Showing posts with label linux. Show all posts
Showing posts with label linux. Show all posts

2019-07-24

Expose LXC/LXD Container Ports to Public

LXC/LXD is lightweight OS-level virtualization on Linux, much like OpenVZ. It was used by early version of Docker. The benefit of using LXC/LXD is when you need a virtualization but also need fast startup and near-baremetal performance (especially compared to full-virtualization like KVM or VirtualBox). The difference between Docker and LXC is which level they are targeting, Docker is more for application deployment, where LXC is machine level. LXD adds REST API for LXC. Other main difference between LXC and Docker is that Docker has a copy-on-write file system built-in. To start using LXD, just install and run:

sudo apt install lxc lxd libvirt-bin zfsutils-linux
sudo lxd init

# there would be questions to be answered like these:
Would you like to use LXD clustering? (yes/no) [default=no]: 
Do you want to configure a new storage pool? (yes/no) [default=yes]: 
Name of the new storage pool [default=default]: 
Name of the storage backend to use (dir, lvm, zfs) [default=zfs]: 
Create a new ZFS pool? (yes/no) [default=yes]: 
Would you like to use an existing block device? (yes/no) [default=no]: 
Size in GB of the new loop device (1GB minimum) [default=100GB]:    
Would you like to connect to a MAAS server? (yes/no) [default=no]: 
Would you like to create a new local network bridge? (yes/no) [default=yes]: 
What should the new bridge be called? [default=lxdbr0]: 
What IPv4 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 
What IPv6 address should be used? (CIDR subnet notation, “auto” or “none”) [default=auto]: 
Would you like LXD to be available over the network? (yes/no) [default=no]: yes
Address to bind LXD to (not including port) [default=all]: 127.0.0.1
Port to bind LXD to [default=8443]: 
Trust password for new clients: 
Again: 
Would you like stale cached images to be updated automatically? (yes/no) [default=yes] 
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:

# cache one and run one container, but this will only shown on lxc-ls
sudo lxc-create -t download -n container1 -- --dist ubuntu --release bionic --arch amd64
sudo lxc-start --name container1 --daemon
sudo lxc-info --name container1
sudo lxc-stop --name container1
sudo lxc-destroy --name container1

# or run one container
lxc launch ubuntu:18.04 container1


# run command inside, enable ssh with password, change the root password
lxc exec container1 bash
echo '
PermitRootLogin yes
PasswordAuthentication yes
' > /etc/ssh/sshd_config
systemctl restart ssh
passwd

Then you'll need to expose (or port forward) from outside to your container:

# get ip from your container
lxc list
+------------+---------+-----------------------+------------+-----------+
|    NAME    |  STATE  |         IPV4          |    TYPE    | SNAPSHOTS |
+------------+---------+-----------------------+------------+-----------+
| container1 | RUNNING | 10.123.126.200 (eth0) | PERSISTENT | 0         |
+------------+---------+-----------------------+------------+-----------+

# forward real port 2200 to container's port 22 and vice versa
iptables -A FORWARD -i eth0 -j DROP
iptables -A FORWARD -i lxdbr0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i eth0 -d 10.123.126.200 -p tcp --dport 2200 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 2200 -j DNAT --to 10.123.126.200:22

You can test whether the port forwarding and ssh works using these command from another computer:

ssh -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no root:@thePublicIpAddress -p 2200

If you need to expose more ports, for example container's 80 to real's 8080 for example, you can add the rules like this:

iptables -A FORWARD -i eth0 -d 10.123.126.200 -p tcp --dport 8080 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to 10.123.126.200:80

But for this case, I think it's better to use a reverse proxy instead.

Here's the performance difference between baremetal machine and LXC?

CPU model:  Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz 
Number of cores: 8
CPU frequency:  2199.996 MHz
Total amount of RAM: 30151 MB
Total amount of swap:  MB
System uptime:   147 days, 20:48,    
I/O speed:  132 MB/s
Bzip 25MB: 8.01s
Download 100MB file: 69.2MB/s


I/O speed(1st run)   : 127 MB/s
I/O speed(2nd run)   : 107 MB/s
I/O speed(3rd run)   : 107 MB/s
Average I/O speed    : 113.7 MB/s

LXC (because the write not yet committed?):

CPU model:  Intel(R) Xeon(R) CPU E5-2630 v4 @ 2.20GHz 
Number of cores: 8
CPU frequency:  2199.996 MHz
Total amount of RAM: 30151 MB
Total amount of swap:  MB
System uptime:   20 min,    
I/O speed:  451 MB/s
Bzip 25MB: 9.40s
Download 100MB file: 63.7MB/s


I/O speed(1st run)   : 925 MB/s
I/O speed(2nd run)   : 1.2 GB/s
I/O speed(3rd run)   : 956 MB/s
Average I/O speed    : 1036.6 MB/s

