I am using sails and frequently got error FATAL ERROR: CALL_AND_RETRY_LAST Allocation failed - JavaScript heap out of memory. Suggestion in stackOverflow is to use like the following: node --max_old_space_size=2000 server.js.
How do I set this in Sails?
To set Node.js heap size when starting your sails app use:
# node --max_old_space_size=4096 app.js
As mentioned in the comments, the same is true when starting your app using forever or pm2 libraries.
For pm2:
# pm2 start app.js --node-args="--max-old-space-size=4096"
For forever:
# forever start -c "node --max_old_space_size=512" -o out.log -e error.log app.js
For the development build you could change "lift" command in package.json
From this line:
"lift": "sails lift"
To the example below:
"lift": "node --max_old_space_size=8000 ./node_modules/.bin/sails lift",
And then run "npm run lift" as usual
Related
I mean not in the supervisord.conf file, but instead - when you start/restart some process via supervisorctl restart procname. I've tried ENVTEST=something supervisorctl start env-test but it didn't work.
Here are some pieces of what I have:
supervisord.conf:
[program:env-test]
command=python env_test.py
stdout_logfile=logs/env_test.log
autostart=false
env_test.py:
import os
print('envtest:', os.environ.get('ENVTEST'))
command I've tried: ENVTEST=something supervisorctl start env-test
Solution that comes to my mind is to make my programs use some env-file and change it before restarting.
Big Thanks!
So far I went with:
pip install python-dotenv
env_test.py:
import os
from dotenv import load_dotenv
load_dotenv()
print('envtest:', os.environ.get('ENVTEST'))
.env file:
ENVTEST=something
and start it as usual: supervisorctl start env-test
This way the variable is available to the python code.
I am trying to create a TPM-based unlock script using tpm2-tools with instructions from Tevora Secure boot tpm2. I have set up the key, loaded it with cryptsetup luksAddKey secret.bin, then tested it using tpm2_unlock -c 0x81000000 --auth pci:sha1:0,2,3,7 and returns the value of secret.bin. For extra measures, to make sure it works, I loaded secret.bin into "/etc/crypttab", ran # update-initramfs -u -k all, and rebooted. Upon reboot, the system unlocked.
I copied over the following code into "/etc/initramfs-tools/hooks/tpm2"
#!/bin/sh -e
if [ "$1" = "prereqs" ]; then exit 0; fi
. /usr/share/initramfs-tools/hook-functions
copy_exec /usr/local/bin/tpm2_unseal
copy_exec /usr/local/lib/libtss2-tcti-device.so
I appended my etc/crypttab from cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks to cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks,keyscript=/usr/local/bin/passphrase-from-tpm
I rewrote the following script because the tpm2-tools command was outdated, edited in the new command, and stored it in /usr/local/bin/passphrase-from-tpm:
#!/bin/sh
set -e
echo "Unlocking via TPM" >&2
export TPM2TOOLS_TCTI="device:/dev/tpm0"
/usr/local/bin/tpm2_unseal -c 0x81000000 --auth pcr:sha1:0,2,3,7
if [ $? -eq 0 ]; then
exit
fi
/lib/cryptsetup/askpass "Unlocking the disk fallback $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)\nEnter passphrase: "
I ran # update-initramfs -u -k all then rebooted. In reboot, I get the following error: /lib/cryptsetup/scripts/passphrase-from-tpm: line 5: /usr/local/bin/tpm2_unseal: not found
I have tried many times to edit passphrase-from-tpm unsuccessfully, including:
Moving both passphrase-from-tpm into "/boot/efi/EFI/BOOT/" and referencing crypttab to that file
Modifying passphrase-from-tpm to use a relative file path to tpm_unseal
Before I figured out how to create a backup linux boot using:
objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline=cmdline.txt --change-section-vma .cmdline=0x30000 \
--add-section .linux="/boot/vmlinuz" --change-section-vma .linux=0x40000 \
--add-section .initrd="/boot/initrd.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub /boot/EFI/BOOT/BOOT_RECX64.EFI
I would be locked out of the system completely because of the error and had to reinstall Ubuntu about 40 times. I have suffered a lot and want to quit but I am too stubborn to throw in the flag.
just copy tpm2_unseal to /usr/local/bin/
I'm trying to make a working setup following basically those instructions, plus a few others I have found. While not working 100% yet, check that both /etc/initramfs-tools/hooks/tpm2 and /usr/local/bin/passphrase-from-tpm are marked executable (sudo chmod ug+x $filename).
After making the initramfs, you can run the following to ensure that the TPM related files are actually in the image. Replace the path in the filename by whatever update-initramfs said it was generating:
$ lsinitramfs /boot/initrd.img-5.0.0-37-generic | egrep "(tpm|libtss)"
lib/cryptsetup/scripts/passphrase-from-tpm
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/tpm_key_parser.ko
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/asym_tpm.ko
lib/udev/rules.d/tpm-udev.rules
usr/local/lib/libtss2-sys.so.0
usr/local/lib/libtss2-mu.so.0
usr/local/lib/libtss2-sys.so.0.0.0
usr/local/lib/libtss2-tcti-device.so
usr/local/lib/libtss2-tcti-device.so.0
usr/local/lib/libtss2-tcti-device.so.0.0.0
usr/local/lib/libtss2-mu.so.0.0.0
usr/local/bin/tpm2_unseal
Additionally, I have modified /usr/local/bin/passphrase-from-tpm to the following:
#!/bin/sh
TPM_DEVICE=/dev/tpm0
TPM_REGISTER=0x81000001
TPM_SEAL_POLICY=sha256:0,2,4,7
export TPM2TOOLS_TCTI="device:$TPM_DEVICE"
if [ "$CRYPTTAB_TRIED" -eq 0 ]; then
echo "Unlocking via TPM" >&2
/usr/local/bin/tpm2_unseal -H $TPM_REGISTER -L $TPM_SEAL_POLICY
UNSEAL_STATUS=$?
echo "Unseal status $UNSEAL_STATUS" >&2
if [ $UNSEAL_STATUS -eq 0 ]; then
exit
fi
else
echo "TPM unlocking previously failed for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)" >&2
/lib/cryptsetup/askpass "Enter passphrase for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME): "
fi
Note that the command line options to tpm2_unseal are for the 3.x versions of tpm2-tools. If you're using another version, you might need to update the options.
