This will break down how to use LVM and thin-provisioned LVs in front of a disk image file allowing new writes to go to a separate LV from the original image. This will function similarly to something like UnionFS but using the LVM layer instead and using an thin provisioned LV for the new data itself. This might be useful when you already have a filesystem image (maybe from a backup or similar) and it’s big enough that copying it before using it is not feasible, but you still want to be able to revert to the previous state if something blows up. This will handle all of that at the block layer. My main use-case for this is on an older system where some of the modern union or overlay filesystems (unionfs, overlayfs, aufs, etc) are not available or stable. I’m sure there may be other uses as well, […]
Sysadmin
System Engineering/Administration things.
Koken SSL Issue Resolution
This will just be a quick post. I recently started to evaluate using Koken to self-host some of my photography work and I was having a lot of mysterious issues. My server is configured running nginx and all domains are 100% SSL, meaning there is no non-SSL access to a site. Koken is a PHP application built on the CodeIgniter framework, so there is also php-fpm in the mix too. While Koken looks really nice, nice enough for me to spend time trying to resolve my issues, the support is pretty poor. There are hundreds of posts related to the following issues, which I have resolved with one configuration item in my nginx config. I hope this might solve some problems for a lot of other people since development appears very slow since it was sold. I believe the issues above are isolated to people running Koken on nginx with […]
Crouching Slave, Hidden Master
For the past 15 years or so I have run my own authoritative DNS server for all of my domain names. It started out because back when I was 18 or 19 I ran a small web design / web hosting business which was also a re-seller for a registrar. At the time it made sense to run my own name servers. After that business was dissolved, I consolidated my server farm down to one small un-managed VPS for my own personal projects, and just kept running my own DNS. There was no real reason for me to keep it, but it worked, and I like hosting my own stuff. Recently I started toying with the idea of offloading my DNS to somewhere else. There are a number of free options that I have access to, but the more I was thinking about it, the more I liked having complete […]
Let’s Encrypt With Nginx
When I saw the first news of the Let’s Encrypt project several months ago I got pretty excited about it, mostly because I don’t like to use self-signed certificates and this blog didn’t seem worthwhile to pay for a proper certificate on. Combined with the recent news of Google starting to shame sites not using SSL I figured I would give it a shot. Here is a quick rundown of how I configured my nginx web server to use Let’s Encrypt SSL certificates. The official documentation for Let’s Encrypt can be found here. A few things to note at the start: I did not use the nginx plugin, as that is very broken I followed a fairly manual process using the “webroot” method thanks to this tutorial My Linux distro is Arch Linux This first thing you need to do is install/configure Let’s Encrypt. You can do this in any […]
Breaking Down an NAA ID / World Wide Name
At least once a week in my career as a storage engineer I have a conversation that involves a systems admin asking me to add space to a SAN (fiber channel attached) based storage object by referring to it how they see it. This could be the name of a data store in VMware, saying the “E-drive”, or any number of other descriptions of a storage object which are meaningless to me. When I ask for more detail I am often given the world wide name of the device, as to them it looks like a pretty unique identifier for the storage they are talking about. Before I long I log into the system myself and get it all sorted out but I wanted to see if there was a way I could make a quick and easy translation of the world wide name they give me so that it […]