After upgrading to Rocky Linux 8.6 I noticed that it was consuming more memory. After some time I figured out why this is happening. The driver of the installed Intel E810 (ice) network card is causing the irdma module in both of my servers:
lsmod |grep ice
ice 770048 1 irdma
I tried to find more information about configuring the NIC to use RDMA, but there is very little information. All I found on configuration are the guides for RHEL8 on how to configure Soft-RoCE or Soft-iWARP.
But that's not enough, I still don't understand whether in my case it can work on its own, without my intervention, or not. I have the following:
[root#host01 ~]# rdma l s
link irdma0/1 state ACTIVE physical_state LINK_UP netdev ens3f0
link irdma1/1 state ACTIVE physical_state LINK_UP netdev ens3f1
link irdma2/1 state ACTIVE physical_state LINK_UP netdev ens2f0 <<--
link irdma3/1 state ACTIVE physical_state LINK_UP netdev ens2f1
link irdma4/1 state DOWN physical_state DISABLED netdev ens5f0
link irdma5/1 state DOWN physical_state DISABLED netdev ens5f1
[root#host02 ~]# rdma l s
link irdma0/1 state ACTIVE physical_state LINK_UP netdev ens3f0
link irdma1/1 state ACTIVE physical_state LINK_UP netdev ens3f1
link irdma2/1 state ACTIVE physical_state LINK_UP netdev ens2f0 <<--
link irdma3/1 state ACTIVE physical_state LINK_UP netdev ens2f1
link irdma4/1 state DOWN physical_state DISABLED netdev ens5f0
link irdma5/1 state DOWN physical_state DISABLED netdev ens5f1
[root#host01 ~]# ip -br a show ens2f0
ens2f0 UP 10.12.10.163/24
[root#host02 ~]# ip -br a show ens2f0
ens2f0 UP 10.12.10.147/24
Does this mean that within the same network and interface, both servers will use RDMA for data transfer? For example, if two servers transfer data over the ens2f0 interface (irdma2/1).
Or does each application on the servers have to support and be configured to use RDMA?
For example, as with libvirt, to perform a live migration using RDMA, you need to run the command:
virsh migrate --live --rdma-pin-all --migrateuri rdma://hostname domain qemu+tcp://hostname/system
Or another example, in gluster, you can mount a volume via RDMA:
mount -t glusterfs -o transport=rdma server1:/test-volume /mnt/glusterfs
UPD1: I read the readme from intel site, but it is not really relevant if using the native irdma module, which is put in a version of any redhat-like distribution from version 8.6.
Still my main question is described above, is additional configuration of the application on the servers and interfaces needed to use RDMA in my case or not? Will it work by itself and will the servers use RDMA when passing traffic between each other without additional configuration using the native irdma module? For example, if I set up a RabbitMQ cluster on my servers and the interfaces that RabbitMQ uses have RDMA support, will all packets for RabbitMQ be sent over RDMA?
Related
In the past, the domain was hired and used on a physical server (which still exists today)
And now I need this domain to stop directing the old physical server and start redirecting to the new one (which will also be physical)
Old Server : Linux Apache
New Server : Windows (IIS?, Apache?, WAMP? is still being decided)
Can someone give me a tip? I'm in the dark here
The first thing you should do is find the nameserver addresses available on your new hosting account.
The quickest way to find your new hosting account's nameservers is to look at the information in the email your hosting service sent you the first time you purchased hosting, or from the documentation provided by your hosting service's website. If you're still confused about where to get one, contact your hosting provider and ask them for a “DNS server” or “name server” for your domain.
Nameservers are usually in the form of ns1.companyname.com, ns2.companyname.com, etc., where companyname.com is usually the name/brand of your hosting service.
Your hosting service will generally provide 2 or more nameservers that you can use. Write down all the nameservers. It would be even better if you save the email/web page that contains the nameserver info so that later you can copy and paste it directly. Later in the next step, you must enter this nameserver information into the control panel where you purchased the domain (registrar), exactly as stated.
After you get the nameserver information, go to the domain control panel at your registrar. Don't forget, this means you're logging into the system where you bought the domain and going to where the domain management section is.
Once you find the appropriate page to change your nameservers, you will usually see a form that will allow you to enter Nameserver #1 (or “Primary Name Server”), Nameserver #2 (or “Secondary Name Server”), and maybe a few others (such as the 3rd and 4th nameservers). The terms may not always be the same, but the basic meaning will still be your first nameserver, 2nd and so on.
