cgroup ubuntu 18.04 howto

Install required packages

apt install cgroup-tools

copy cgred.conf from examples

cp /usr/share/doc/cgroup-tools/examples/cgred.conf /etc/

/etc/cgconfig.conf

group web2 {
cpu {
cpu.cfs_quota_us=10000;
}
memory {
memory.limit_in_bytes = 1024m;
}
}

cpu.cfs_quota_us = 10000 equals to 10% cpu usage
memory.limit_in_bytes = 1024 equals to 1G of system memory


/etc/cgrules.conf

#<user>    <controllers>           <destination>
web2 cpu,memory web2

This will limit every process of the user web2 to 10% CPU and 1G of memory.


For testing use this commands:

/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
/usr/sbin/cgrulesengd -vvv

check if cgroup’s are working properly

cat /sys/fs/cgroup/cpu/web2/tasks
cat /sys/fs/cgroup/memory/web2/tasks

Here my systemd service files, install them the usual systemd way

cgconfigparser.service

[Unit]
Description=cgroup config parser
After=network.target

[Service]
User=root
Group=root
ExecStart=/usr/sbin/cgconfigparser -l /etc/cgconfig.conf
Type=oneshot

[Install]
WantedBy=multi-user.target

cgrulesgend.service

[Unit]
Description=cgroup rules generator
After=network.target cgconfigparser.service

[Service]
User=root
Group=root
Type=forking
EnvironmentFile=-/etc/cgred.conf
ExecStart=/usr/sbin/cgrulesengd
Restart=on-failure

[Install]
WantedBy=multi-user.target

reload systemd and start services

systemctl daemon-reload
systemctl enable cgconfigparser
systemctl enable cgrulesgend
systemctl start cgconfigparser
systemctl start cgrulesgend

Have fun!

WordPress Gravatar Emoji Gutenberg Google Fonts Spyware

Hello

After viewing some of Richard Stallman’s interviews I decided to check this blog for spyware. I’ve found some major problems with WordPress and privacy.


First were the Gravatars. I’ve simply disabled them in WordPress settings.

Settings -> Discussion -> Avatar Display


Second were the Google Fonts in the template. I’m using as template sparkling. In the child-template I’ve disabled the fonts of the theme. I simply set my own local font in style.css.

https://colorlib.com/wp/forums/topic/remove-google-font/#post-113288


Third were the emoji’s.

Settings -> Writing -> Formatting -> Convert emoticons like :-) and :-P to graphics on display


Fourth and last is the Gutenberg Editor. It seems that WordPress uses in it’s core Google Fonts at least for the Gutenberg editor. I’ve found a plugin which does the job very well.

https://wordpress.org/plugins/disable-google-fonts/

Discussion on Github about WordPress core
https://github.com/WordPress/gutenberg/issues/11648


Have fun!

Archlinux SAMBA Fileserver Btrfs Qnap TS-459 PRO II

I’ve got an used half dead Qnap TS-459 PRO II in hands. The original Qnap OS won’t detect the installed disks not quite stable, due to a faulty Marvell SATA-Controller Chip.
The other Marvell SATA-Controller works fine. So only 2 of 4 disks are working.

Archlinux has very good btrfs support due to the fresh packages. Otherwise I would have used debian or ubuntu.

Problems with this special type of hardware:
*) Bios does not detect the connected disks on this devices, thus you only can boot from the internal USB device

You have to set /boot to the internal USB-Device

I’ve changed the /boot/grub/grub.cfg at the first line

set root='mduuid/daa55d04:df1b4f59:52419904:51489ef3'

set root='hd0,msdos1'

Now grub is reading it’s config files from that USB-Device.

WARNING! If you recreate your grub.conf with gurb-mkconfig -o /boot/grub/grub.cfg this change will be overwritten. I was to lazy to fix that :-)

Archlinux booting from Software-RAID you have to

mdadm --detail --scan >> /etc/mdadm.conf

vim /etc/mkinitcpio.conf

HOOKS=(base udev autodetect modconf block filesystems keyboard fsck mdadm btrfs)

mkinitcpio -p linux

mdadm will include the /etc/mdadm.conf in initramfs. I’m using btrfs for root and data partitions. Therefore I’ve added btrfs just in case :-). Normally it will be automatically included.

You also want some periodic check of your RAID consistency. This device has really old used disks built in. So I’ve “stolen” the checkarray script from an ubuntu installation and created a systemd timer

/etc/systemd/system/checkarray.timer

[Unit]
Description=Software RAID checkarray timer
[Timer]
OnCalendar=monthly
AccuracySec=1h
[Install]
WantedBy=timers.target

/etc/systemd/system/checkarray.service

[Unit]
Description=Software RAID checkarray service
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/checkarray --all --idle --quiet

Might you want to have lm_sensors support.
*) vim /etc/modules-load.d/sensors.conf
it87
*) Install lm_sensors and run pwmconfig.

Fancontrol runs really nice on this board!

Here my samba config file if you need it. I’ve enabled samba audit for the “daten” share. Very handy to handle Crypto-Trojans faster and easier.

[global]
workgroup = nas01.local
server string = nas01
domain logons = No
domain master = No
printing = bsd
security = user
hosts allow = 127.0.0.1 192.168.0.0/16
printcap name = /dev/null
#Windows XP fix
lanman auth = yes
ntlm auth = yes
full_audit:failure = none
full_audit:success = mkdir rename unlink rmdir pwrite write
full_audit:prefix = IP=%I|USER=%u|MACHINE=%m|VOLUME=%S
full_audit:facility = local7
full_audit:priority = NOTICE

[daten]
comment = daten
hosts allow = 192.168.0.0/16
path = /daten/samba/daten
read only = No
valid users = daten
available = yes
create mode = 0644
directory mode = 0755
vfs objects = full_audit

[backup]
comment = daten
hosts allow = 192.168.0.0/16
path = /daten/samba/backup
read only = No
valid users = backup
available = yes
create mode = 0644
directory mode = 0755

[snapshots]
comment = daten
hosts allow = 192.168.0.0/16
path = /daten/.snapshots
force user = root
valid users = daten
read only = yes
available = yes

I’ve enabled btrfs snapshots with snapper and the corresponding systemd-timers of the Archlinux package. Useful if you want to recover accidentally deleted or overwritten files

WARNING! Snapshots do not replace a real Backup!

This device has also an LCD Display. Someone has written a very good ksh script dealing with it.
https://github.com/jdupl/QnapFreeLCD

I don’t need all of this goodness. So I wrote my on crappy script to display only the Information I need :-) It does what it should do :-)

https://www.paranoids.at/downloads/lcdMonitor.php.txt

Have fun!