serverfault.com

i try to configure PostgreSQL as data source in my new grafana service and get a error: stat /home/grafana/.postgresql/postgresql.crt: permission denied after i catch your eye some context, we used to have grafana service on specific aws ec2 instance, we in process of clean it and separate the services to multiple machine. i try to move grafana to new service, i copy all the data from all the sub folder to new aws ec2 instance and run the grafana service and start to get a error and can't find what the source cause of the error. i don't find the file in the source aws ec2 and provisioning folder are empty, one file and is all commented out '#' before you say grafana save all it's inner data in local sqlite3 database (that located in /etc/grafana/grafana.ini [database] section) i try to setup a clean Grafana instance and the error persist. i would like to hear any idea you have, i totally stuck Grafana version was the latest stable, the 12.

Setting up a new dovecot install. Docevot docs says the recommended quota driver is count. Roundcube apparently gets the quota information form the maildirsize file in the maildir directory. When using count driver, this file is not updated. Using maildir driver does update the file and things work but since count is recommended, I'm trying to evaluate my options. quota-clone is the recommended way to "export" quota information. Should I use this to write to a database? How may I tell Roundcube to read there instead of the maildirsize file?

There are zero snapshots in my zpool, and the datasets themselves occupy only 14% of the available zpool space. This used to be a functioning mirror, but recently a lot of my data has become truncated and the pool (and df) now shows 100% utility. # zfs list -o space NAME AVAIL USED USEDSNAP USEDDS USEDREFRESERV USEDCHILD pool1 0B 8.69T 0B 151K 0B 8.69T pool1/encrypted 0B 8.69T 0B 7.45T 0B 1.24T pool1/encrypted/general 0B 256K 0B 256K 0B 0B pool1/encrypted/images 0B 1.24T 0B 1.24T 0B 0B df: pool1/encrypted/images 1326699904 1326699904 0 100% /pool/1/encrypted/images pool1/encrypted/general 256 256 0 100% /pool/1/encrypted/general This just finished a scrub. Can someone help me under

I set up Redis 8.4 replication with sentinel and service registration with Hashicorp Consul on Oracle EL10.1 server stack. In order to reregister redis service with consul after failover I needed to reload consul service, what can be done with redis sentinel client-reconfig-script option. Here's the simple script: #!/bin/bash sudo systemctl reload consul.service that option was added in sudoers: Cmnd_Alias CONSUL_SERVICE = /usr/bin/systemctl reload consul.service redis ALL=NOPASSWD: CONSUL_SERVICE after testing this configuration with selinux in enforcing mode I've ended with selinux policy: module my-redisserver 1.0; require { type redis_conf_t; type redis_t; type sudo_exec_t; type system_dbusd_t; type system_dbusd_var_run_t; type systemd_systemctl_exec_t; type systemd_logind_t; type systemd_unit_file_t; type chkpwd_exec_t; type shadow_t; type init_t; clas

Why can't remove a user from my Azure cognitive resource? I tried to but the removal silently fails. What could the reason be?

I’m trying to understand the practical difference between CPU steal time and CPU ready time on virtualized Linux hosts. I know both metrics relate to CPU contention, but I’m not fully clear on how they differ in real‑world behavior: CPU steal time: time when the VM wants to run but the hypervisor is busy CPU ready time: time when the VM is ready to run but waiting for a physical CPU What I’m missing is how these two metrics behave differently in practice. For example: Does high steal time always imply host‑level CPU overcommitment Can ready time be high even when steal time is low Which metric is more useful for diagnosing performance issues inside the guest How do KVM/VMware/Hyper‑V report these values differently I’m looking for a clear explanation of how to interpret these metrics and how they relate to each other when trou

Hang on, you can't upvote just yet. You'll need to complete a few actions and gain 15 reputation points before being able to upvote. Upvoting indicates when questions and answers are useful. What's reputation and how do I get it? Instead, you can save this post to reference later. I am seeing this. What can I do to gain 15 points? Is someone willing to help me and if so why not?

I created an Azure VM with the intention of setting up an app that our finance team can access by RDPing to the VM. The intention is they will authenticate with their Entra IDs. We have conditional access policy in place for all staff that only allows access with MFA and device compliance - all our Windows 11 Pro machines are registered in Intune. The VM is set up fine, and I can login to it fine with the local VM credentials. If I exclude my Entra account from our conditional access policy I can login using the Entra ID. This confirms that the Azure VM is set up correctly to use Entra ID. The problem is that when the account is not excluded from the conditional access policy. It appears that both the computer that is connecting to the server AND the server are evaluated in the Conditional Access process. My computer passes the conditional access test, as it is compliant. I even see a successful login in Entra Sign-in logs that shows this (the applicatio

I want to deploy additional services, such as openssh-server, into helm_release ingress-nginx, which I've configured in a terraform/opentofu file. I've found resources and questions like https://stackoverflow.com/a/57367498 that explain how to do this with a ConfigMap deployed directly via kubectl, but I want to express this via terraform files so I can deploy it with tofu apply. Here's what I have so far: resource "helm_release" "ingress-nginx" { name = "ingress-nginx" repository = "https://kubernetes.github.io/ingress-nginx" chart = "ingress-nginx" version = "4.14.1" timeout = 1800 values = [ <<-EOT controller: hostNetwork: true replicaCount: 1 service: type: NodePort tcp: "2222": "default/openssh-server:2222" EOT ] } resource "kubernetes_se

We're starting to see a problem where ssh tunneling stops working in MacOS Sequoia and/or Tahoe. The problem stems from MacOS adding "Local Network Access" permissions, which prevent applications from connecting to anything on the LAN unless granted permission. The way it is supposed to work is that when any application does try to access the local network, the OS adds that application to the list of applications that can talk to the local network, but toggled off, and the dialog asks if you want to turn on the permission. The problems here are two-fold. First, however it is that MacOS is blocking this access is also preventing ssh tunnels from working (the exact reason isn't even clear). The second is that Terminal (and or /bin/bash or whatever shell) is for some reason often not added to the list of applications granted permission, and no popup appears. Using nc from the Terminal does not result in generating the popup from the OS. So I want to better