serverfault.com

I set up Redis 8.4 replication with sentinel and service registration with Hashicorp Consul on Oracle EL10.1 server stack. In order to reregister redis service with consul after failover I needed to reload consul service, what can be done with redis sentinel client-reconfig-script option. Here's the simple script: #!/bin/bash sudo systemctl reload consul.service that option was added in sudoers: Cmnd_Alias CONSUL_SERVICE = /usr/bin/systemctl reload consul.service redis ALL=NOPASSWD: CONSUL_SERVICE after testing this configuration with selinux in enforcing mode I've ended with selinux policy: module my-redisserver 1.0; require { type redis_conf_t; type redis_t; type sudo_exec_t; type system_dbusd_t; type system_dbusd_var_run_t; type systemd_systemctl_exec_t; type systemd_logind_t; type systemd_unit_file_t; type chkpwd_exec_t; type shadow_t; type init_t; clas

Why can't remove a user from my Azure cognitive resource? I tried to but the removal silently fails. What could the reason be?

I’m trying to understand the practical difference between CPU steal time and CPU ready time on virtualized Linux hosts. I know both metrics relate to CPU contention, but I’m not fully clear on how they differ in real‑world behavior: CPU steal time: time when the VM wants to run but the hypervisor is busy CPU ready time: time when the VM is ready to run but waiting for a physical CPU What I’m missing is how these two metrics behave differently in practice. For example: Does high steal time always imply host‑level CPU overcommitment Can ready time be high even when steal time is low Which metric is more useful for diagnosing performance issues inside the guest How do KVM/VMware/Hyper‑V report these values differently I’m looking for a clear explanation of how to interpret these metrics and how they relate to each other when trou

Hang on, you can't upvote just yet. You'll need to complete a few actions and gain 15 reputation points before being able to upvote. Upvoting indicates when questions and answers are useful. What's reputation and how do I get it? Instead, you can save this post to reference later. I am seeing this. What can I do to gain 15 points? Is someone willing to help me and if so why not?

I created an Azure VM with the intention of setting up an app that our finance team can access by RDPing to the VM. The intention is they will authenticate with their Entra IDs. We have conditional access policy in place for all staff that only allows access with MFA and device compliance - all our Windows 11 Pro machines are registered in Intune. The VM is set up fine, and I can login to it fine with the local VM credentials. If I exclude my Entra account from our conditional access policy I can login using the Entra ID. This confirms that the Azure VM is set up correctly to use Entra ID. The problem is that when the account is not excluded from the conditional access policy. It appears that both the computer that is connecting to the server AND the server are evaluated in the Conditional Access process. My computer passes the conditional access test, as it is compliant. I even see a successful login in Entra Sign-in logs that shows this (the applicatio

I want to deploy additional services, such as openssh-server, into helm_release ingress-nginx, which I've configured in a terraform/opentofu file. I've found resources and questions like https://stackoverflow.com/a/57367498 that explain how to do this with a ConfigMap deployed directly via kubectl, but I want to express this via terraform files so I can deploy it with tofu apply. Here's what I have so far: resource "helm_release" "ingress-nginx" { name = "ingress-nginx" repository = "https://kubernetes.github.io/ingress-nginx" chart = "ingress-nginx" version = "4.14.1" timeout = 1800 values = [ <<-EOT controller: hostNetwork: true replicaCount: 1 service: type: NodePort tcp: "2222": "default/openssh-server:2222" EOT ] } resource "kubernetes_se

We're starting to see a problem where ssh tunneling stops working in MacOS Sequoia and/or Tahoe. The problem stems from MacOS adding "Local Network Access" permissions, which prevent applications from connecting to anything on the LAN unless granted permission. The way it is supposed to work is that when any application does try to access the local network, the OS adds that application to the list of applications that can talk to the local network, but toggled off, and the dialog asks if you want to turn on the permission. The problems here are two-fold. First, however it is that MacOS is blocking this access is also preventing ssh tunnels from working (the exact reason isn't even clear). The second is that Terminal (and or /bin/bash or whatever shell) is for some reason often not added to the list of applications granted permission, and no popup appears. Using nc from the Terminal does not result in generating the popup from the OS. So I want to better

I have a website which it's root domain is pointing to an IP address whose server is down. And the subdomain www version is pointing to a server that is reachable. So if I check both domains on dnschecker.org it shows that both domains they are not propagating in other locations in Asia. What could be causing the issue?

I wrote a server in C running on Windows using network sockets. The client connects to the server using the server public IP address. When I attempt to connect from the client, the connection times out. Here’s what I’ve tried: Assigned a static local IP to the server machine and forwarded the port to it. Enabled DMZ to direct all traffic to the server. Disabled the router firewall. Followed the Tenda D301 manual instructions for port forwarding. Temporarily disabled Windows Firewall. Tested with external port-checking tools, which consistently report the port as closed. Despite these steps, the client cannot connect via the public IP. Additional details: Router: Tenda D301 Connection mode: PPPoE (attempted Bridge mode, but router failed to connect to ISP) Question: What reliable me

I have an issue with my Omada configuration. Trying to connect to the Internet using Windows Subsystem for Linux (WSL) fails. If I change my wifi to mobile hotspot, it works. So I know it's an Omada configuration issue on my side. My host PC is in a subnet VLAN and it works, but the WSL does not. I understood the WSL is in a different subnet 172.23.n.n from this: 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc mq state UP group default qlen 1000 link/ether 00:15:5d:bc:85:41 brd ff:ff:ff:ff:ff:ff inet 172.23.247.176/20 brd 172.23.255.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::215:5dff:febc:8541/64 scope link valid_lft forever preferred_lft forever and maybe because of that, Omada is dropping (my host subnet is 192.168...) When I use my omada wifi setup, this is Local + WSL: Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix .