Les archives de la catégorie ‘posts

I recently developed the Puppet module Asher256/puppet-lizardfs that can help you configure LizardFS, a highly-available distributed file system (DFS).

The Puppet module Asher256/puppet-lizardfs is an open source project. Community contributions are essential for keeping it great. I encourage you to contribute to the project. Send me your pull requests on Github! Currently, puppet-lizardfs supports the operating systems Debian/Ubuntu and RedHat/CentOS.

Lire la suite »

To write robust Bash scripts, I recommend you to:

1. Activate the Bash options: errexit, nounset

Add these two options at the top of your Bash scripts:

#!/usr/bin/env bash
set -o errexit      
set -o nounset
  • errexit will stop your Bash script each time a command in your script returns an exit code different from « 0 ». It does not show any message when it quits, this is why it is important to show a traceback (check the second advice below « show a Bash traceback »).
  • nounset will stop your script and output an error if you attempt to use undefined variables. nounset is very important because it can avoid you to run dangerous commands like: rm –fr « /$undefinedvariable »

2. Check your Bash scripts with shellcheck and follow the recommendations of Advanced Bash-Scripting Guide.

  • Commentaires fermés sur 3 advices to write robust Bash scripts
  • Tags: ,

Accidental shutdown or reboot is a serious blunder, especially if the kernel is being updated in the background.

I recommend you to use systemd-inhibit to prevent Linux from shutting down while your important cron jobs are running (e.g. operating system update scripts):

systemd-inhibit --why="Doing update" ./my-update-script.sh

systemd-inhibit will block the shutdown or reboot until the update script is finished.

Additional options:

  • –who= »your name »
    A human-readable name
  • list
    List all active inhibition locks
  • Commentaires fermés sur Temporarily prevent Linux from shutting down
  • Tags:

Docker is a great tool, but it can sometimes consume a lot of disk space. Docker-clean is a simple bash script you can use to remove all docker images and containers:

$ git clone https://github.com/zzrotdesign/docker-clean
$ cd docker-clean
$ ./docker-clean --help
Options:
-h or --help        Opens this help menu
-v or --version     Prints the current docker-clean version

-a or --all         Stops and removes all Containers, Images, and Restarts docker
-c or --containers  Stops and removes Stopped and Running Containers
-i or --images      Stops and removes all Containers and Images
-net or --networks  Removes all empty Networks
-s or --stop        Stops all running Containers

--dry-run           Adding this additional flag at the end will list items to be
                    removed without running the remove or stop commands

-l or --log         Adding this as an additional flag will list all
                    image, volume, and container deleting output

To stop and remove all Docker containers:

$ ./docker-clean --containers

To remove all Docker images:

$ ./docker-clean --images
  • Commentaires fermés sur How to stop and remove all docker images and containers

You can use the shell script below to route and masquerade traffic coming to a network interface (« in_nic » variable) to another one (« out_nic » variable):

#!/bin/sh

set -e
set -u

in_nic=eth0
out_nic=eth1

# Flush old iptables rules
iptables -F; iptables -X
iptables -t nat -F; iptables -t nat -X
iptables -t mangle -F; iptables -t mangle -X

# Iptables policies (accept OUTPUT only)
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Route and masquerade traffic 
iptables -A FORWARD -i "$in_nic" -o "$out_nic" -j ACCEPT
iptables -A FORWARD -i "$out_nic" -o "$in_nic" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o "$out_nic" -j MASQUERADE

(the script is also available on gist: iptables-route-masquerade-traffic.sh)

  • Commentaires fermés sur How to use Linux and Iptables to route and masquerade ipv4 network traffic
  • Tags: ,