Install Tuned for max performance

Update and install tuned:

Code:
apt-get update
apt-get install tuned tuned-gtk tuned-utils tuned-utils-systemtap
reboot

List of useful tuned commands:

Code:
tuned-adm active
tuned-adm list
tuned-adm recommend
tuned-adm verify
tuned

Recommended for performance:

Code:
tuned-adm profile latency-performance

HP Z420 Workstation Headless boot

To make hp z420 workstation headless boot (run workstation without a video card) Need to have Windows OS installed to run HP BIOS Configuration Utility (BCU) because in bios settings this option is hidden.

Download HP BIOS Configuration Utility (BCU) or here

Installation
Run the BCU SoftPaq to install its contents to the folder \HP\BIOS
Configuration Utility\, where is the Program Files folder on the target
system (For example, C:\PROGRAM FILES). The resulting files at the target folder include:
● BIOSConfigUtility.exe
● BIOSConfigUtility64.exe
● HPQPswd.exe
● HPQPswd64.exe
● BCUsignature32.dll
● BCUsignature64.dll
● Internet shortcut to BIOS Configuration Utility User Guide.pdf

Command-line parameters

BiosConfigUtility.exe /setvalue:"Headless Mode","Enable"

It can show some errors but it should work fine. Now take out your GPU and try to start the workstation. Now it should not keep beeping and boot without issues.

NUT Monitor EATON UPS

1. Installation
First step is to install Network UPS Tools package :

Terminal
# apt-get install nut
2. Connect your UPS
Once your UPS is powered and connected to a USB port of your server, it should be detected :

Terminal
# lsusb | grep UPS
Bus 004 Device 010: ID 0463:ffff MGE UPS Systems UPS
We can notice that UPS is from MGE, former name of Eaton.

This command has given us the Vendor ID and Device ID of your USB connected UPS.

Vendor ID : 0463
Device ID : ffff
These important values will be used later in the installation procedure.

3. Configuration
Its now time to declare the Eaton UPS to nut daemon.

As the UPS is connected via USB, we wil use the USB driver.

This is done by adding a new section to /etc/nut/ups.conf to declare your UPS.

/etc/nut/ups.conf
...
[eaton]
driver = usbhid-ups
port = auto
desc = "Eaton 3S 550"

4. Start USB driver
Now that your UPS is declared to nut, it’s time to start the USB UPS driver upsdrvctl :

Terminal
# upsdrvctl start
Network UPS Tools – UPS driver controller 2.6.4
Network UPS Tools – Generic HID driver 0.37 (2.6.4)
USB communication driver 0.32
Can’t claim USB device [0463:ffff]: could not detach kernel driver from interface 0: Operation not permitted
Driver failed to start (exit status=1)
This doesn’t look good.

Error comes from the fact that nut daemon is running as nut user, which is not allowed to access USB interface (accessible only by root).

The best way to allow nut user to access the UPS USB device, is to declare a new udev rules.

The udev rule will use the Vendor ID and Device ID of your USB UPS.

Il will allow accounts from nut group to access the USB device with 660 permission rather than 666, since that should be sufficient and more secure.

To declare the rule, you just have to create /etc/udev/rules.d/90-nut-ups.rules :

/etc/udev/rules.d/90-nut-ups.rules
# Eaton 3S 550
ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0463", ATTR{idProduct}=="ffff", MODE="0660", GROUP="nut"
You now need to restart udev for the rule to become operational :

Terminal
# service udev restart
You need to disconnect and reconnect the USB cable to remount it with the new udev rule.

You should now be able to start upsdrvctl UPS driver without error.

Terminal
# upsdrvctl start
Network UPS Tools – UPS driver controller 2.6.4
Network UPS Tools – Generic HID driver 0.37 (2.6.4)
USB communication driver 0.32
Using subdriver: MGE HID 1.31
5. Configure NUT mode
nut can run in different mode according to your configuration :

none (default)
standalone
netserver
netclient

We must configure nut in standalone mode as it will address a local only configuration, with 1 UPS protecting the local system. This will start the 3 nut layers (driver, upsd and upsmon).

This standalone mode is declared in /etc/nut/nut.conf :

/etc/nut/nut.conf
...
MODE=standalone

Next step is to configure upsd and upsmon :

upsd communicates with the UPS driver that we just started
upsmon communicates with upsd and actually shuts down the machine in the event of a power failure.
Why this extra level of indirection ?

Just because multiple instances of upsmon can be started on different machines and communicate with a single uspd in charge of the physical UPS device.

6. Configure UPS daemon
As upsd will be used locally on the server, we will configure it to listen on localhost and default port 3493. Configuration will be done for IPv4 and IPv6.

Edit or create configuration file /etc/nut/upsd.conf :

/etc/nut/upsd.conf
...
# LISTEN

[]
LISTEN 127.0.0.1 3493
LISTEN ::1 3493
...

Next, we should create a local upsmonitor user for upsd.It will be used by upsmon to interact with upsd.

This local user is declared in /etc/nut/upsd.users :

/etc/nut/upsd.users
[upsmonitor]
password = YOUR_PASSWORD
upsmon master

Replace YOUR_PASSWORD with a real password.

7. Configure UPS monitor
Once user has been declared in upsd, it should be declared to upsmon.

This declaration is done thru /etc/nut/upsmon.conf :

/etc/nut/upsmon.conf
# Commands for shutdown on power loss
MONITOR [email protected] 1 upsmonitor YOUR_PASSWORD master
POWERDOWNFLAG /etc/killpower
SHUTDOWNCMD "/sbin/shutdown -h now"

eaton is the name you’ve given to your UPS in /etc/nut/ups.conf and YOUR_PASSWORD with the password you set in /etc/nut/upsd.users.

