i summon one kim

Here are some quick notes for how I got a Rocky Linux 9.3 VM up and running. (more…)

Using a virtual PTP hardware clock with the ptp_kvm driver and chrony is an easy solution for keeping time on guest machines synchronized to their host. Ideally the host is already keeping accurate time by tracking a set of NTP servers, but it is still probably a good idea to still add some network NTP peers on guests as well. (more…)

Predictable network interface names are all the rage in Linux distros these days. My systems are of various vintage so most have carried on with eth0 and eth1 through upgrades by having old udev rules kept around.

To get with the times a few steps are needed: (more…)

By default many Linux network interface card drivers set their SMP affinity mask to either all zeroes or all ones (“ff” — the length of the mask depends on the number of CPUs on the system). The former results in all queues and interfaces running on CPU ID 0, which can become a performance bottleneck due to insufficient computing power. The latter results in all queues and interfaces being scheduled on multiple CPUs, which can become a performance bottleneck due to increased CPU memory cache misses. (more…)

If you have already upgraded to jessie and have systemd as init, you can switch back with these commands:

apt-get install -y sysvinit-core
reboot
apt-get purge -y systemd

Running with sysvinit works better on my servers, as daemons have a chance of doing their own graceful shutdown before the network is brought down.

Before upgrading to jessie, create /etc/apt/preferences.d/use-sysvinit:

Package: systemd-sysv
Pin: release o=Debian
Pin-Priority: -1

See also: How to stay with sysvinit in Debian Jessie by Petter Reinholdtsen

I’m not sure what failed last night, but I’m guessing the cable Internet connection was down. Interestingly, unbound had stopped resolving even local zones configured with stub-zone and stub-addr directives. This was unexpected: stub-zones are supposed to work “without referring to the public Internet” per the unbound.conf manual page.

To mitigate the issue I wanted to have backup name servers in resolv.conf (ones using a different Internet connection) even on the resolving name server hosts themselves. With resolvconf that boiled down to creating /etc/default/resolvconf with the following setting in it:

TRUNCATE_NAMESERVER_LIST_AFTER_LOOPBACK_ADDRESS=no

This way name servers configured in /etc/network/interfaces (using dns-nameservers directives) are included in resolv.conf even when unbound has been started.

However, this is a poor workaround, as I don’t have multiple Internet connections at every site.

Debian 7.0 “wheezy” was officially released about a week ago. I’ve been running it on a couple of systems for a few months already because of the more recent software versions available on it. Today I upgraded one of the shell servers, a couple of days ahead of the originally posted schedule due to security updates to MySQL (DSA-2667). As usual for Debian, the upgrade process is well documented¹ and robust. However, here are some notes for upgrading the next instance. (more…)

I just patched a couple of ESXi hosts to 4.0.0 build 256968 and found that VMware Tools were no longer loading after upgrading them. After some digging everything is more or less back to normal. (more…)