Author: Nayar

Published on by Nayar

How much does Rs +2.40 per litre petrol actually cost? #Mauritius

Today, Gasoline is going to be sold at Rs 47.30 per litre incurring an increase of Rs 2.40 per litre. But how much will it cost me per month?

I drive on average 1100km per month commuting to work daily from Ebene to Curepipe and on weekends, family trips to the sea and malls. This makes around 78 litres of Gasoline per month.

When Gasonline was at Rs 44.90/litre, it would cost me Rs 3502/month (Rs 44.90 x 78). With the latest price increase, it becomes Rs 3689/month (Rs 47.30 x 78).

I’d be spending Rs 187 / month more at the fuel station as from now. We got Rs 360 as salarial compensation recently.

Will you buying an electric car “Made in Mauritius”? Please contact me if yes.

Published on by Nayar

Enabling UDP load-balancing with Nginx on Debian 9 (Stretch)

User Datagram Protocol (UDP) is commonly used for DNS resolution and video/voice streaming applications. The advantage of UDP over TCP is that it has less overhead (smaller packet size). You can therefore send more data on your network with less latency. However this comes at the expense of data reliability.

Lemme guide you to how setup an Nginx server (10.0.0.5) which forwards UDP packets from port 514 to a Graylog server (10.0.0.10) on port 514 itself. We will be sending logs from a VM on 10.0.0.2

On your nginx server:

# echo “deb http://nginx.org/packages/debian/ stretch nginx” > /etc/apt/sources.list.d/nginx.list
# apt-get update
# apt-get install nginx

You should now have nginx installed. Paste the following snippet in your `/etc/nginx/nginx.conf`

stream {
  upstream graylog_upstreams {
    server 10.0.0.10:514;
  }

  server {
    listen 514 udp;
    proxy_pass graylog_upstreams;
    proxy_responses 0;
    proxy_bind $remote_addr transparent;
  }
}

Check if Nginx is listening on UDP port 514

root@prod-r7-nginx:~# ss -ntplu

However if you sending data to this port from another machine, you’ll notice that no data is sent to the backend server. Despite `tcpdump` will see the data coming and being sent.

IP 10.0.0.2.38696 > 10.0.0.5.514: SYSLOG kernel.info, length: 120
IP 10.0.0.2.45605 > 10.0.0.10.514: SYSLOG kernel.info, length: 120

We need to tell the kernel to actually route IP addresses which doesn’t belong to him thus acting like a router. We do so by the following command

sed -i "s/#net.ipv4.ip_forward.*/net.ipv4.ip_forward=1/" /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv4/ip_forward

And that’s it 🙂

Do you like nginx’s UDP loadbalancing feature?

Published on by Nayar

Can Debian Stretch run on Ubuntu 16.04 LTS via LXC/LXD?

There is this never ending flame wars about whether Debian or Ubuntu is better. My personal servers have been historically on Ubuntu LTS due to the fact that they are known to have more updated packages that Debian. As I was planning to try MariaDB’s Galera cluster, I found that Debian Stretch has a more recent version of MariaDB than Ubuntu 16.04LTS.

No problem! I’ll run MariaDB inside a Debian container rather than an Ubuntu’s one. Here’s how to proceed:

# We download and create a container based on debian/stretch and we’ll call the VM mariadb-1

lxc launch images:debian/stretch mariadb-1

# We install an SSH server inside the VM to access it

lxc exec mariadb-1 — apt-get install ssh

# I put my public key inside the VM so that I can SSH into it.

# But before that, we need to create the .ssh directory

lxc exec mariadb-1 — sh -c ‘mkdir -p /root/.ssh/’

lxc exec mariadb-1 — sh -c ‘echo “ssh-rsa AAAAB3N…+j/ nayar@macbook.local” > /root/.ssh/authorized_keys’

# The keys should be readable only by the owner

lxc exec mariadb-1 — sh -c ‘chmod -R 600 /root/.ssh/’

And now your container should be accessible via SSH. You can use it like a VM. You may use the command below to find it’s IP

lxc list

| mariadb-1     | RUNNING | 10.195.197.123 (eth0)

Tips: If by doing so, the VM still asks you for password while trying to ssh on it, make sure you have properly pushed your ssh agent. On your laptop, try the following

ssh-add -k

ssh -A root@myserver.com “ssh root@10.195.197.123

Don’t repeat the same procedure for every container you need to create. Just copy from one:

lxc copy mariadb-1 mariadb-2

There you go. You have a new container under 5 seconds. Hope you liked this mini tutorial. Feel free to comment below.

Published on by Nayar

UNIX: Root denied permission to modify files

WordPress notified me that an update was due. There are different ways to allow WordPress to update itself from the admin panel. One would be to use your FTP credentials (which I don’t have) and the other would be to give WordPress permission to edit its files i.e. give `www-data`, the user who run the web server, permission to read/write in /var/www.

However by doing so, I’d get a permission denied error:

root@apache:/var/www# chown -R www-data: nayarweb.com
chown: changing ownership of 'nayarweb.com/poweredbynayarweb.png': Operation not permitted

When you’re actually root, it’s not common to be denied rights to do stuffs. The files were owned by `nobody`.

-rwxrwxrwx  1 nobody nogroup 8.1K Oct  9  2013 poweredbynayarweb.png

Reading some stackoverflow posts, someone suggested that the files might not be owned by the OS as it might be mounted from a remote location. It is the source server who actually decides what could be done with the files. One common case of the scenario is mounting your files via NFS. Then I realised that my apache VM is actually an LXD container on a KVM host.

I had to find to uid with which apache (`www-data`) was running inside the LXD container. In my case, it was 100033.  Running the following command on my LXD host machine fixed the problem

chown -R 100033 /var/lib/lxd/.../nayarweb.com/