-java-jni package. My playbook installs default-jre and it was painfully slow so I thought that there is some lockup, but there was not. My VM performed poorly at that moment, probably due to the fact that it came from a HDD with badblocks which got migrated to another one. It just works, but I’m not 100% sure if it is healhty. So… in case you have some broken package installation try: And now you are good to go with autoclean, update and possibly upgrade to check whether really

Technology

UnsupportedClassVersionError

Changing Java language level to run compiled code on older runtimes I’m working on some Java project. I use IntelliJ IDEA and deciced to go with Oracle’s OpenJDK-18. But… this runtime is available by default only during compilation in the IDE. In the system I have OpenJDK-11. Trying to run code compiled by JDK-18 on JDK-11 gives me the following message: To overcome this go to module settings (or Project Structure) and change Language Level to lower value. In case you compile with 18 then it will have version 18 set. Switch to version 11 (local variables syntax for lambda

Technology

min.io server behind NGINX reverse-proxy

The most recent min.io server release requires one additional thing in the configuration comparing to versions in the past years. Having min.io on one box and NGINX on another one requires setting up a reverse proxy, which is straightforward operation. You need to remember to add proper headers to pass hostname and schema to min.io box. This whole thing is described in the documentation. But… you are required to put the following into a min.io configuration file: This should be put in bold letters beause without this one you could upload artifacts into buckets, but will not be able to

Technology

DEGRADED ZFS pool, hard disk failure

I own a preowned HP z800 workstation. As purchased it contained HDD inside – Western Digital WD5000AAKX-75U6AA0, SATA III, 500GB, 7200 RPM, 16MB of cache. Unfortunately it passes SMART and do not show wearout metric. However going into detailed information we get: Raw_Read_Error_Rate has positive value of 11, threshold is set to 51. Having 11 685 hours of runtime it should understandable that it might break and it did actually. There is only one Current_Pending_Sector which means that it waits to be remapped or rellocated. But, will it happen anytime soon? I’m unable to clone, migrate or replicate VM to

Technology

Docker Registry on Ubuntu 20.04

Docker Registry could be useful in various scenarios, but the most common would be containers orchestration software such as Kubernetes, OpenShift/OKD or Nomad. In example environment you could have Gitlab CI pipeline configured to build Docker image and push it to your registry and then let orchestration software to deploy it to a cluster. In order to install internal, private Docker Registry you need to install Docker package first. Then you need to grab certificate and start docker registry container: This way we start a registry container which will always be up and running. We bind it on port 443