So you want to replace a GlustetFS brick? In other words, how do I rename a brick path in glusterfs?
NOTICE: Anytime there is any data manipulation on any environment, backups should always be taken. So please make a copy or a backup of your files prior to executing any of the commands. The steps expect the user has a backup.
Here's a few ways to do so:
gluster volume replace-brick <vol> <host>:/bricks/0/gv01 <host>:/bricks/0/abc-gv01 commit force
A detailed sequence of another way to rename the brick storage folder:
Command
Description
gluster v reset-brick gvol peer01:/previous/path start
Stop glusterfs on node.
mv /previous/path /latest/path
Move the old path to the new path.
gluster v add-brick gvol peer02:/new/path force
Add new path as new brick.
gluster v remove-brick gvol peer01:/previous/path force
Maintain sequence. Data duplication will occur if order is not maintained.
Time to up the memory on the host and adjust the environment properties:
/atlas/atlassian/confluence/ cat bin/setenv.sh
# See the CATALINA_OPTS below for tuning the JVM arguments used to start Confluence.
echo "If you encounter issues starting up Confluence, please see the Installation guide at http://confluence.atlassian.com/display/DOC/Confluence+Installation+Guide"
……..
# Set the JVM arguments used to start Confluence.
# For a description of the vm options of jdk 8, see:
# http://www.oracle.com/technetwork/java/javase/tech/vmoptions-jsp-140102.html
# For a description of the vm options of jdk 11, see:
# https://docs.oracle.com/en/java/javase/11/tools/java.html
CATALINA_OPTS="-XX:+IgnoreUnrecognizedVMOptions ${CATALINA_OPTS}"
CATALINA_OPTS="-XX:-PrintGCDetails -XX:+PrintGCDateStamps -XX:-PrintTenuringDistribution ${CATALINA_OPTS}"
CATALINA_OPTS="-Xlog:gc+age=debug:file=$LOGBASEABS/logs/gc-`date +%F_%H-%M-%S`.log::filecount=5,filesize=2M ${CATALINA_OPTS}"
CATALINA_OPTS="-Xloggc:$LOGBASEABS/logs/gc-`date +%F_%H-%M-%S`.log -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=2M ${CATALINA_OPTS}"
CATALINA_OPTS="-XX:G1ReservePercent=20 ${CATALINA_OPTS}"
CATALINA_OPTS="-Djava.awt.headless=true ${CATALINA_OPTS}"
CATALINA_OPTS="-Datlassian.plugins.enable.wait=300 ${CATALINA_OPTS}" CATALINA_OPTS="-Xms1024m -Xmx6144m -XX:+UseG1GC ${CATALINA_OPTS}"
CATALINA_OPTS="-Dsynchrony.enable.xhr.fallback=true ${CATALINA_OPTS}"
CATALINA_OPTS="-Dorg.apache.tomcat.websocket.DEFAULT_BUFFER_SIZE=32768 ${CATALINA_OPTS}"
CATALINA_OPTS="-Djava.locale.providers=JRE,SPI,CLDR ${CATALINA_OPTS}"
CATALINA_OPTS="${START_CONFLUENCE_JAVA_OPTS} ${CATALINA_OPTS}"
CATALINA_OPTS="-Dconfluence.context.path=${CONFLUENCE_CONTEXT_PATH} ${CATALINA_OPTS}"
CATALINA_OPTS="-Djdk.tls.server.protocols=TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 ${CATALINA_OPTS}"
CATALINA_OPTS="-XX:ReservedCodeCacheSize=256m -XX:+UseCodeCacheFlushing ${CATALINA_OPTS}"
export CATALINA_OPTS
# /atlas/atlassian/confluence/
Upped the memory to double from 8GB to 16GB and min Xms settings to 4096GB for faster startup and adjusted the following line accordingly:
backend mysql-back
mode tcp
option tcplog
option mysql-check user haproxy
balance roundrobin
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
server mysql01.nix.mds.xyz mysql01.nix.mds.xyz:3306 maxconn 1024 check port 3306
server mysql02.nix.mds.xyz mysql02.nix.mds.xyz:3306 maxconn 1024 check port 3306
server mysql03.nix.mds.xyz mysql03.nix.mds.xyz:3306 maxconn 1024 check port 3306
HAProxy stats are red:
Checking using tcpdump;
tcpdump -w trace.dat -s 0 port not 22
tcpdump -r trace.dat -nnvvveXXS > trace.dat.txt
Dec 11 23:57:00 localhost haproxy[6635]: Server mysql-back/mysql01.nix.mds.xyz is DOWN, reason: Layer7 wrong status, code: 0, info: "Access denied for user 'haproxy'@'mysql01.nix.mds.xyz' (using password: NO)", check duration: 1ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Dec 11 23:57:00 localhost haproxy[6635]: Server mysql-back/mysql01.nix.mds.xyz is DOWN, reason: Layer7 wrong status, code: 0, info: "Access denied for user 'haproxy'@'mysql01.nix.mds.xyz' (using password: NO)", check duration: 1ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Dec 11 23:57:01 localhost haproxy[6640]: Server mysql-back/mysql02.nix.mds.xyz is DOWN, reason: Layer7 wrong status, code: 0, info: "Access denied for user 'haproxy'@'mysql01.nix.mds.xyz' (using password: NO)", check duration: 4ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Dec 11 23:57:01 localhost haproxy[6640]: Server mysql-back/mysql02.nix.mds.xyz is DOWN, reason: Layer7 wrong status, code: 0, info: "Access denied for user 'haproxy'@'mysql01.nix.mds.xyz' (using password: NO)", check duration: 4ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Dec 11 23:57:02 localhost haproxy[6640]: Server mysql-back/mysql03.nix.mds.xyz is DOWN, reason: Layer7 wrong status, code: 0, info: "Access denied for user 'haproxy'@'mysql01.nix.mds.xyz' (using password: NO)", check duration: 4ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Dec 11 23:57:02 localhost haproxy[6640]: backend mysql-back has no server available!
