unprivileged lxc containers and open file limit problem

If you’re running unprivileged lxc containers, you will notice that some software fail to install or start. For example, you may have this kind of problem on Ubuntu, when trying to install mongo:

 

root@mongo-test-0001:~# apt-get -f mongodb-org
(...)
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up mongodb-org-server (2.6.10) ...
start: Job failed to start
invoke-rc.d: initscript mongod, action "start" failed.
dpkg: error processing package mongodb-org-server (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of mongodb-org:
 mongodb-org depends on mongodb-org-server; however:
  Package mongodb-org-server is not configured yet.

dpkg: error processing package mongodb-org (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 mongodb-org-server
 mongodb-org
E: Sub-process /usr/bin/dpkg returned an error code (1)

 

The problem is the following line in /etc/init/mongod.conf:

limit nofile 64000 64000

Because it’s an unprivileged lxc container, even root is not able to increase open files limit to 64000 in the guest!

 

The solution is to add these lines in /etc/security/limits.conf on the host (you’ll have to stop the guest, log out / log in to your shell for the change to have effect):

# adjusted for lxc
*               hard    nofile          65536
*               soft    nofile          65000

 

After this, start the guest again, problem should be solved:

root@mongo-test-0001:~# apt-get -f install
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up mongodb-org-server (2.6.10) ...
Setting up mongodb-org (2.6.10) ...

 

 

 

Rackspace is down – 22 December 2014

Apparently Rackspace has a serious downtime on 22 December 2014 – its website is down.

Status website for rackspace, https://status.rackspace.com/, is also down.

Rackspace’s DNS servers are down, too, meaning, people who host their DNS with Rackspace are also affected.

According to Rackspace, they are under DDoS attack.

Renaming mongo shards

Mongo has mostly excellent documentation, yet sometimes it may not be obvious how to do some less-used configuration changes. One of these is a way to rename mongo shards.
Continue reading ‘Renaming mongo shards’ »

Be aware of CloudMagic – Email App – it “steals” your password

Recently, I was looking for an IMAP client for Android. I’ve read some reviews of CloudMagic – Email App and I though I’ll give it a try. To my surprise, it appears to be stealing credentials.

Continue reading ‘Be aware of CloudMagic – Email App – it “steals” your password’ »

Building Apache 2.4.x deb packages for Debian Wheezy (7.x)

If you’re a Debian Wheezy (7.x) user, you’re stuck to use Apache 2.2.x. Apache 2.4.x packages are available in the upcoming Debian Jessie (8.x), now in testing, however it’s not possible to install them on Wheezy.

If you need to use some of the features present only in Apache 2.4.x, it’s easy enough to build deb packages yourself.

For those who just want to download pre-built packages, you can get them from here: https://www.virtall.com/files/debian/wheezy/

Below, building instructions.
Continue reading ‘Building Apache 2.4.x deb packages for Debian Wheezy (7.x)’ »

Why is Microsoft trying to break into one of my servers?

Tonight, I’ve noticed rather lengthy break-in attempt from one of IPs owned by Microsoft. According to whois, 191.238.81.33 is owned by Microsoft Brasil – Microsoft Informatica Ltda., Brazilian subsidiary of multinational Microsoft.
The attack is ongoing, and it’s just a small part of the log. What the hell are they looking for?
Continue reading ‘Why is Microsoft trying to break into one of my servers?’ »

Adding existing code to bitbucket

Bitbucket has a bit imprecise documentation about pushing an existing code to their repo. If you have an existing directory without git control, and would like to push it to bitbucket, you may get the following error:

No refs in common and none specified; doing nothing.
Perhaps you should specify a branch such as 'master'.
Everything up-to-date

Here is how to solve it.

Continue reading ‘Adding existing code to bitbucket’ »

Changing timezone manually on CentOS / Debian

Here are some quick notes on how to change the timezone on CentOS, RedHat, Debian, Ubuntu and similar Linux systems.
Continue reading ‘Changing timezone manually on CentOS / Debian’ »

arcconf on Linux: examples

Here are some arcconf usage examples.
Continue reading ‘arcconf on Linux: examples’ »

Apache and nginx: serving different robots.txt for SSL and non-SSL version of the website

Very often, you don’t want the SSL (https://) version of your websites to be crawled by the robots.

Here is how to achieve it under Apache and nginx.

Continue reading ‘Apache and nginx: serving different robots.txt for SSL and non-SSL version of the website’ »