Author: phomlish

Posted on

dovecot

TODO: cleanup dirs /etc/dovecot

systemctl status dovecot
systemctl restart dovecot

/etc/dovecot/private/fullchain.pem
/etc/dovecot/private/privkey.pem

openssl x509 -in /etc/letsencrypt/archive/imap.homlish.net -text

cp /etc/letsencrypt/live/imap.homlish.net/fullchain.pem /etc/dovecot/private/
cp /etc/letsencrypt/live/imap.homlish.net/privkey.pem /etc/dovecot/private/

Posted on

redis

redis-cli -h redis.homlish.net -p 6379 –user jukeboxLocal –pass ****

databases
1 jukebox prod
2 jukebox dev/local

Posted on

chroot

https://www.cyberciti.biz/faq/debian-ubuntu-restricting-ssh-user-session-to-a-directory-chrooted-jail/

Goal:
Allow users (fullstack, tom, jerry) to grab guestworkervisas data
Allow a user (guestworkervisas) to put guestworkervisas data
to/from /usr4/guestworkervisas/

To test:
sftp -P 2222 fullstack@a0
sftp -P 2222 guestworkervisas @a0
sftp -P 2222 tom@a0

To add a new user:

D=/home/jails
U=fullstack
U=tom
U=guestworkervisas

useradd $u
ls $D/home/$U/guestworkervisas
mkdir -p $D/home/$U/guestworkervisas
mount –bind /usr4/guestworkervisas $D/home/$U/guestworkervisas

# mount –bind /home/httpd/tom_web $D/home/tom/web
## update fstab file so that it can mount after server reboot ##
# echo “/home/httpd/tom_web/ $D/home/tom/web none bind”
# /source /destination none defaults,bind 0 0
echo “/usr4/guestworkervisas /home/jails/home/$U/guestworkervisas none bind” >> /etc/fstab

Warning: if you add or delete or made any changes to the user or password in /etc/passwd file, recopy /etc/{passwd,group} files again by running the following two commands:
D=/home/jails
cp -vf /etc/{passwd,group} $D/etc/

edit /etc/ssh/sshd_config
add
Match User tom,jerry,fullstack,guestworkervisas,NEWUSER
systemctl restart ssh.service

/etc/passwd
vmail:x:1013:1014::/home/vmail:/bin/sh
guestworkervisas:x:1014:1015::/usr4/guestworkervisas:/bin/sh
fullstack:x:1016:1015:David,,,:/home/fullstack:/bin/bash
tom:x:1017:1017:,,,:/home/tom:/bin/bash
jerry:x:1018:1018:,,,:/home/jerry:/bin/bash
fullstack:x:1019:1019:David,,,:/home/fullstack:/bin/bash
guestworkervisas:x:1020:1020::/usr4/guestworkervisas:/bin/sh

/etc/group
vmail:x:1014:
guestworkervisas:x:1015:
jail:x:1016:
tom:x:1017:
jerry:x:1018:
fullstack:x:1019:
guestworkervisas:x:1020:

sftp -P 2222 guestworkervisas@a0
sftp -P 2222 fullstack@a0

Continue reading “chroot”

Posted on

kubernetes pods dying

Why are my pods dying?

pods that die:
homlishWeb
jukebox
weather
pods that don't die:
hcr
prometheus & grafana
nginx

Internets seems to blame the logs. My logs seem to indicate a volume mount issue, possibly NFS?

Posted on

kubernetes upgrade

phomlish@a6:~/kubernetes/dashboard$ find /etc/kubernetes/pki/ -type f -name “*.crt” -print|egrep -v ‘ca.crt$’|xargs -L 1 -t -i bash -c ‘openssl x509 -noout -text -in {}|grep After’
xargs: warning: options –max-lines and –replace/-I/-i are mutually exclusive, ignoring previous –max-lines value
bash -c ‘openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver-etcd-client.crt|grep After’
Not After : Sep 6 11:43:38 2024 GMT
bash -c ‘openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver-kubelet-client.crt|grep After’
Not After : Sep 6 11:43:37 2024 GMT
bash -c ‘openssl x509 -noout -text -in /etc/kubernetes/pki/front-proxy-client.crt|grep After’
Not After : Sep 6 11:43:38 2024 GMT
bash -c ‘openssl x509 -noout -text -in /etc/kubernetes/pki/etcd/peer.crt|grep After’
Not After : Sep 6 11:43:38 2024 GMT
bash -c ‘openssl x509 -noout -text -in /etc/kubernetes/pki/etcd/server.crt|grep After’
Not After : Sep 6 11:43:38 2024 GMT
bash -c ‘openssl x509 -noout -text -in /etc/kubernetes/pki/etcd/healthcheck-client.crt|grep After’
Not After : Sep 6 11:43:38 2024 GMT
bash -c ‘openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt|grep After’
Not After : Sep 6 11:43:37 2024 GMT
phomlish@a6:~/kubernetes/dashboard$

as root:
cd /etc/kubernetes/
mv {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf} ~/
kubeadm init phase kubeconfig all
reboot

as phomlish:
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

 

phomlish@a6:~/kubernetes/dashboard$ ./genK8sToken.sh
error: failed to create token: Unauthorized

 

Posted on

ffmpeg to sound card

I never did figure this out. Maybe ffmpeg needs to be compiled w/ devices

ffmpeg –devices
linux:
[NULL @ 0x3171700] Unable to find a suitable output format for ‘–devices’
–devices: Invalid argument

mac:
[NULL @ 0x7ff53c810600] Unable to find a suitable output format for ‘–devices’
–devices: Invalid argument

Posted on

icecast2

IPASS=

using ffmpeg
to a7:
ffmpeg -re -ss 19 -i 13.mp3 -f mp3 icecast://source:$IPASS@jukebox.homlish.net:8000/jukebox.mp3

to kubernetes:
ffmpeg -re -ss 19 -i 13.m4a -acodec libmp3lame -ab 32k -ac 1 icecast://source:$IPASS@jplay.homlish.net:8000/live.mp3

to play in browser

using vlc
play to sound card:
/Applications/VLC.app/Contents/MacOS/VLC \
-Idummy –play-and-exit \
/private/nfs/a0/usr4/music/Grateful\ Dead/1990/RFK\ 7\ 12\ 90\ set\ 1/13\ cassidy.m4a

play to icecast2
/Applications/VLC.app/Contents/MacOS/VLC \
-Idummy –play-and-exit \
13.m4a \
:sout=#duplicate{dst=std{access=shout,mux=ogg,dst=source:$IPASS@jplay.homlish.net:8000/live}}

/usr/local/bin/vlc -vvv udp://@224.1.1.105:2105 –sout ‘#transcode{acodec=vorb,ab=128,channels=2}:duplicate{dst=std{access=shout,mux=ogg,dst=source:123456@172.31.0.14:8000/r29}}’

finding Mac sound device
w01:~ phomlish$ system_profiler -listDataTypes | grep -i Audio
SPAudioDataType
w01:~ phomlish$ system_profiler SPAudioDataType
Audio:

Devices:

Built-in Microphone:

Default Input Device: Yes
Input Channels: 2
Manufacturer: Apple Inc.
Current SampleRate: 44100
Transport: Built-in
Input Source: Internal Microphone

Built-in Output:

Default Output Device: Yes
Default System Output Device: Yes
Manufacturer: Apple Inc.
Output Channels: 2
Current SampleRate: 44100
Transport: Built-in
Output Source: Internal Speakers

system_profiler SPAudioDataType -xml
HUGE OUTPUT
TODO:
how can we get liquidsoap to play silence?