Dec 11 23:57:02 localhost haproxy[6640]: Server mysql-back/mysql03.nix.mds.xyz is DOWN, reason: Layer7 wrong status, code: 0, info: "Access denied for user 'haproxy'@'mysql01.nix.mds.xyz' (using password: NO)", check duration: 4ms. 0 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
Dec 11 23:57:02 localhost haproxy[6640]: backend mysql-back has no server available!
Which was temporary:
Dec 11 23:58:01 localhost haproxy[9156]: 192.168.0.104:59906 [11/Dec/2021:23:57:01.888] mysql-in mysql-back/mysql01.nix.mds.xyz 1/0/60009 126 cD 22/22/22/7/0 0/0
Dec 11 23:58:30 localhost haproxy[9156]: 192.168.0.104:59930 [11/Dec/2021:23:57:02.161] mysql-in mysql-back/mysql02.nix.mds.xyz 1/1/88075 274 cD 20/20/20/7/0 0/0
Dec 11 23:58:33 localhost haproxy[9156]: 192.168.0.104:59928 [11/Dec/2021:23:57:02.161] mysql-in mysql-back/mysql03.nix.mds.xyz 1/1/91445 200 cD 20/20/20/6/0 0/0
So it became apparent that, while sitting on a GlusterFS on two of my nodes, Confluence was dumping 18GB of logs to catalina.out. Unfortunately, there isn't a good way to rotate that file:
All the while writing to the GlusterFS, which by itself network copies this to the secondary host, atlas01:
atlas02 # du -sh logs
18G logs
To fix this, created a folder on the host OS called /confluence-logs/logs, then copied the /atlas/atlassian/confluence/logs folder to the OS folder. Then linked them up and changed permissions:
Then started up confluence once more. Don't forget to do this on the second note too! The drawback to this, is that when nodes failover, the secondary host doesn't really have a copy of the logs anymore, since it won't be shared at that point.
It indeed happened that the default GW provided on various network interfaces was the router that we do not want to be the GW. In our case the OpenWRT Raspberry Pi 2 became the GW for any hosts dynamically getting an IP. So all requests, were sent via the Raspberry Pi 2, which is not what we want. To fix this, check your device if it is running a DHCP server:
root@OWRT01:~# ps | grep -Ei dhcp
547 root 1240 S /usr/sbin/odhcpd
1556 root 1072 S grep -Ei dhcp
root@OWRT01:~#
To disable this, you can do so in the Luci interfaces panel ( Luci -> Network -> Interfaces -> LAN ) then Edit then disable the DHCP server in the right most tab:
This use case scenario is aimed at those folks who are developing on their local environment and need to trust a set of certificates. This is so they are not always prompted for verification to a domain they know is already trusted and safe. Despite that site having self signed certificates as is the case in many labs. Here's how to suppress these for specific sites.
Your connection is not private
The steps below assume you are running on Windows 10 and using a non previlieged account. As of this writing, Chrome appears to make use of it's own Trust Root Certificate Authorities which could not be updated using import in that category.
1) Chrome ( First 4 steps may not work )
Export the certificate to a file by clicking the Lock or Not Secure text that may appear to the left of your URL.
Select View Certificate -> Details tab then Copy to File... Then save the certificate. Name the file something easily descernable to prevent confusion later on.
in chrome://settings, or using the three dot menu from the top right, search for SSL in the search field then select Security -> Manage Certificates .
Import your certificate under the
If the above doesn't work, on the error page type thisisunsafe .to bypass the prompt in the future. The site will still be marked as insecure however it will no longer prompt for a pass.
2) Kaspersky Total Security
Add the sites to the list of Trusted Addresses to bypass the above Kaspersky warning.