If you want, you can also change the shutdown command that will be used when the UPS battery will go below a minimum level.

8. Secure configuration
Since these UPS configuration files contain sensitive data (you can shutdown the server …), we should fix the permissions to allow only root user and nut group to access them.

Terminal
# chown root:nut /etc/nut/*
# chmod 640 /etc/nut/*

9. Test connection
Everything should now be in place to test your UPS connectivity.

To test it, you just need to start upsd daemon and to inquire your UPS status with upsc client.

Terminal
# upsd

Network UPS Tools upsd 2.6.4
fopen /var/run/nut/upsd.pid: No such file or directory
listening on ::1 port 3493
listening on 127.0.0.1 port 3493
Connected to UPS [eaton]: usbhid-ups-eaton
# upsc [email protected]
battery.charge: 89
battery.charge.low: 20

Now that service is running, you can reboot your debian computer.

After next reboot, service nut-server should have been started.

You should be able to access your UPS data.

Terminal
# upsc [email protected]

battery.charge: 89
battery.charge.low: 10

As soon as your UPS charge will go under 10%, a shutdown signal will be issued to your server.

OVH Cloud Failover IP config

nano /etc/network/interfaces.d/50-cloud-init

auto lo
iface lo inet loopback
dns-nameservers 213.186.33.99

auto eth0
iface eth0 inet dhcp
mtu 1500

auto eth0:1
iface eth0:1 inet static
address x.x.x.x
netmask 255.255.255.255

auto eth0:2
iface eth0:2 inet static
address x.x.x.x
netmask 255.255.255.255

auto eth0:3
iface eth0:3 inet static
address x.x.x.x
netmask 255.255.255.255

Raspberry Hardware Watchdog

Automatically power cycle the Raspberry Pi once it gets stuck.

1) Enable the hardware watchdog on your Pi and reboot

sudo su
echo 'dtparam=watchdog=on' >> /boot/config.txt
reboot

2) Install the watchdog system service

sudo apt-get update
sudo apt-get install watchdog

3) Configure the watchdog service

sudo su
echo 'watchdog-device = /dev/watchdog' >> /etc/watchdog.conf
echo 'watchdog-timeout = 15' >> /etc/watchdog.conf
echo 'max-load-1 = 24' >> /etc/watchdog.conf

4) Enable the service

sudo systemctl enable watchdog
sudo systemctl start watchdog
sudo systemctl status watchdog

Now next time your Raspberry Pi freezes, the hardware watchdog will restart it automatically after 15 seconds.

If you want to test this you can try running a fork bomb on your shell:

sudo bash -c ':(){ :|:& };:'

!!!Running this code will render your Raspberry Pi unaccessible until it’s reset by the watchdog.!!!

Syncthing įdiegimas Ubuntu/Debian

Syncthing logo

Jei norite greitai pasiekti daugelio įrenginių failus, jums reikia sinchronizavimo. Tai atviro kodo kelių platformų failų sinchronizavimo sprendimas, kuris gali veikti lokaliai arba internetu. Ši platforma turi „Linux“, „Windows“ ir „macOS“ klientus. Taip pat turi „Android“ programą, skirtą sinchronizuoti iš ir į išmaniuosius telefonus.

2. Pridedame Syncthing prie apt šaltinių

echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list

2. Pridedame PGP raktą

curl -s https://syncthing.net/release-key.txt | sudo apt-key add -

3. Paleidžiam atnaujinimą

sudo apt update

4. Paleidžiam Syncthing instaliavimą

sudo apt install syncthing

5. Įgalinam Syncthing kaip servisą

sudo systemctl enable [email protected]

6. Paleidžiam Syncthing su komanda

sudo service [email protected] start

7. Pasitikrinam ar viskas sėkmingai pasileido:

[email protected]:~/# service [email protected] status
[email protected] - Syncthing - Open Source Continuous File Synchronization for root
Loaded: loaded (/lib/systemd/system/[email protected]; disabled; vendor preset: enabled)
Active: active (running) since Sat 2021-05-08 18:13:49 EEST; 7h ago
Docs: man:syncthing(1)
Main PID: 27578 (syncthing)
Tasks: 48 (limit: 4915)
Memory: 11.9G
CGroup: /system.slice/system-syncthing.slice/[email protected]
├─27578 /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
└─27586 /usr/bin/syncthing serve --no-browser --no-restart --logflags=0

Kaip matome, viskas pasileido sėkmingai. Dabar patį Syncthing WEB UI galite pasiekti adresu http://127.0.0.1:8384

Atkreipkite dėmesį į paleidimo eilutę „service [email protected] start“ kur yra username, ten nurodome kokiu useriu paleidinėsime daemoną, patartina nenaudoti root userio dėl saugumo sumetimų. Po pirmo paleidimo, atitinkamo userio /home/useris/.config/syncthing direktorijoje susikuria visi konfigūraciniai failai. Pagal nutylėjimą pasiekti web ui dabar pavyks tik iš lokalaus kompiuterio. Norint pasiekti web ui nuotoliniu būdu reikės pakeisti config.xml faile vieną nustatymą:

iš <address>127.0.0.1:8384</address> į <address>0.0.0.0:8384</address>

Klientus ir kitus reikiamus failus rasite: https://syncthing.net/downloads/

Gero naudojimo 🙂

vsftpd, group, usermod

adduser user – Sukuriam userį

usermod -d /home/some/dir user – Nustato numatytą user home direktoriją

groupadd group – Sukuriam grupę

usermod -a -G group user Pridedam user į grupę

chown -R user:group /home/some/dir – Suteikiam user ir grupei access.

arba

chgrp -R group /home/some/dir

ir uždedam failų teises, kad juos leistų atidaryti/redaguoti ir išsaugoti

chmod -R 775 /home/some/dir