Docker, SELinux, Consul, Registrator

Wednesday, 29. 04. 2015  –  Category: sw

Dear Google, On RHEL / CentOS SELinux can get in the way of setting up a progrium/consul / gliderlabs/registrator network: consul needs somewhere to store persistent state on the host, and SELinux won’t allow the container to write to arbitrary locations registrator needs access to /var/run/docker.sock to monitor container events The first is easy: add […]

ZFS performance on FreeBSD

Tuesday, 16. 09. 2014  –  Category: sw

For a combined application and database server with considerable per-database MySQL buffers and lots of synchronous IO on SATA drives: vfs.zfs.prefetch_disable="1" – disable prefetch, even on systems with decent amounts of RAM. With prefetch enabled the server freezes under moderate database activity. The associated arc_summary stats are mixed, with almost 100% miss for some reads. […]

Controlling Exim SMTP behaviour from Dovecot password data

Wednesday, 3. 09. 2014  –  Category: stash

Given this Dovecot PasswdFile with a homegrown smtp ExtraField: $ head -1 /data/example.org/etc/passwd foo@example.org:{MD5-CRYPT}$1$HASH-U-LIKE::::::updated=1409712878 smtp=no Then this Exim ACL snippet forbids the user from sending mail. Dovecot will allow them to login (allowing them receive the mail asking them to change their password) and so will ancillary systems that authenticate with the same data (eg: […]