Fill in your nameservers, usually starting with ns1, into the Nameserver #1 field. After that type your 2nd name server, usually the name starts with ns2, to Nameserver #2, and so on. A domain name has at least 2 name servers associated with it. Some web hosting services provide more than 2, some only 2.
After the nameservers are installed with details, done. You only need to wait a moment until your website can be accessed using your domain name. Usually, it only takes a few hours for the machine to work properly.
You need to log into your Registrar account and update your DNS to point the domain to the public IP address of the new server.
This is normally a fairly easy and quick change. As an example, you can check out how to make DNS updates on GoDaddy here.
Depending on which new server you chose and the server provider, there may be additional steps involved in order for the new server to receive external traffic. Additional steps may include, but not limited to, updating a firewall and configuring the server settings.
I have two questions. My Immediate problem is WAZUH-AGENT never connects to WAZUH-MANAGER
A. That makes me think, While installing Wazuh Manager, where do we provide WAZUH MANAGER IP?
B. I registered Windows and RHEL machines as agents but none of them are able to connect - all agents are NEVER CONNECTED status.
From windows , it is the error . I am using port#1515 and TCP
ERROR: (1216): Unable to connect to 'xx.xxx.105.75': 'A connection
attempt failed because the connected party did not properly respond
after a period of time, or established connection failed because
connected host has failed to respond.'
I even tried changing 1515 to 1519 from Kibana-Wazuh app. And added my Agent IP in white-list, not sure if that matters.
Answering your questions according to the current version of wazuh v3.13.1 as of today:
[A] While installing Wazuh Manager, where do we provide WAZUH MANAGER IP?
In the installation of the manager you don't have to configure any IP unless you are configuring the cluster mode. WAZUH MANAGER IP is necessary to configure it in the agents.
After installing the agent, you have to:
Add the manager's ip address in the configuration file /var/ossec/etc/ossec.conf
<address>MANAGER_IP</address>
Register the agent in the manager. The simplest method is
/var/ossec/bin/agent-auth -m MANAGER_IP
Restart the wazuh agent
systemctl restart wazuh-agent
Once these steps are applied, you should have your agent connected and reporting to the manager.
[B] I registered Windows and RHEL machines as agents but none of them are able to connect - all agents are NEVER CONNECTED status.
After having performed the steps mentioned above, you should have connection of the agents with the manager. If not, then a troubleshooting process must be followed.
Check that the agent has successfully registered in the manager. You can use the command /var/ossec/bin/agent_control -l and see if the manager has the agent registered.
Check that you have a connection to the manager from the agents.
Wazuh uses by default ports 1515/TCP for registration and 1514/UDP for communication. Check that you have a connection through these ports (check firewall rules ...)
To avoid possible problems, check that your manager's version is >= that the agent's version.
Check if there has been an error in /var/ossec/logs/ossec.log file.
I hope this information is helpful to you.
Best regards.
A.You will have to edit ossec.conf file and make sure you have the MANAGER_IP address put it right place.
B.After you complete the section A. and if 1514/1515 ports are opened, you will be seeing your agent on the manager. Do not forget to register your aget to the manager.
I Think there have two steps:
1.To edit ossec.conf in agent. to change the 'MANAGER_IP' to real manager IP. This is very import and it's very easy to forget to edit it.
2.Restart the Agent.
I imported the OWASP BWA web application image into Virtual Box and started it up. Its supposed to show me the IP on which I can access my web application. Instead I see text that states that the web application can be accessed at http:///. How can I see what IP I can access BWA on? I have my Network Setting set to Host Only.
I got this problem because the VirtualBox dhcp server was disabled for the network that the BWA VM was on.
From the main VirtualBox screen:
File -> Host Network Manager and enable the dhcp server
I only had one network showing and that had the dhcp server disabled. If you have more than one network, you will have to dig around to figure out which one to enable.
**
Resetting the Host network Manager in to this configuration helped me to fix it.
**
Then Restart the instances or
service networking restart
I got this problem because I created more than one Host-only networks. After deleting till only one left, I started the VM again and it worked.
I work in a company where almost all private ipv4 space is already used, so using 10.254.0.0/16 for service address space is a non-starter. I have carved out a /64 of ipv6 space that I can use, but I can't seem to make it work.
Here's my apiserver config:
# The address on the local server to listen to.
KUBE_API_ADDRESS="--address=::"
# The port on the local server to listen on.
KUBE_API_PORT="--port=8080"
# Port kubelets listen on
KUBELET_PORT="--kubelet-port=10250"
# Address range to use for services
# KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=10.254.0.0/16"
KUBE_SERVICE_ADDRESSES="--service-cluster-ip-range=fc00:dead:beef:cafe::/64"
# Add your own!
KUBE_API_ARGS=""
But when I try to start kube-apiserver.service I get an error about "invalid argument". Is it possible to use IPv6 for kubernetes?
