Sysadmin

Usually at least one of those is present on any system top htop / another top variant ps But sometimes the usual suspects are not available, especially in minimal containers. But there is another, more low level, way that works: /proc This is a virtual filesystem provided by the kernel about running processes. So to mirror something like this: $ ps aux |grep sleep 5 root 0:00 sleep 1000 21 root 0:00 sleep 10000000 36 root 0:00 grep sleep We could do: [Read More]

sysadmin linux container

Caddy: Manual Maintenance Mode

Posted on 2024-07-13 (Last modified on 2025-06-04)

Coming from NGINX and others the concept of a maintenance mode that can be manually enabled is something I have used many times before.

With Caddy it is equally as easy, just using a less obvious syntax.

[Read More]

caddy sysadmin

HaProxy: Think About DNS Resolution

Posted on 2024-06-04

By default HAProxy resolves all DNS names in it’s config on startup and then never again.

This might cause issues down the road if DNS records, for example the ones for backends, change.

This section of the documentation is a good starting point as it describes IP address resolution using DNS in HAProy really well: https://docs.haproxy.org/3.0/configuration.html#5.3

Additionally this guide can also be helpful: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/dns-resolution/

haproxy linux sysadmin

Self-hosted notifications

Posted on 2022-11-01 (Last modified on 2025-08-18)

Running any kind of personal infrastructure sometimes requires your attention based on certain events or failure states, no matter how much you automate tasks.

Over the years I have used E-Mail, Telegram bots and a variety of other tools for this purpose. However all of them have the drawback that they mix with other kinds of information and are not easilly usable in scripts.

[Read More]

notification open-source sysadmin productivity self-hosted

Resolve .local Through Nameserver With Netplan

Posted on 2021-08-13

When using netplan it is easy to force .local DNS requests to go to you nameservers instead of being only resolved locally (the default and standard).

This also works with all other strange .WHATEVER domains you may have lying around in your organization.

Snippet from netplan configuration:

 nameservers:
        addresses:
          - X
          - Y
        search:
          - local
          - myotherstupiddomain

dns netplan linux sysadmin

Show all active user cron jobs on a system

Posted on 2021-08-11

Debian/Ubuntu

grep -vH "#" /var/spool/cron/crontabs/*

RedHat/Centos/Rocky

grep -vH "#" /var/spool/cron/*

cron linux sysadmin

DNS Resolution Everywhere

Posted on 2021-08-10 (Last modified on 2025-09-19)

Usually at least one of those is present on any system dig nslookup host But sometimes the usual suspects don’t work, especially in container-land. After trying them you may try some more involved/unknown things: getent Part of glibc, this will probably work on nearly every system. getent hosts example.org Or, if you specifically want to query A or AAAA records. getent ahostsv4 example.org getent ahostsv6 example.org Using Python2 Or Python3 Given this depends on glibc it is more of a alternative then another real solution. [Read More]

sysadmin dns linux container

curl: Modify DNS Resolution

Posted on 2021-08-08 (Last modified on 2025-05-07)

You can intercept normal name resolution in curl with the --resolve parameter allowing you to do things like talk to a specific site of a DNS load-balanced setup or talk to a new deployment not yet made productive. You can specify the resolve option multiple times so you can even catch redirects and move them to where you want as well. It’s important to note that this intercept does only work on the ports you specify in the entries. [Read More]

curl sysadmin productivity

How SELinux screws with scripts when run over VMware Tools

Posted on 2021-08-08 (Last modified on 2021-08-11)

SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API).

This can be solved two ways:

Disabling SELinux: BAD, but easy
Writing a custom SELinux policy: complicated but more secure

Note: Adding/Changing this policy through a VMware tools connection is thankfully possible

Example policy

This policy is the base for a VMware tools policy and allows entering the rpm context (yum).

module custom-vmtools 1.0;

require {
        type rpm_script_t;
        type vmtools_unconfined_t;
        class process transition;
}

#============= vmtools_unconfined_t ==============

allow vmtools_unconfined_t rpm_script_t:process transition

vmware selinux ansible security sysadmin automation linux

Delete Your Old VMware Snapshots

Posted on 2021-01-01 (Last modified on 2025-08-18)

For the love of Pete, please delete your old snapshots regularly! Old snapshots have caused incidents and even outages more than once in my career and it is really easy to preemptively look for them and get them removed before anything happens. Why To put it plainly, they can cause issues - like 03:00 in the morning pager alert issues and additionally eat up storage space like crazy. Degraded performance of the VM having the snapshot Degraded performance to full outages for other VMs on the same data store due to rapidly increasing snapshot sizes VMware recommends a series of steps to reduce risk when using snapshots: [Read More]

powershell vmware-powercli sysadmin