Docker, SELinux, Consul, Registrator

Wednesday, 04. 29. 2015  –  Category: sw

Dear Google, On RHEL / CentOS SELinux can get in the way of setting up a progrium/consul / gliderlabs/registrator network: consul needs somewhere to store persistent state on the host, and SELinux won’t allow the container to write to arbitrary locations registrator needs access to /var/run/docker.sock to monitor container events The first is easy: add […]

ZFS performance on FreeBSD

Tuesday, 09. 16. 2014  –  Category: sw

For a combined application and database server with considerable per-database MySQL buffers and lots of synchronous IO on SATA drives: vfs.zfs.prefetch_disable="1" – disable prefetch, even on systems with decent amounts of RAM. With prefetch enabled the server freezes under moderate database activity. The associated arc_summary stats are mixed, with almost 100% miss for some reads. […]

Heartbleed OpenSSL vulnerability

Tuesday, 04. 8. 2014  –  Category: stash, sw

OpenSSL advisory CVE-2014-0160 Heartbleed Here’s a oneliner to check if a remote server might be vulnerable by checking if it advertises the Heartbeat TLS extention during connection negotiation. $ openssl version OpenSSL 1.0.1e-freebsd 11 Feb 2013 $ < /dev/null openssl s_client -connect example.com:443 -tlsextdebug 2>&1 | grep -i heartbeat TLS server extension "heartbeat" (id=15), len=1 […]

« Older Entries