I don't think IPv6 is fully supported. I don't think there is a strong motivation among the developers of the project to add IPv6 support, because the largest group of contributors is Google employees. Google Compute Engine (and thus Google Container Engine) doesn't support IPv6, so it wouldn't benefit Google directly to pay their employees to support IPv6. Best thing to do would probably be to pull in employees of companies that run their hosted product on AWS (as AWS has IPv6 support) such as RedHat, or try to contribute some of the work yourself.
From the linked PR, it looks like Brian Grant (Google) is, for whatever reason, somewhat interested and able to contribute IPv6 support. He'd probably be a good resource to query if you're interested in contributing this functionality to Kubernetes your self.
AWS already made IPv6 by default for almost all of their major services --
https://aws.amazon.com/blogs/aws/new-ipv6-support-for-ec2-instances-in-virtual-private-clouds/
Recently, the IPv6 support is accepted, one by another started too, in-fact, the POD implementation has done so far. k8 is moving towards Service and then issues.
Currently, the open blocker issues are still open with good use cases --
https://github.com/kubernetes/kubernetes/issues/27398
For my development process I need to access a webserver which is behind a VPN and has no DNS entry.
What I was doing on 4.x was to edit /etc/hosts on the iPhone, and add it to the hosts file.
Now I'm on 5.0 beta, and don't want to jailbreak for now just for this purpose.
Is there a way I can add a line to /etc/hosts, just for development purposes (the final, distribution application does not need this hack), without jailbreaking? Can I use other means (declare a fake DNS entry by some unknown means at application launch, for example)?
EDIT: If you're willing to purchase a small license, I recommend using Charles Proxy, a web debugging proxy tool. It will also resolve domains from your local /etc/hosts, and it gives a lot of bonus features (i.e. inspect requests/responses and throttle network speeds). I only stumbled upon this tool from a WWDC video and I'm not affiliated with the product at all. I recommend reading Chris Ching's tutorial for iPhone and Charles Proxy to get you started.
To add to Ramon's answer, a way around it is to setup your local computer as a DNS server and have your iPhone point to your computer as a DNS server. This would also work for Android devices as well
The instructions are for Mac OSX via Homebrew:
brew install dnsmasq
dnsmasq is a lightweight dns server that will fallback to the original DNS server when it encounters an unknown domain
Add the line address=/.your.domain.com/10.0.0.5 to the file /usr/local/etc/dnsmasq.conf
The IP Address 10.0.0.5 is whatever the IP address assigned to your local computer by your router. You can find this via Network Utility (if you want to be fancy, you can assign a static IP to your local computer in your router)
sudo dnsmasq
This starts dnsmasq process, and it will listen on the DNS ports
Assign your local computer and your router as your DNS servers for your computer via System Preferences -> Network -> Advanced -> DNS Tab
You'll have two entries, one for your local computer (127.0.0.1) and one for your router. The reason why you include your router's IP is dnsmasq will fulfill unknown entries through the other known DNS servers. Without the router entry, you're whatever devices connected to you dnsmasq won't know how to connect to the internet.
Set your local computer's IP Address as your DNS Server your iPhone, go to Settings -> Wi-Fi -> Info icon for your connected router -> DNS
Some things to consider:
If you shut down your machine, your iPhone won't connect to the internet anymore. Make sure to reset your iPhone's DNS server to your router's IP
By default dnsmasq will look at your /etc/hosts, so if you had pointed your.domain.com to 127.0.0.1, your iPhone will resolve your.domain.com to 127.0.0.1, which means you won't connect to anything. To change this behaviour edit uncomment the #no-hosts line in the dnsmasq config.
Sources
http://www.davesouth.org/stories/how-to-set-up-dnsmasq-on-snow-leopard-for-local-wildcard-domains
Set up a real DNS entry, either by setting up a local DNS server on your wireless network, or by using a dynamic DNS service, or by adding an A record to a domain you control DNS for.
You can also set up dnsmasq (available from macports/brew), it acts as a DNS forwarder which allows you to set all kinds of alternative records.
You can then set up the DNS on the iphone/ipad to point to the box running DNSmasq, and any host on /etc/hosts on the dnsmasq box will be returned first. If not found, dnsmasq will send the query to the upstream DNS.
Also you can add SRV records to dnsmasq.conf:
srv-host=_sip._udp.devel.foo.com,devel.foo.com,5070
And many other niceties.