update

2021-06-06 21:56:40 +09:00 · 2021-06-06 21:56:40 +09:00 · 4e9aacfab8
commit 4e9aacfab8
parent 02b0c290ae
3 changed files with 202 additions and 51 deletions
--- a/source/_posts/2017/x11forward.md
+++ b/source/_posts/2017/x11forward.md
@ -4,7 +4,7 @@ date: 2017-06-16 00:00:00 +09:00
 redirect_from: "/blog/2017/06/16/x11forward"
 ---

-![x11-plot.png](/uploads/x11-plot.png)
+![](/uploads/x11-plot.png)

 # Installation

--- a/source/_posts/2021/installing-arch-linux.md
+++ b/source/_posts/2021/installing-arch-linux.md
@ -11,14 +11,7 @@ This note includes all commands I typed when I set up Arch Linux on my new bare
 - Outstanding community efforts to maintaining package registry
 - Well organized wiki resources

-# Useful links
-
- [General recommendations](https://wiki.archlinux.org/index.php/General_recommendations#Users_and_groups)
- [System maintenance](https://wiki.archlinux.org/index.php/System_maintenance)
- [Improving performance](https://wiki.archlinux.org/index.php/Improving_performance#Know_your_system)
- [Benchmarking - ArchWiki](https://wiki.archlinux.org/index.php/Benchmarking)
-
-# Provisioning
+# Setup

 ## wipe whole disk

@ -59,7 +52,8 @@ mount /dev/sda1 /mnt/boot
 ```bash
 reflector -f 10 --latest 30 --protocol https --sort rate --save /etc/pacman.d/mirrorlist # optimize mirror list

-pacstrap /mnt base linux linux-firmware vim man-db man-pages git informant
+# choose between 'linux' or 'linux-lts'
+pacstrap /mnt base linux linux-firmware
 # base-devel need to be included as well?
 genfstab -U /mnt >> /mnt/etc/fstab
 arch-chroot /mnt
@ -70,6 +64,8 @@ pacman -Syu # upgrade
 pacman -Qe # list explicitly installed pkgs
 pacman -Rs # remove pkg and its deps
 pacman -Qtd # list orphans
+
+pacman -S man-db man-pages git informant
 ```

 ## bootloader
@ -80,9 +76,15 @@ pacman -S \
  efibootmgr \
  amd-ucode # AMD microcode
 grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
+
+vim /etc/default/grub
+# GRUB_TIMEOUT=3
+# GRUB_DISABLE_SUBMENU=y
 grub-mkconfig -o /boot/grub/grub.cfg
 ```

+- [GRUB/Tips and tricks - ArchWiki](https://wiki.archlinux.org/title/GRUB/Tips_and_tricks)
+
 ## NTP

 ```bash
@ -214,8 +216,9 @@ passwd uetchy # change local user password
 userdbctl # verify users

 pacman -S sudo
-echo "%sudo ALL=(ALL) NOPASSWD:/usr/bin/pacman" > /etc/sudoers.d/pacman # allow pacman without password
+echo "%sudo ALL=(ALL) NOPASSWD:/usr/bin/pacman" > /etc/sudoers.d/pacman # allow users in sudo group to run pacman without password (optional)
 usermod -aG sudo uetchy # add local user to sudo group
+visudo -c
 ```

 ## ssh
@ -250,14 +253,12 @@ reboot

 # Additional setup

-## GPGPU
+## nvidia

 ```bash
-pacman -S nvidia
+pacman -S nvidia # 'nvidia-lts' for linux-lts
 cat /var/lib/modprobe.d/nvidia.conf # ensure having 'blacklist nouveau'

-yay -S cuda-10.2 cudnn7-cuda10.2 # match the version number
-
 nvidia-smi # test runtime
 ```

@ -272,9 +273,10 @@ yay -S nvidia-container-runtime

 ```json /etc/docker/daemon.json
 {
-  "log-driver": "journald",
+  "log-driver": "json-file",
  "log-opts": {
-    "tag": "{{.ImageName}}/{{.Name}}/{{.ID}}"
+    "max-size": "10m", // default: -1 (unlimited)
+    "max-file": "3" // default: 1
  },
  "exec-opts": ["native.cgroupdriver=systemd"], // for kubernetes
  "runtimes": {
@ -293,9 +295,24 @@ systemctl enable --now docker
 groupadd docker
 usermod -aG docker user

-docker run --rm -it --gpus all nvidia/cuda:10.2-cudnn7-runtime
+GPU_OPTS=(--gpus all --device /dev/nvidia0 --device /dev/nvidiactl --device /dev/nvidia-modeset --device /dev/nvidia-uvm --device /dev/nvidia-uvm-tools)
+docker run --rm -it ${GPU_OPTS} nvidia/cuda:10.2-cudnn7-runtime nvidia-smi
+docker run --rm -it ${GPU_OPTS} tensorflow/tensorflow:1.14.0-gpu-py3 bash
 ```

+### Use `journald` log driver in Docker Compose
+
+```yaml
+services:
+  web:
+    logging:
+      driver: "journald"
+      options:
+        tag: "{{.ImageName}}/{{.Name}}/{{.ID}}" # default: "{{.ID}}"
+```
+
+- [Configure logging drivers | Docker Documentation](https://docs.docker.com/config/containers/logging/configure/)
+
 ## Telegraf

