serverfault.com

Device: mellanox cx6 with mlx5_core driver for the pf, and vfio-pci for the vf for passthrough to VMs Situation: I have a VM with a passed-through VF, with the VF guid added to partition A. I want to tear this down, add the VF guid to partition B and start up a new VM without leaking access to partition A to the second tenant. Ideas: Read back pkey from the VF after adding its guid to the new partition in SM (UFM): This is tricky because I don't want to unbind the VF from vfio-pci each time a new VM spins up. neither mlx5_core nor doca-ofed expose the VF pkey through sriov/ subtree in PF sysfs. Just change the GUID wholesale: this should work, but I'm worried about a race condition between the new vm starting and the SM sweep. I haven't been able to produce this race while testing, but I'm not certain it's impossible. Ideally, I'd be able to read back the vf and vport state on the host before starting a new VM. I think that would sol

I'm configuring a live streaming server using the following repo https://github.com/alfg/docker-nginx-rtmp/tree/master The defined entrypoint in the above code is #!/usr/bin/env bash set -e if [ ! -v "${MAX_MUXING_QUEUE_SIZE}" ]; then MAX_MUXING_QUEUE_SIZE_ARG="-max_muxing_queue_size ${MAX_MUXING_QUEUE_SIZE} " fi if [ ! -v "${ANALYZEDURATION}" ]; then ANALYZEDURATION_ARG="-analyzeduration ${ANALYZEDURATION} " fi quality1=('480' '256k' '64k' 'low' '448000') quality2=('720' '768k' '128k' 'mid' '448000') quality3=('960' '1240k' '128k' 'high' '1152000') quality4=('1280' '1920k' '128k' 'hd720' '2048000') if [ -v ${SINGLE_STREAM} ]; then qualities=(quality1 quality2 quality3 quality4) else qualities=(quality4) fi output_execpush="/usr/local/bin/ffmpeg $ANALYZEDURATION_ARG-async 1 -vsync -1 -hwaccel cuda

I have set up nginx to reverse to several OLD APC webadmin http pages with no issues. when i used modern things like homeassistant things start getting stupid. i am currently getting a 400 error for home assistant with the same config i have for the apc's i am not seeing any thing obvious in the logs. though I am new to nginx so im not sure what im looking for. upstream homeassistant_app { server 10.1.2.136:8123; # Your application server } server { listen 80; server_name homeassistant.linux2themax.com; # Redirect HTTP to HTTPS return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name homeassistant.linux2themax.com; # SSL configuration (certificates managed separately) ssl_certificate /etc/nginx/certs/homeassistant.pem; ssl_certificate_key /etc/nginx/certs/homeassistant.key; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "

I have deployed four vms. I have setuped the environment for voip. Is it ok, and can I learn the voip engineer skills locally.

I am wondering how feasible it is to send email with a DKIM-only setup, with an SPF record of v=spf1 -all. If my DMARC policy requires DKIM alignment then recipients who understand DMARC will still accept my mails. Recipients who don't do DMARC but do process SPF would reject them. Is anything known about how common such recipients are in the real world? I suppose I'd get a lot of 'SPF alignment fail' reports that I'd have to ignore. On the other hand, I'd be protected against the risk of sending email that isn't DKIM-signed for some reason. It's a shame you can't express "don't bother with SPF, only consider the DKIM result" in a DMARC policy.

Environment: Microsoft Intune manages Android Enterprise personally-owned work profiles. Identity/productivity is Google Workspace on a managed Google domain, federated to Microsoft Entra (OIDC SSO). Goal: users use native Google Drive/Gmail in the work profile, signed in with their Workspace account. Symptom: the Workspace account can be added to the work profile (device restriction "Add and remove accounts = Allow all account types" + domain allow-list) and sign-in completes via the Entra redirect, but it never becomes functional: Google Play services raises a recurring "Account action required" notification that taps through to Company Portal and resolves nothing; Chrome "verify that it's you" never clears; Google Drive opens but returns no files. Already ruled out: GEM set to Unmanaged for the OU; OIDC SSO assigned and working; Google 2-Step Verifi

A PHP application running on Nginx + PHP-FPM (PHP 8.3) was returning HTTP 500 errors. The logs showed a fatal error in a third-party PHP module: PHP Fatal error: Uncaught InvalidArgumentException: Please make sure the folder '/path/to/app/temp' is writable However: The directory exists Permissions are drwxrwxrwx (777) Ownership is correct (same user as PHP-FPM pool) touch works as the same user Running is_writable() via CLI PHP returns true But when accessed via PHP-FPM, is_writable() returns false. The PHP-FPM pool runs under systemd with hardening enabled.

I want to run a Git server in Docker, and have a regular SSH server on the host, with both sharing the same port. The Git server uses git@ip while the SSH server uses user@ip. Is it possible to bounce packets sent to git@ip to the Docker container, or something, such that I can connect to either server without changing the port?

I'm moving a bunch of WordPress sites from Linux to Windows Server 2022. The sites are functioning just fine but I'm getting: "Some files are not writable by WordPress: xmlrpc.php wp-blog-header.php readme.html wp-signup.php index.php wp-cron.php wp-config-sample.php wp-login.php wp-settings.php license.txt wp-mail.php wp-links-opml.php wp-load.php wp-includes/class-wp-styles.php wp-includes/class-wp-user-query.php wp-includes/l10n.php wp-includes/date.php wp-includes/php-compat/readonly.php wp-includes/class-wp-oembed.php wp-includes/images/w-logo-blue-white-bg.png and The wp-content/upgrade-temp-backup directory exists but is not writable. This directory is used to improve the stability of plugin and theme updates. Please make sure the server has write permissions to this directory. In the site health tool. I've added define('WP_TEMP_DIR', 'C:/Windows/Temp'); to

We are running an ASUS RS720-E11 server (Z13PP-D32 motherboard, pure UEFI mode) with a Broadcom MegaRAID 9580-8i8e controller. The OS (Rocky Linux 8.10, kernel 4.18.0) is installed on an internal RAID1 VD consisting of two Intel SATA SSDs managed by the controller. Two Supermicro JBOD shelves containing 82x 18TB Toshiba SAS HDDs are connected via the external 8e port. 9580-8i8e ├── Cable 1 → Input port, JBOD shelf 1 └── Cable 2 → Input port, JBOD shelf 1 └── Output port → Input port, JBOD shelf 2 Problem After updating the MegaRAID 9580-8i8e firmware package from 7.36 (52.36.0-6528) to 7.37 (52.37.0-6663) and the ASUS RS720-E11 server BIOS, the server no longer boots when both SAS cables are attached. The system hangs at UEFI POST Q-code 0xAD (Ready to Boot) indefinitely. Observations With both SAS cables attached → hangs at 0xAD, never boots, blac