Sysorchestra.com - For Sysadmins, DevOps and Developers

Sign in Subscribe

This iPi is the new Linux iMac

This iPi is the new Linux iMac

If you search for the "Buy now" button, I have to disappoint you. But please keep on reading. Let me present you my last finished home project - the iPi. It's a 24 inch Acer Display coupled with a RaspberryPi 3. Both bundled together into what I call the iPi

Reduce Thermal Throttling on your Apple M1 Macbook Air to increase persistent load performance

Reduce Thermal Throttling on your Apple M1 Macbook Air to increase persistent load performance

Last year when Apple presented their new Apple Silicon SoC - namely the M1 - I couldn't believe how much performance the M1 would have in real world scenarios. After checking the first reviews and thinking about my use case at home - doing the tax, rendering movies from time

Hetzner SX62 dedicated server with Software-RAID-5 and encrypted LVM on Debian 10

Hetzner SX62 dedicated server with Software-RAID-5 and encrypted LVM on Debian 10

A little over 2 years ago, we introduced a new Backup server for our PostgreSQL data. Check out my post on that here. Now 2 years later, the disks got too small for our growing size of our PostgreSQL data which urged us to move on to a larger server.

Delayed processing in RabbitMQ with Dead Letter Exchanges

In 2014 we were in the process of migrating from our Rails monolith to a service oriented architecture (or microservices). For Rails we had utilized DelayedJob in order to schedule code to be executed at a later time and to run asynchronously from the current request context. For our microservices

Linux Mint 20 Upgrade on Lenovo Thinkpad X1 Carbon 7th Sound and Fingerprints

Linux Mint 20 Upgrade on Lenovo Thinkpad X1 Carbon 7th Sound and Fingerprints

Linux Mint 20 has been released some days ago and now there is also the upgrade guide available for you who also have Mint 19.3 running. I don't want to cover the upgrade itself, as it is very good described in the Linux Mint forum article but rather tell

RabbitMQ Cluster Migration

RabbitMQ Cluster Migration

In 2014 we introduced RabbitMQ in our production system as a means of doing asynchronous/background processing in our system. We needed to replace a functionality that we were handling with DelayedJob in our monolith. For our growing service-based infrastructure, this was not the best fit though, as we wanted

Automate TOTP-secured SSH logins with 2sh and Bitwarden

Automate TOTP-secured SSH logins with 2sh and Bitwarden

As an additional way to protect SSH servers from potential attackers, I started to implement TOTP-based 2FA logins in the past. See this post about how I achieved this. I also use Bitwarden to store all my credentials and also TOTP tokens and since I was tired of always manually

Network Locations with multiple VLANs on Linux Mint

Network Locations with multiple VLANs on Linux Mint

If you've used the Network Locations feature on your Mac and are wondering how to set it up on Linux - you've come to the right place. Working as a systems administrator I did use the "Locations" functionality on my Mac. We use VLANs both in our office and data

Setup SublimeLinter with RVM and ZSH under Linux Mint 19.3 Cinnamon

Setup SublimeLinter with RVM and ZSH under Linux Mint 19.3 Cinnamon

In my previous posts I took you onto a journey from my old macOS environment to my new home - Linux Mint 19.3 Cinnamon. As with every journey, you have quests to solve. This time I wanted to get Sublime Text with Sublime Linter running again on my new

Setup Soundcard and Microphone on Lenovo Thinkpad X1 Carbon 7th Gen with Linux Mint 19.3

Setup Soundcard and Microphone on Lenovo Thinkpad X1 Carbon 7th Gen with Linux Mint 19.3

Recently I switched my work device from my very old MacBook Pro Mid-2012 Non-Retina to a brand new Lenovo Thinkpad X1 Carbon 7th Gen - or X1C7 for short - with Linux Mint 19.3 Tricia. From scratch, Linux Mint 19.3 comes with an Ubuntu 18.04 LTS Kernel

Enabling U2F Hardware token in Linux

Enabling U2F Hardware token in Linux

I recently switched from MacOS to Linux for my work computer and found out that using a hardware U2F USB token is not so easy as on MacOS. I'm using a Yubikey and several self-made Tomu-based U2F tokens and now i wanted to also use them on Linux. For this