I pulled out various bits into variables at the top of the file. Modify TPM_REGISTER and TPM_SEAL_POLICY to match how you created the TPM object. set -e was removed since if any command failed, the whole script would exit, preventing the askpass fallback from ever running if tpm2_unseal failed.
Additionally, I noticed that if the script fails for some reason, systemd will attempt to run it again. If the secret in the TPM doesn't match the LUKS key, this will render the system unbootable, since the unseal succeeds, but unlocking fails, and systemd will run the script again.
Looking at the man page for crypttab, I discovered that one of the environment variables provided to the keyscript is CRYPTTAB_TRIED which is the number of tries it has attempted to unlock the volume. If CRYPTTAB_TRIED is 0, it'll attempt to use the TPM, as shown by this test (Running as non-root, so accessing the TPM device fails):
$ export CRYPTTAB_SOURCE=some_device
$ export CRYPTTAB_NAME=some_device_name
$ export CRYPTTAB_TRIED=0
$ ./passphrase-from-tpm
Unlocking via TPM
ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: Permission denied
ERROR: tcti init allocation routine failed for library: "device" options: "/dev/tpm0"
ERROR: Could not load tcti, got: "device"
Unseal status 1
When it tries running the script again, CRYPTTAB_TRIED will be greater than 0, making it display the password prompt instead:
$ export CRYPTTAB_TRIED=1
$ ./passphrase-from-tpm
TPM unlocking previously failed for some_device (some_device_name)
Enter passphrase for some_device (some_device_name):
Hopefully this is still of use to you, and helpful to anyone else trying to get the house of cards that is disk encryption with a TPM on Linux working.
I am running Q in jupyter. To enable multiple slaves, jupyter requires to be run with parameter -s.
How can I launch a kernel in jupyerq with slaves enabled?
I tried passing -s 20 into argv here in runkernel.py, but the kernel wouldn't start at all
os.execvp('/bin/qlib/3.6.x86_64/q', ['/bin/qlib/3.6.x86_64/q', jupyterq_kernel.q', '-cds'] + argv)
You can do this as follows:
Find the location of your kernel.json file for qpk by running
$jupyter kernelspec list
qpk /Users/anaconda3/share/jupyter/kernels/qpk
Open the kernel.json file and modify the following line as outlined to set up the notebook to initialise 20 slaves threads on server startup
"env": {"JUPYTERQ_SERVERARGS":"","MPLBACKEND":"Agg"}
Changed to
"env": {"JUPYTERQ_SERVERARGS":"-s 20","MPLBACKEND":"Agg"}
For reference instructions for completing command line argument execution for jupyterq can be found here:
https://code.kx.com/v2/ml/jupyterq/notebooks/#server-command-line-arguments
I got a simple program off github 1 crlint.js that takes a js file and creates a report identifying various measures like Cyclomatic complexity and Halstead value. I updated my node and npm (I'm on a Mac - Sierra). I added a start line in the script section of the package.json file:
"scripts": {
"start": "node crlint",
"test": "echo \"There is an Error: no test specified\" && exit 1"
}
When I run it in the terminal (input file lib/testutil.js), no errors but no report generated either.
npm start [cyclomatic] —lib/toolutil.js
This comes back (in the terminal):
> crlint#0.1.1 start /Users/cindy/Documents/crlint
> node crlint "lib/toolutil.js"
Any thoughts? This is the first time I've used github so am sure I am missing something. I've looked at the posts on this forum about this - didn't find anything useful. Thanks -
I'm running Ubuntu 13.04, after installing using:
$ sudo npm install -g coffee-script
..with output..
npm http GET https://registry.npmjs.org/coffee-script
npm http 304 https://registry.npmjs.org/coffee-script
/usr/local/bin/coffee -> /usr/local/lib/node_modules/coffee-script/bin/coffee
/usr/local/bin/cake -> /usr/local/lib/node_modules/coffee-script/bin/cake
coffee-script#1.6.3 /usr/local/lib/node_modules/coffee-script
No commands yields any result, whatsoever:
$ coffee js.coffee
$ coffee -v
$ coffee GiveMeSomeCoffeePlease
I verified that it exists:
$ which coffee
/usr/local/bin/coffee
And the file has some contents:
$ cat `which coffee`
#!/usr/bin/env node
var path = require('path');
var fs = require('fs');
var lib = path.join(path.dirname(fs.realpathSync(__filename)), '../lib');
require(lib + '/coffee-script/command').run();
Also tried version 1.6.1 which works on my laptop. No difference on this computer though. Any ideas?
I finally found the solution. I had installed the package node on Ubuntu, which is something entirely different:
Amateur Packet Radio Node program (transitional package) The
existing node package has been renamed to ax25-node. This transitional
package exists to ease the upgrade path for existing users.
I went ahead and installed the nodejs package. But seems it didn't quite create the right binding anyway, I could run nodejs but not node. So I made an alias for it and now CoffeeScript is running just fine!
cd /usr/bin; sudo ln -s nodejs node
Same here .. In my expressjs app, instead of running via
node app
now it seems I have to run it via
nodejs app
I ll either create an alias or a symlink like Mika did. I am using Ubuntu 13.10 fyi.