OneCardboardBox

joined 2 years ago
sorted by: new top controversial old
[Solved] Help! Edited fstab and broke my system! in c/linux@programming.dev
[–] OneCardboardBox@lemmy.sdf.org 9 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Looks like you've already had some help fixing your system. I'd recommend reading the arch wiki pages on encryption. Even if you're not running arch, the wiki is a good source of up-to-date information, and contains many practical tips.

This section about setting up your /etc/crypttab to unlock a non-root filesystem at boot might be useful. Even if you don't want to unlock at boot, it explains how crypttab works: https://wiki.archlinux.org/title/Dm-crypt/System_configuration#crypttab.

There's another useful section if you want to decrypt on demand after boot: https://wiki.archlinux.org/title/Dm-crypt/System_configuration#Mounting_on_demand

Lastly, if you're experimenting with fstab entries for a non-root device, consider setting nofail so that if you screw anything up the system still boots. This section is somewhat relevant: https://wiki.archlinux.org/title/Fstab#External_devices

Basically, you need both a crypttab entry and an fstab entry to open and then mount the device.

-1
Some docker containers need manual start after host reboot (lemmy.sdf.org)
submitted 1 year ago* (last edited 1 year ago) by OneCardboardBox@lemmy.sdf.org to c/selfhosted@lemmy.world
0 comments fedilink
 

I generally let my server do its thing, but I run into an issue consistently when I install system updates and then reboot: Some docker containers come online, while others need to be started manually. All containers were running before the system shut down.

  • My containers are managed with docker compose.
  • Their compose files have restart: always
  • It's not always the same containers that fail to come online
  • Some of them depend on an NFS mount point being ready on the host, but not all

Host is running Ubuntu Noble

Most of these containers were migrated from my previous server, and this issue never manifested.

I wonder if anyone has ideas for what to look for?

SOLVED

The issue was that docker was starting before my NFS mount point was ready, and the containers which depended on it were crashing.

Symptoms: journalctl -b0 -u docker showed the following log lines (-b0 means to limit logs to the most recent boot):

level=error msg="failed to start container" container=fe98f37d1bc3debb204a52eddd0c9448e8f0562aea533c5dc80d7abbbb969ea3 error="error while creating mount source path '/mnt/nas/REDACTED': mkdir /mnt/nas/REDACTED: operation not permitted"
...
level=warning msg="ShouldRestart failed, container will not be restarted" container=fe98f37d1bc3debb204a52eddd0c9448e8f0562aea533c5dc80d7abbbb969ea3 daemonShuttingDown=true error="restart canceled" execDuration=5m8.349967675s exitStatus="{0 2024-10-29 00:07:32.878574627 +0000 UTC}" hasBeenManuallyStopped=false restartCount=0

I had previously set my mount directory to be un-writable if the NFS were not ready, so this lined up with my expectations.

I couldn't remember how systemd names mount points, but the following command helped me find it: systemctl list-units -t mount | grep /mnt/nas

It gave me mnt-nas.mount as the name of the mount unit, so then I just added it to the After= and Requires= lines in my /etc/systemd/system/docker.service file:

[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com/
After=network-online.target docker.socket firewalld.service containerd.service time-set.target mnt-nas.mount
Wants=network-online.target containerd.service
Requires=docker.socket mnt-nas.mount
...
dotnet developer in c/programmer_humor@programming.dev
[–] OneCardboardBox@lemmy.sdf.org 4 points 2 years ago (3 children)

Sorry, what's .Net again?

The runtime? You mean .Net, or .Net Core, or .Net Framework? Oh, you mean a web framework in .Net. Was that Asp.Net or AspNetcore?

Remind me why we let the "Can't call it Windows 9" company design our enterprise language?

Leica camera has built-in defense against misleading AI, costs $9,125 in c/technology@lemmy.world
[–] OneCardboardBox@lemmy.sdf.org 0 points 2 years ago (1 children)

I think that's not the problem that this technology is intended to solve.

It's not a "Is this picture copied from someone else?" technology. It's a "Did a human take this picture, and did anyone modify it?" technology.

Eg: Photographer Bob takes a picture of Famous Fiona driving her camaro and posts it online with this metadata. Attacker Andy uses photo editing tools to make it look like Fiona just ran over a child. Maybe his skills are so good that the edits are undetectable.

Andy has two choices: Strip the metadata, or keep it.

If Andy keeps the metadata, anyone looking at his image can see that it was originally taken by Bob, and that Fiona never ran over a child.

If Andy strips the metadata (and if this technology is widely accessible and accepted by social media, news sites, and everyday people) then anyone looking at the image can say "You can't prove this image was actually taken. Without further evidence I must assume that it's faked".

I think spinning this as a tool to fight AI is just clickbait because AI is hot in the news. It's about provenance and limiting misinformation.