apt get life

Life around technology

You are here: Home / Archives for Technology / Linux

Setting up a Bond and Bridge in Netplan on Ubuntu 18.04

by 2 Comments

For some of my Ubuntu 18.04 servers, I need to run KVM virtual machines which require a bridge to the network so the machines get public LAN IP addresses and aren’t hidden behind NAT. With the server configuration for both my co-location and servers at work the network interfaces are all bonded for fail-over. This means I need a bond to have a bridge ontop of it for the virtual machines to get public IP addresses, while still allowing for failover of the network connection in the event of a network failure.

Research

There are some good examples of setting up netplan here: https://netplan.io/examples

They have a bridge example:

network:
  version: 2
  renderer: networkd
  bridges:
    br0:
      dhcp4: yes
      interfaces:
        - enp3s0

And a bond example:

network:
  version: 2
  renderer: networkd
  bonds:
    bond0:
      dhcp4: yes
      interfaces:
        - enp3s0
        - enp4s0
      parameters:
        mode: active-backup
        primary: enp3s0

But there’s not a clear indication of how to amalgamate the two.

A bond and a bridge

Here’s what I’ve ended up with in ‘/etc/netplan/50-cloud-init.yaml’:

network:
    bridges:
        br0:
            addresses:
            - 192.168.10.30
            dhcp4: false
            gateway4: 192.168.10.1
            nameservers:
                addresses:
                - 192.168.10.1
                - 192.168.10.2
                search: []
            interfaces:
                - bond0
    bonds:
        bond0:
            interfaces:
            - eno1
            - eno2
            parameters:
                mode: active-backup
    ethernets:
        eno1:
            addresses: []
            dhcp4: false
            dhcp6: false
        eno2:
            addresses: []
            dhcp4: false
            dhcp6: false

Note that I’ve obviously defined static IP addresses, but this isn’t a requirement. Just set ‘dhcp4: true’ and remove the ‘address’, ‘gateway’ and ‘nameserver’ sections if you’re using DHCP.

Once the file’s got that setup in it, it’s possible to run:
sudo netplan apply
and you should be able to run ‘networkctl list’ to check the bridge and bond are setup.

Fail2ban does not enable some rules

by Leave a Comment

While setting up a webserver, I noticed that fail2ban-client status did not list all of the rules that I’d configured in jail.d. Althought configuration files were added to the directory, the status wasn’t showing them listed, so it hadn’t activated the jails. Running service fail2ban restart didn’t add them either.

After spending some time researching, some people suggest changing the backend used in fail2ban from auto to polling in jail.conf. Since you shouldn’t edit jail.conf on a debian based system, I tried creating a new file nano /etc/fail2ban/jail.local and adding the line backend = polling. This actually prevented the fail2ban service from starting for me. The errors in systemctl status fail2ban.service didn’t show anything useful as to the cause of the error. In the end I reverted this change.

running fail2ban-client reload did present error messages detailing which rule couldn’t be activated:

ERROR No file(s) found for glob /var/log/apache2/*.log
ERROR Failed during configuration: Have not found any log file for apache-xmlrpc jail

This then meant I was able to investigate the jail.d config file with the rule indicated as causing the problem and correct the log file path. fail2ban-client status then shows the correct jails running.

mount disk image created with dd using ubuntu

by

If you’ve cloned a whole drive using dd and you need to access one of the partitions on it here are some steps to follow in order to gain access:

Find the partition start sectors using fdisk -b512 -l. Note that you’re explicitly setting the sector size to 512 bytes and you’ll need to change your command to match your own image file.

fdisk -b512 -l backup_sata.img

You should get output similar to this (note I’ve truncated it to only show the appropriate output):

Device         Boot     Start       End   Sectors   Size Id Type
backup_sata.img1 *         2048    206847    204800   100M  7 HPFS/NTFS/exFAT
backup_sata.img2         206848 237185023 236978176   113G  7 HPFS/NTFS/exFAT
backup_sata.img3      237185024 588070911 350885888 167.3G  f W95 Ext'd (LBA)
backup_sata.img4      588070912 625137663  37066752  17.7G 27 Hidden NTFS WinRE
backup_sata.img5      237187072 588070911 350883840 167.3G  7 HPFS/NTFS/exFAT

Normally sector are 512 bytes, so you can calculate the offset you need in the next command with:

start * 512 = offset

So if you want to mount backup_sata.img5 (partition 5 of the backup image) you’d run 237187072×512=121439780864:

mount -o ro,loop,offset=121439780864 backup_sata.img /backup_sata

Remember to have created /backup_sata or whatever directory you’re mounting to first!

Linux Mint Docker “Error loading docker apparmor profile”

by

I’ve recently been experimenting with Docker containers, but found there’s an error with installing it on Linux Mint:

2015/07/30 14:00:53 WARNING: Your kernel does not support cgroup swap limit.
Error loading docker apparmor profile: exec: "/sbin/apparmor_parser": stat /sbin/apparmor_parser: no such file or directory ()

It’s quite easy to solve, you just have to install app-armour:

sudo apt-get install apparmor

Then start the docker demon from the terminal to make sure it’s loading okay:

sudo docker -d

You should see something similar to the following:

2015/07/30 14:07:14 docker daemon: 1.0.1 990021a; execdriver: native; graphdriver: 
[67068605] +job serveapi(unix:///var/run/docker.sock)
[67068605] +job initserver()
[67068605.initserver()] Creating server
2015/07/30 14:07:14 Listening for HTTP on unix (/var/run/docker.sock)
[67068605] +job init_networkdriver()
[67068605] -job init_networkdriver() = OK (0)
2015/07/30 14:07:14 WARNING: Your kernel does not support cgroup swap limit.
2015/07/30 14:07:14 Local (127.0.0.1) DNS resolver found in resolv.conf and containers can't use it. Using default external servers : [8.8.8.8 8.8.4.4]
Loading containers: : done.
[67068605.initserver()] Creating pidfile
[67068605.initserver()] Setting up signal traps
[67068605] -job initserver() = OK (0)
[67068605] +job acceptconnections()
[67068605] -job acceptconnections() = OK (0)

 

Once it loads this far, you can use ctrl + c to exit and start the service. If you have any further errors you’ll need to investigate further. Then start the service using:

sudo service docker.io start

Setting up a Buildroot Environment on Ubuntu or Mint

by

I’ve got a project that requires really fast boot times, so I’ve been looking into buildroot, which is a tool for building embedded Linux systems. When I started playing with the tutotials I noticed that I was getting errors with the make menuconfig command:

make menuconfig

...

/development/rpi_buildroot/buildroot/output/build/buildroot-config/conf.o
 *** Unable to find the ncurses libraries or the
 *** required header files.
 *** 'make menuconfig' requires the ncurses libraries.
 *** 
 *** Install ncurses (ncurses-devel) and try again.
 ***

In order to use buildroot on Ubuntu or Linux Mint the following packages need to be installed:

sudo apt-get install build-essential ncurses-base ncurses-bin libncurses5-dev dialog

After which you should be able to run make menuconfig without errors.