Save space converting Qemu/KVM disk images to qcow2 format

Old versions of virt-manager used to create raw disk images, pre-allocated at creation: if you needed a 100Gb disk image, you would have a 100Gb file on your storage. This is good for performance, but terrible for provisioning, since you can’t overbook your disk space.

The new disk format, qcow2, use less space and provide more utilities (multiple snapshots, growing of disk image, encryption, compression, check qemu-img man page), so let’s convert all our old disk images to the new format:

$ for image in *.img; do qemu-img convert -O qcow2 "${image}" "${image}.qcow2"; done

Make sure to run a test with the new image before deleting the old one!

Advertisements

Run a command at most every X seconds without using cron

Some parts of your infrastructure require monitoring every few seconds, but that’s not what cron is for. In these cases you are better suited with a monitoring daemon running continuously:

#!/bin/bash

SLEEP=10

# the next iteration should be at most 10 seconds after the first one 
NEXT=$(( $(date +%s) + $SLEEP ))

while [ 1 ]; do
  # your tests (you can use timeout here, so if your test is stuck
  # won't block the execution of the next one

  # calc how much time we have before next run
  DELTA=$(( $NEXT - $(date +%s) ))

  # if we have time, let's sleep a bit
  if [ "$DELTA" -gt 0 ]; then
    sleep $DELTA
  fi

  # set values for the next iteration
  NEXT=$(( $(date +%s) + $SLEEP ))
done

You can then monitor the script with monit to make sure its running.

Solving Apache 503 “Service temporarily unavailable” error

We had a problem with a customer that got a 1 minute timeout when restarting their DJango webapp, claiming that Apache did get stuck. After a test, in the Apache log files we found:

[Thu Oct 11 09:35:18 2012] [error] (111)Connection refused: proxy: HTTP: attempt to connect to 192.168.0.10:48880 (192.168.0.10) failed
[Thu Oct 11 09:35:18 2012] [error] ap_proxy_connect_backend disabling worker for (192.168.0.10)
[Thu Oct 11 09:35:19 2012] [error] proxy: HTTP: disabled connection for (192.168.0.10)
[...]

The problem is that the Apache proxy module, recognising that the service was unavailable, stopped redirecting requests to it for one minute.

The problem was solved adding a retry=0 parameter to the ProxyPass directive:

ProxyPass / http://192.168.0.10:48880/ retry=0 timeout=5
ProxyPassReverse / http://192.168.0.10:48880/

References: Apache mod_proxy documentation, Serverfault.com tip.

Enable touchpad tap to click on Fedora/Debian

Fedora has tap to click disabled by default (WHY?!). This has been a problem for me since AGES when using XFCE and similar environments that do not enable touch tap by default. I spent hours searching how to fix it and today I found the solution here! In short, you should create a file in /etc/X11/xorg.conf.d/ (create that directory if it doesn’t exist) and call it, for example, 10-synaptic-tap.conf. The file should contain something like:

Section "InputClass"
       Identifier "tap-by-default"
       MatchIsTouchpad "on"
       Option "TapButton1" "1"
EndSection

You can also add more options, for example, adding Option “VertTwoFingerScroll” “On” before the EndSection will enable two fingers vertical scrolling.

Check secure services with(out) telnet

Back in the good ole days, you could use your telnet client (or netcat) to check most services. For example, a mail account via POP3:

$ telnet pop.mailserver.tld 110
+OK [...]
user username
+OK [...]
pass yourpassword
+OK [...]
list
[...]
quit

Today many servers require a secure connection, so that your data (including username and password!) won’t be readable by anyone snooping your connection. It’s a good security policy, but telnet is not able to speak to secure services. You should use Openssl instead:

$ openssl s_client -connect pop.mailserver.tld:995
[...]
+OK [...]
user username
[...]

It also works on different services, for example HTTP:

$ openssl s_client -connect google.com:443
[...]
---
GET / HTTP/1.0

HTTP/1.0 302 Found
Location: https://www.google.it/
[...]

Using this command you can easily check and debug your secure POP, IMAP, HTTP services.