 ```bash
@ -309,6 +326,10 @@ telegraf  ALL=(root) NOEXEC: NOPASSWD: FAIL2BAN
 Defaults!FAIL2BAN !logfile, !syslog, !pam_session
 ```

+```bash
+chmod 440 /etc/sudoers.d/telegraf
+```
+
 ## fail2ban

 ```
@ -390,6 +411,10 @@ smartctl -l selftest /dev/sdc

 ## backup

+```bash
+pacman -S borg
+```
+
 ```ini /etc/backups/borg.service
 [Unit]
 Description=Borg Daily Backup Service
@ -455,9 +480,12 @@ echo "Starting backup for $DATE"

 echo "# system"
 borg create $BORG_OPTS \
-  --exclude /root/.cache \
  --exclude /var/cache \
  --exclude /var/lib/docker/devicemapper \
+  --exclude /root/.cache \
+  --exclude /root/.pyenv \
+  --exclude /root/.vscode-server \
+  --exclude /root/.local/share/TabNine \
  --exclude 'sh:/home/*/.cache' \
  --exclude 'sh:/home/*/.cargo' \
  --exclude 'sh:/home/*/.pyenv' \
@ -472,12 +500,25 @@ borg create $BORG_OPTS \
  --exclude 'sh:/mnt/data/nextcloud/appdata_*/preview' \
  --exclude 'sh:/mnt/data/nextcloud/appdata_*/dav-photocache' \
  $TARGET::'{hostname}-data-{now}' \
-  /mnt/data /mnt/ftl
+  /mnt/data
+
+echo "# archive"
+borg create $BORG_OPTS \
+  $TARGET::'{hostname}-archive-{now}' \
+  /mnt/archive
+
+echo "# ftl"
+borg create $BORG_OPTS \
+  $TARGET::'{hostname}-ftl-{now}' \
+  /mnt/ftl

 echo "Start pruning"
-BORG_PRUNE_OPTS="--list --stats --keep-daily 7 --keep-weekly 3 --keep-monthly 3"
-borg prune $BORG_PRUNE_OPTS --prefix '{hostname}-system-' $TARGET
-borg prune $BORG_PRUNE_OPTS --prefix '{hostname}-data-' $TARGET
+BORG_PRUNE_OPTS_NORMAL="--list --stats --keep-daily 7 --keep-weekly 3 --keep-monthly 2"
+BORG_PRUNE_OPTS_LESS="--list --stats --keep-daily 3 --keep-weekly 1 --keep-monthly 1"
+borg prune $BORG_PRUNE_OPTS_NORMAL --prefix '{hostname}-system-' $TARGET
+borg prune $BORG_PRUNE_OPTS_NORMAL --prefix '{hostname}-archive-' $TARGET
+borg prune $BORG_PRUNE_OPTS_LESS   --prefix '{hostname}-data-' $TARGET
+borg prune $BORG_PRUNE_OPTS_LESS   --prefix '{hostname}-ftl-' $TARGET

 echo "Completed backup for $DATE"

@ -512,9 +553,8 @@ kubectl get pods -A
 kubectl get cm -n kube-system kubeadm-config -o yaml
 ```

-[Kubernetes - ArchWiki](https://wiki.archlinux.org/index.php/Kubernetes)
-
-[Kubernetes Ingress Controller with NGINX Reverse Proxy and Wildcard SSL from Let's Encrypt - Shogan.tech](https://www.shogan.co.uk/kubernetes/kubernetes-ingress-controller-with-nginx-reverse-proxy-and-wildcard-ssl-from-lets-encrypt/)
+- [Kubernetes - ArchWiki](https://wiki.archlinux.org/index.php/Kubernetes)
+- [Kubernetes Ingress Controller with NGINX Reverse Proxy and Wildcard SSL from Let's Encrypt - Shogan.tech](https://www.shogan.co.uk/kubernetes/kubernetes-ingress-controller-with-nginx-reverse-proxy-and-wildcard-ssl-from-lets-encrypt/)

