debian jessie as kvm guest high cpu load


I was wondering about the high cpu load of my debian jessie kvm guests.

 18 root 20 0     S           11,0      50:10.35 ksoftirqd/2
 28 root 20 0     S           11,0      49:45.90 ksoftirqd/4
 13 root 20 0     S           10,1      51:25.18 ksoftirqd/1
 23 root 20 0     S           10,1      55:42.26 ksoftirqd/3
 33 root 20 0     S           8,3       43:12.53 ksoftirqd/5
 3 root 20 0      S           7,4       43:19.93 ksoftirqd/0

The more load my kvm guest had the more cpu time was allocated by the kernel.
I was using 3.16.0-4-amd64.

My hostmachines were, ubuntu 14.04 and archlinux. Both same issue.

Simple solution was to install backports kernel 4.2.0-0.bpo.1-amd64 oder compile fresh vanilla kernel via make localyesconfig.

Seems to be a debian kernel bug.

Have fun!

dkim postfix howto


Here some nice howto to setup opendkim with postfix

Install and configure opendkim:

aptitude install opendkim
mkdir -p /etc/opendkim/keys/yourdomain.tld
cd /etc/opendkim/keys/yourdomain.tld
opendkim-genkey -r -d yourdomin.tld
vim /etc/opendkim.conf
AutoRestart             Yes
AutoRestartRate         10/1h
Syslog                  yes
LogWhy                  yes
SyslogSuccess           yes
UMask                   002
Socket                  inet:8891@localhost
KeyTable                refile:/etc/opendkim/keytable
SigningTable            refile:/etc/opendkim/signingtable
vim /etc/opendkim/keytable
default._domainkey.yourdomain.tld yourdomain.tld:default:/etc/opendkim/keys/yourdomain.tld/default.private
vim /etc/opendkim/signingtable
*@yourdomain.tld default._domainkey.yourdomain.tld
vim /etc/postfix/
smtp      inet  n       -       -       -       -       smtpd
        -o smtpd_milters=inet:
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_milters=inet:
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
/etc/init.d/postfix restart
/etc/init.d/opendkim restart
cat /etc/opendkim/keys/yourdomain.tld/default.txt
add this record to your dns zone of yourdomain.tld

Hint: In ubuntu 12.04 opendkim-genkey has a bug which generates an invalid dkim public key in the default.txt. Here the example:

default._domainkey IN TXT "v=DKIM1;=rsa; p=MIGfMA0GC .... Q7GWwsbQIDAQAB" WRONG
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GC .... Q7GWwsbQIDAQAB" RIGHT

You can also install a ubuntu backport which does not have the problem

To verify your dkim install you can use any gmail account.
Here Gmails help for this

“mailed-by yourdomain.tld” -> Means your SPF Record is valid
“signed-by yourdomain.tld” -> Means your DKIM Setup is valid

Have fun!

rsyslog as remote log server


Need to seperate logfiles on your syslog server on per remote ip basis and syslog facility?
Here my /etc/rsyslog.d/40-remote.conf

*.* /var/log/remote/all.log
$template DynFile,"/var/log/remote/%fromhost-ip%/%syslogfacility-text%.log"
:source , !isequal , "yourhostname" ?DynFile
:source , !isequal , "yourhostname" ~

If you want to seperate logfiles per hostname basis use this

*.* /var/log/remote/all.log
$template DynFile,"/var/log/remote/%HOSTNAME%/%syslogfacility-text%.log"
:source , !isequal , "youhostname" ?DynFile
:source , !isequal , "yourhostname" ~

Just replace yourhostname with the output of the command “root@yourhostname:~# hostname”

If you use Ubuntu 10.04 there is a bug in rsyslog with the option “$PrivDropToGroup syslog” in /etc/rsyslog.conf
Just replace the line with “$PrivDropToGroup adm”

And finally here my logroation config placed under /etc/logrotate.d/remote

        rotate 52
                reload rsyslog >/dev/null 2>&1 || true

Have fun!

Sony Ericcson Arc S CayanogenMod dhcp problem


I flashed my phone with the latest CM 9.1.
After some time my phone did not get any IP-Address via dhcp.
Static IP’s were working. So it should be the dhcp-client I thought.
Googled for the problem:

* switch off WiFi
android:/ $ su
android:/ $ rm data/misc/dhcp/*
* switch on WiFi

WiFi is working again :-)

Have fun!

Mikrotik SSTP 100% CPU Load


I’ve seen that due to some https requests the mikrotik SSTP server uses 100% of CPU
Here some nice script with scheduler which reenables the SSTP server. I’ve seen the bug with the latest ROS 5.20.

/system script
 add name=cpuload policy=ftp,read,write,winbox,api source=":local cpuload [ /system resource get cpu-load ]\r\
 \nif ( \$cpuload = 100 ) do {\r\
 \n/interface sstp-server server set enabled=no\r\
 \n/interface sstp-server server set enabled=yes\r\
 \n:log warning \"CPU Load \$cpuload reenabled sstp service\"\r\

Here the scheduler:

/system scheduler
add disabled=no interval=5m name=cpuloadsstp on-event="/system script run cpuload" policy=ftp,read,write,winbox,api start-date=\
    sep/28/2012 start-time=07:00:33

Have fun!