Online capacity expansion of a Dell Hardware RAID 1 with larger disks and a LVM

Online capacity expansion of a Dell Hardware RAID 1 with larger disks and a LVM

This post is about a simple topic, but finding information about it was not so easy due to the specific circumstances it includes. Here i will show you how you can accomplish the task of upgrading a simple 2-disk Hardware RAID 1 on a Dell PowerEdge RAID Controller - or

Improve the battery life of your notebook running Linux OS

Improve the battery life of your notebook running Linux OS

Running Linux on your notebook and wondering about poor battery life? In this article I'll give you some hints how to increase the lifetime of your battery. No magic here, but still may be useful for users who are working with Linux on a notebook for the first time. Note:

Proxmox / Linux - Live-Update Network Configuration with Zero-Downtime

Proxmox / Linux - Live-Update Network Configuration with Zero-Downtime

In this smaller post i want to show you how easy it is to do a live config update of your network without network restarts or machine reboots. I did this just recently on production Proxmox machines (Debian 8 and 9 or Proxmox 4.x and 5.x respectively) without

Calculating EAN Check Digits in Postgres with SQL

Imagine you have EAN codes in the database. The values either do not have the corresponding check digit or you want to verify that the number you have stored is correct. You do not want to load all the entries from the database first and then utilize another programming language.

Remove Proxmox 5.1-7.x “No Valid Subscription” message

Update #1 (2021-12-22): As pointed out on this page a method that works from 5.1 up to latest 7.x. I've tested this with 7.1-8 successfully: sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js

Database anonymization in Golang using views

A couple of years ago we faced an interesting problem: We wanted to be able to recreate the state of our production system as close as possible in a separated staging system for debugging purposes and to allow testing changes with realistic data before deployment to production. A major part

Cronlocker - Distributing Cronjobs Across Hosts

One of the goals in operating any IT system is to make it available 100% of the time. Having the best of the best of the best hardware to ensure reliability is not good enough, because every piece of hardware is limited in the amount of data it can handle.

Site-to-Site IPSec VPN between Sophos UTM and Debian using StrongSwan with RSA-Pubkeys

Site-to-Site IPSec VPN between Sophos UTM and Debian using StrongSwan with RSA-Pubkeys

Introduction This guide will show you, how you can establish a Site-to-Site IPSec VPN between a Sophos UTM Firewall and a Debian 9 "Stretch" based Server using StrongSwan with RSA Public-Key based authorization. Normally we would use a simple Road-Warrior VPN for single Clients but I wanted to have something

Hetzner Root-Server with dual Hardware RAID-1 and encrypted LVM on Debian 9

Hetzner Root-Server with dual Hardware RAID-1 and encrypted LVM on Debian 9

Introduction This guide will explain the steps it takes to install a secure headless Hetzner Root-Server with some special pitfalls like LUKS on Hardware-RAIDs and SSH-based remote decryption at boot time for more than one encrypted volume that we want to use for our new PostgreSQL Backup-Server. But some back

Automating Pingdom Probes IP-Whitelisting with Probecollector

Automating Pingdom Probes IP-Whitelisting with Probecollector

Introduction It was hard to find a good title for this blog post, so let me explain it a bit further. You may have API's or applications that are secured with IP-Whitelisting or even only reachable using DNAT when a valid IP tries to connect. Therefore services like Pingdom, UptimeRobot

Add Two-Factor-Authentication to SSH on Debian Wheezy to Stretch

Introduction This guide shows you, how you can add 2FA to your OpenSSH on Debian Wheezy, Jessie and Stretch using Google Authenticator. We assume that your SSH already uses Pubkey-Authentication while PasswordAuthentication is disabled. Also this guide should also work on Debian's derivates and maybe other distros. Limitations I have

Proxmox 5 on Hetzner Root-Server with Dual-Stack IPv4/IPv6 for Host and Guests

Introduction In an earlier blog post i wrote about a standard Debian installation with KVM, IPv4 and IPv6 for both the host and it's guests. This time we will setup Proxmox 5.x on a Hetzner Root-Server also using Debian and IPv4 and IPv6 for the Host and Guests. Since

Migrating Proxmox LVM-Thin Volumes to another Proxmox Host

Introduction In an earlier post, i've discribed how to migrate VMWare ESXi Virtual Machines (or mostly their disks) to a new Proxmox KVM machine. This time i had to move a Proxmox VM to another Proxmox host. Both hosts using LVM-Thin Logical Volumes to store guest data instead of disk