Keepalived and libvirt MACVTAP network interfaces

Keepalived is a routing software written in C that can be used to setup load balancing and high availiability for Linux machines. NOTE: hypervisor is Debian 10 (Buster) with libvirt and qemu/kvm, virtual machines also are Debian 10 (Buster). Keepalived configuration Install keepalived: $ apt install keepalived Install nginx, it will be use to check that keepalived is actually working: $ apt install nginx $ systemctl enable --now nginx Configure keepalived: $ vi /etc/keepalived/keepalived.conf --- global_defs { enable_script_security # prevents tampering with the check script script_user root # defines which user runs the check script } vrrp_script chk_nginx { script "/opt/scripts/nginx-check.sh" interval 2 # run script every 2 seconds weight 2 # add 2 points if OK } vrrp_instance VI_1 { interface enp2s0 # interface to monitor virtual_router_id 51 priority 101 # MASTER 101, BACKUP 100 advert_int 1 nopreempt # comment to not have the VIP go back to MASTER # -> when it comes back online authentication { auth_type PASS auth_pass myPass # maximum 8 chars } virtual_ipaddress { 10.10.0.12/24 # VIP (Virtual IP Address) } track_script { chk_nginx } } Also add a script to check if nginx is alive and well: …

Posted on

Wireguard VPN Linux and IOS setup guide

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN. Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required. Performance wise Wireguard is also faster than OpenVPN. SERVER: Debian 10 (Codename Buster) As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it: …

Posted on

LUKS encrypted TGT ISCSI target and initiator

After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10. One of my physical machines, which was also CentOS 7 based, is used as ISCSI target. Debian 10 - Server A.K.A. Target Install the required packages: $ sudo apt-get install tgt dkms Create a device backstore: …

Posted on

OPENWRT first run configuration guide

OpenWRT is a free open source Linux based operating system aimed at networking hardware. Every time the system is upgraded to a newer version using the so called Sysupgrade BIN image every package the user manually installed gets lost; this makes the upgrade process very tedious especially if one does not properly write down all the customization he has made. I don’t use many custom packages but QoS, DNS-over-HTTPS, USB support and vnstat are must have. …

Posted on

Remotely unlock a full disk encrypted Fedora 33 server

Last year I blogged on how to remotely unlock a full disk encrypted Fedora/CentOS server. The software I used, dracut-crypt-ssh, is not supported anymore and stopped working for me on Fedora 32 and 33. A quick DDG search pointed me in the right direction and made me find a similar software that accomplishes the same task: dracut-sshd. $ sudo dnf install dracut dracut-network openssh libblkid-devel gcc $ git clone https://github.com/gsauthof/dracut-sshd.git $ cd dracut-sshd $ sudo cp -ri 46sshd /usr/lib/dracut/modules.d After compiling and installing dracut-crypt-ssh configure grub to instruct dracut to add networking to initramfs: …

Posted on

Siemens IOT2050

A few weeks ago Siemens released a very much needed upgrade of the IOT2000 platform; the newcomer is called IOT2050 and is a huge step forward compared to the very very underpowered IOT2040. I have had one for a few days laying on my desk but I just found the time to play with it today. Other than the new hardware, the officially supported operating system also changed from Yocto Linux to Debian Buster (kudos for dropping Yocto). …

Posted on

XMPP audio and video calls

Ejabberd has supported STUN/TURN for quite some time now, this in conjunction with client support can be used to implement one on one audio and video calls. Since version 2.8.0 Conversations Android client added audio and video call functionality by leveraging on STUN/TURN and XEP-0215. The rest of the XMPP world is following the route opened by them, so I expect to see IOS and regular computer XMPP clients to finally implement these new features too in the upcoming months. Enabling audio and video calls in Ejabberd is actually pretty simple. Provided you have installed the latest release (version 20.04), edit ejabberd.yml: …

Posted on

Microsoft Teams on Fedora and Wayland with screenshare

Since the whole COVID19 pandemic hoax started a couple of months ago, working from home has become the new hip thing every company brags about on every social media known to humankind. The first step to be able to call yourself a proper COVID19 ready(tm) company is the ability to bother every employees with just a few mouse clicks. So here we are, with Microsoft Teams(tm) and a lot of other not very secure and massively bloated software elected as the center of the office life. Coffee break? XYZ software chatroom. Kick-off meeting? XYZ software chatroom. And so on. Because of my special snowflake syndrome and my deep hatred for all things Microsoft and especially Windows I always end up making my life a bit harder. After having used Teams in a Windows 10 VM (after all I paid for a license when I got my latest Thinkpad) for a few weeks, I decided it was time to finally try to make it work on my main OS: Fedora 31. The catch was also that I wanted to do that more or less without installing any third party non free software. The OS I use is Fedora 31, which comes with pipewire and xgd-desktop-portal both installed and configured out of the box. Since using the official closed source Electron crapware client was out of the question, the obvious choice was to make Microsoft Teams work in a regular WEB browser. The situation is the following: …

Posted on