I am looking more and more into Cloud-Hypervisor or Firecracker. The other day I had this random thoughts: “These trendy new hypervisor can boot a kernel directly, why can’t qemu do it?”. It turned out that it can perfectly does that. Here is a random recipe to have a working Ubuntu, without having to use grub or any bootloader. Note that ubuntu first boot is still utterly slow and bloated (snap and cloud-init, I’m looking at you !). ...
This post concat some tips I learned along the way about the SSH which makes me more productive. Put generic Host config at the end The config file is read sequentially, and the first rule that matched will be taken into account. If you put your Host * 1 at the top of your ~/.ssh/config then further rules won’t be applied. Host foo Username bar Hostname foo.baz # this rule will apply to all connection. and appened to the "toto" host definition. Host * AddKeysToAgent yes IdentityFile ~/.ssh/ed25519 Split your config files By default, ssh client, will read his config from /etc/ssh/ssh_config and ~/.ssh/config. The the later one, I like to add this line of config: ...
Last week a colleague ping us on #container-support slack channel to report us a weird bug. A container worked on his machine, but not on our OpenShift cluster. He said that the dynamic linker was not able to resolve the libQt5Core.so.5. This was new since it worked perfectly for QGIS 3.10 but not in 3.16. Result of ldd /usr/local/bin/qgis_mapserv.fcgi|grep Core where: libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found libQt5Core.so.5 => not found What the hell happened on OpenShift that did not happened on the dev host (which is a ubuntu host)? Why in hell do we have lots of not found line? First Assumption We first (by we I mean colleagues and I) thoughts of: ...
I tried several stuff to configure emoji properly on Linux. I really suffer to get it working Here is my desktop setup : Distro: Arch Linux WM: Wayland DE: Gnome Terminal: Alacritty If you don’t know Alacritty, you should check it out. They still have a weird bug with emoji but it’s a great terminal emulator. I installed the noto emoji, but it emoji one also works. On arch: pacman -S noto-fonts-emoji On ubuntu ...
We have a new VPN at work which works with WireGuard. There are a lot of guides on the web like : Wireguard VPN : Typical Setup : The poetry of (in)security Getting Started with WireGuard I’m going to present 2 cases: Home need: I need a VPN access for my phone and laptop in order to access block stuff in some situation. All the traffic goes throught the VPN. It’s the simplest case Work need: I need to access some ip or ip ranges but not all the traffic goes throught the VPN. Home Server Install of WireGuard. I’m on debian 10 create a /etc/apt/sources.list.d/backport.list deb http://deb.debian.org/debian buster-backports main apt update && apt install wireguard reboot. WireGuard consist of a kernel module which need to be loaded by the kernel. And unstable will upgrade you kernel to 4.19. that’s why. On ArchLinux for example you don’t need to reboot. Generate the key pair cd /etc/wireguard umask 077 wg genkey | tee privatekey | wg pubkey > publickey Fill the the file /etc/wireguard/wg0.conf. wg0 is the name of your interface it can be everything like wg10 or even chambery [Interface] Address = 10.10.10.1/24 ListenPort = 51820 PrivateKey = <my private key> PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE [Peer] PublicKey = <client pub key> AllowedIPs = 10.10.10.2/32 Interface means that you listen here. And a Peer means a distant… Peer at the end of the tunnel. You have to declare every peer in your VPN. Which mean that if you deploy wireguard as a VPN concentrator for you company you will need some automation here ! There are some work going on to add dynamic IP to wireguard. Look at the idea here ...