2015-02-24

Command line to power off portable harddisk / usb drive on Linux

Sometimes we plug and mount a portable harddisk or USB on Linux server and want to unplug it using command line :3 script ninja! You can use udisks comand to do this, just find which drive are your portable disk attached as, for example using lsblkfdisk, or df command

$ lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0 931.5G  0 disk 
└─sda1   8:1    0 931.5G  0 part 
sdb      8:16   0 458.6G  0 disk 
├─sdb1   8:17   0     1G  0 part /boot
├─sdb2   8:18   0     2G  0 part [SWAP]
├─sdb3   8:19   0    64G  0 part /
└─sdb4   8:20   0 391.6G  0 part /home
sr0     11:0    1  1024M  0 rom  

$ fdisk -l 
Disk /dev/sdb: 458.6 GiB, 492387172352 bytes, 961693696 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xc5900613

Device     Boot     Start       End   Sectors   Size Id Type
/dev/sdb1  *           63   2104514   2104452     1G 83 Linux
/dev/sdb2         2104515   6313544   4209030     2G 82 Linux swap / Solaris
/dev/sdb3         6313545 140536619 134223075    64G 83 Linux
/dev/sdb4       140536620 961683029 821146410 391.6G 83 Linux

Disk /dev/sda: 931.5 GiB, 1000204885504 bytes, 1953525167 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 33553920 bytes
Disklabel type: dos
Disk identifier: 0x9a70439c

Device     Boot Start        End    Sectors   Size Id Type
/dev/sda1        2048 1953521663 1953519616 931.5G  7 HPFS/NTFS/exFAT

$ df | grep -v tmpfs
Filesystem     Type     1M-blocks  Used Available Use% Mounted on
/dev/sdb3      ext4         64381 33387     27701  55% /
/dev/sdb1      ext2          1012    40       921   5% /boot
/dev/sdb4      ext4        394531 59129    315339  16% /home

$ cat /proc/partitions 
major minor  #blocks  name
   8       16  480846848 sdb
   8       17    1052226 sdb1
   8       18    2104515 sdb2
   8       19   67111537 sdb3
   8       20  410573205 sdb4
  11        0    1048575 sr0
   8        0  976762583 sda
   8        1  976759808 sda1

Then just call udisks with --detach flag to safely remove the device, for example:

sudo udisks --detach /dev/sda

Or you can use this script, download/save then you can execute it, for example:

sudo sh suspend-usb-device.sh -v /dev/sda 

now your portable disk can be removed safely.

Note: if you're using kernel newer than 2.6.32, there would be an error line 180: echo: write error: Invalid argument, change that script on line 180 from suspend into auto. And of course if you have Nemo (or maybe Nautilus too, but not for Thunar) installed you can always right click and then safely remove the drive without command line.


2015-02-15

How to Setup Genius MousePen i608X in Linux

This tutorial is about how to make Genius MousePen i608X recognized especially in ArchLinux. First you must install xf86-input-wizardpen package, then plug your device and type lsusb, it would give an output something like this:

Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 002: ID 0458:501a KYE Systems Corp. (Mouse Systems)
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Then edit the udev rules, for example using gedit:

sudo gedit /etc/udev/rules.d/67-xorg-wizardpen.rules

add these lines if it doesn't exists:

# Genius MousePen i608X
ENV{ID_VENDOR_ID}=="0458",  ENV{ID_MODEL_ID}=="501a", ENV{x11_driver}="wizardpen"

Unplug and restart your computer, and plug the cable again, the pen now should work correctly. Got two problem with it, I could not calibrate (set the working corner) and the wireless mouse doesn't work (the light is responding when clicked or moved but the cursor always set on the top-left corner), I've tried:

sudo wizardpen-calibrate /dev/input/by-id/usb-Genius_MousePen_i608X-event-mouse
sudo wizardpen-calibrate /dev/input/by-id/usb-Genius_MousePen_i608X-event-if00

when asked to press stylus on ANY corner of my desired working area, nothing happened. Well, that's for now, I'll update when I found the solution.

There seems to be another driver that support this device: Digimend

2015-02-11

How to Install OrientDB Community Edition in Linux

OrientDB is full-featured NoSQL database, it is a RDBMS (just like PostgreSQL, MySQL, Oracle, MSSQL Server), a document-oriented database (just like MongoDB and Cassandra), key-value store (yes, just like Redis, Memcache, RiakCouchBase and many more) and also a graph database (just like Neo4j). To install the sofware, first you must make sure you have installed JDK and Ant. Then download, extract the archive, and compile using this command:

wget -c https://github.com/orientechnologies/orientdb/archive/2.0.2.tar.gz 
tar xvfz orientdb-2.0.2.tar.gz
cd orientdb-2.0.2
ant
cd ../releases/orientdb-community-2.0.2

To start the server, use this command:

cd bin/
./server.sh

At the first time you will be asked a new root password. To start the console, use this command:

./console.sh

Type help within the console for more information about the console commands. And lastly if you want to use the OrientDB Studio UI, just visit this URL: http://127.0.0.1:2480.

You can learn more about OrientDB here.