Author: MICHAL

Technology

OKD Docker private Registry on NFS mount

If you use OKD/OpenShift then most probably you also run internal and private Docker registry for your builds. Cluster uses this to lookup for containers images for further deployment. For basic, default installation your Docker Registry is located in a project called default. It also uses quasi permanent storage which lasts until next redeployment of registry container (pod). There is however a possiblity to mount a NFS volume in the registry deployment configuration so your images which have been pushed onto the registry will not go away in case you need to redeploy registry itself. This need might come if

Technology

Redeploying OKD 3.11 certificates

Since the beginning of 3.x line of OpenShift/OKD releases there are various issues with internal certificates. TLS communication inside the cluster is used in several places like router, registry, compute nodes, master nodes, etcd and so on. Unfortunately having hundreds of developers across the globe gives not exactly chaos but uncertainty and lack of confidence from the user perspective. CSR should be automatically approved and they are not: But in worst case scenario you also need to check validity of certificates. You can do this with ansible playbook. These can be obtained at https://github.com/openshift/openshift-ansible. You need to remember that should

Technology

Elasticsearch fix read only index

In case you have been low on disk space on your Elasticsearch instance, there is high probability that your indices are marked read only now. In order to fix this one, first either delete/archive indices or increase your disk space. After that restart Elasticsearch and Kibana and navigate to Management – Dev Tools and execute the following: This should bring indices back to be writable once again.

Technology

Reinstalling GRUB

In one of my previous posts I mentioned some troubles regarding reinstalling Ubuntu 22, loosing ability to select OS and to boot at all actually. I found that Ubuntu 20 recognizes properly my fresh Windows installation but Ubuntu 22 does not. So I stayed with version 20 however here was no OS selection, which translates to broken GRUB installation. After Ubuntu 20 installation finished it tried to put bootloader but failed to do this because of drives numbering. My first drive in Lenovo Thinkpad T420s is mSATA but computer and operating system thinks that this is my second drive. My

Technology

Expand CentOS LVM disk and filesystem

There are two ways of expanding your root filesystem space. It’s either by adding additional volumes or by resizing PV. Let’s try the latter. We have CentOS 7 wth XFS running on Proxmox. First expand drive size with admin UI. Next: At first after resizing drive you will see in lsblk that the drive should have additional space. At growpart you will see your partition expands. At pvresize there is no change. Change happens on lvextend, so you will see you LVM increases in space. To see filesystem change in df you need to run either xfs_growfs or resize2fs depending

Technology

Windows/Ubuntu dual boot issues

I have dual boot on my Lenovo Thinkpad T420s, Windows 10 and Ubuntu 22. Actually I had, because I tried to reinstall Ubuntu 22 and I’ve lost my dual boot and ability to boot at all. So I tried few things: reformat manually EFI and root partitions os-prober and update-grub setting root and prefix at grub rescue grub-install Windows installation troubleshooting Unfortunately it does not work. Something went terribly wrong. To bring back Windows first boot from installation media and go for command prompt: This way I was able to boot into Windows once again, but unable to do it

Security

KeeneticOS basic reconfiguration

In case you would like to have PPTP VPN server but no such is installed. But first things first. For such an obsolete hardware and software keep in mind that accessing it requires passing old host key algorithms and cipers. Then: If you have other VPN types enabled, better disable it as you will be using PPTP and not SSTP or OpenVPN/WireGuard. Now, for HTTP access, most of the time it will be configured for local network access only. We can change this: Changing HTTP UI port to something different than default will give us ability to run other service

Security

Cowrie Honeypot

Until recently I did not know that honeypots I encounter are based on Cowrie. But it does not change much to be honest. I already seen almost 100 of these while randomly exploring things on the internet. It was first thought that they are honeypots, by pure intuition. You enter a system and run ps to list processes and see broad range of things like: ejabberd (erlang) nginx worker process VBoxService mysqld But on the other hand you are unable to run top command or any other which normally are available on valid systems. Then comes to your mind that

Security

SSH access using Ruby to outdated servers

If for some unknown reasons you need to connect thru SSH to some outdated server using Ruby code, then you are in the right place. But first a little piece of theory behind it. There are 4 configurable things in OpenSSH concerning security configuration: KexAlgorithms: per-connection keys (key exchange) HostkeyAlgorithms: public key to identify server to clients Ciphers: connection encryption MACs: message authentication codes As time passes various algorithms become deprecated and are known to be vulnerable. However there are tons of servers on the internet and on private networks which still use these old things. On a regular SSH