 ## certs

@ -562,42 +602,152 @@ WantedBy=timers.target

 ```bash
 pacman -S alsa-utils # maybe requires reboot
-arecord -L # list devices
+usermod -aG audio uetchy
+
+# list devices as root
+aplay -l
+arecord -L
+cat /proc/asound/cards
+
+# test speaker
+speaker-test -c2
+
+# test mic
+arecord -vv -Dhw:2,0 -fS32_LE mic.wav
+aplay mic.wav
+
+# gui mixer
+alsamixer
+
+# for Mycroft.ai
+pacman -S pulseaudio pulsemixer
+pulseaudio --start
+pacmd list-cards
+```
+
+```conf /etc/pulse/default.pa
+# INPUT/RECORD
+load-module module-alsa-source device="default" tsched=1
+# OUTPUT/PLAYBACK
+load-module module-alsa-sink device="default" tsched=1
+# Accept clients -- very important
+load-module module-native-protocol-unix
+load-module module-native-protocol-tcp
 ```

 ```conf /etc/asound.conf
-pcm.m96k {
+pcm.mic {
  type hw
  card M96k
  rate 44100
  format S32_LE
 }

-pcm.!default {
+pcm.speaker {
  type plug
-  slave.pcm "m96k"
+  slave {
+    pcm "hw:1,0"
+  }
 }
+
+pcm.!default {
+  type asym
+  capture.pcm "mic"
+  playback.pcm "speaker"
+}
+
+#defaults.pcm.card 1
+#defaults.ctl.card 1
 ```

-```
-arecord -vv /dev/null # test mic
-alsamixer # gui mixer
-```
-
+- [PulseAudio as a minimal unintrusive dumb pipe to ALSA](https://wiki.archlinux.org/title/PulseAudio/Examples#PulseAudio_as_a_minimal_unintrusive_dumb_pipe_to_ALSA)
 - [SoundcardTesting - AlsaProject](https://www.alsa-project.org/main/index.php/SoundcardTesting)
 - [Advanced Linux Sound Architecture/Troubleshooting - ArchWiki](https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture/Troubleshooting#Microphone)
 - [ALSA project - the C library reference: PCM (digital audio) plugins](https://www.alsa-project.org/alsa-doc/alsa-lib/pcm_plugins.html)
+- [Asoundrc - AlsaProject](https://www.alsa-project.org/wiki/Asoundrc)

 # Maintenance

+## system healthcheck
+
 ```bash
-systemctl --failed
-free -h
-htop
-lsblk -f
-nvidia-smi
-iotop
-sensors
-journalctl -p err
-networkctl status
+systemctl --failed # show failed units
+free -h # show memory usage
+lsblk -f # show disk usage
+networkctl status # show network status
+userdbctl # show users
+nvidia-smi # verify nvidia cards
+htop # show task overview
+neofetch # show system info
 ```
+
+## analyzing logs
+
+```bash
+journalctl -p err -b-1 -r # show error logs from previous boot in reverse order
+journalctl CONTAINER_NAME=service_web_1 # show error from docker container named 'service_web_1'
+journalctl -u docker -f # tail docker logs
+```
+
+# Common Issues
+
+## Longer SSH login (D-bus glitch)
+
+```bash
+systemctl restart systemd-logind
+systemctl restart polkit
+```
+
+- [A comprehensive guide to fixing slow SSH logins – JRS Systems: the blog](https://jrs-s.net/2017/07/01/slow-ssh-logins/)
+
+## Annoying `systemd-homed is not available` log messages
+
+Move `pam_unix` before `pam_systemd_home`.
+
+```ini /etc/pam.d/system-auth
+#%PAM-1.0
+
+auth       required                    pam_faillock.so      preauth
+# Optionally use requisite above if you do not want to prompt for the password
+# on locked accounts.
+auth       [success=2 default=ignore]  pam_unix.so          try_first_pass nullok
+-auth      [success=1 default=ignore]  pam_systemd_home.so
+auth       [default=die]               pam_faillock.so      authfail
+auth       optional                    pam_permit.so
+auth       required                    pam_env.so
+auth       required                    pam_faillock.so      authsucc
+# If you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures.
+
+account    [success=1 default=ignore]  pam_unix.so
+-account   required                    pam_systemd_home.so
+account    optional                    pam_permit.so
+account    required                    pam_time.so
+
+password   [success=1 default=ignore]  pam_unix.so          try_first_pass nullok shadow
+-password  required                    pam_systemd_home.so
+password   optional                    pam_permit.so
+
+session    required                    pam_limits.so
+session    required                    pam_unix.so
+session    optional                    pam_permit.so
+```
+
+- [[solved] pam fails to find unit dbus-org.freedesktop.home1.service / Newbie Corner / Arch Linux Forums](https://bbs.archlinux.org/viewtopic.php?id=258297)
+
+## Annoying systemd-journald-audit log
+
+```ini /etc/systemd/journald.conf
+Audit=no
+```
+
+## Missing `/dev/nvidia-{uvm*,modeset}`
+
+This occurs after updating linux kernel. Simply reinstall `nvidia-container-toolkit`.
+
+# Useful links
+
+- [General recommendations](https://wiki.archlinux.org/index.php/General_recommendations#Users_and_groups)
+- [System maintenance](https://wiki.archlinux.org/index.php/System_maintenance)
+- [Improving performance](https://wiki.archlinux.org/index.php/Improving_performance#Know_your_system)
+- [Benchmarking - ArchWiki](https://wiki.archlinux.org/index.php/Benchmarking)
--- a/source/_posts/2021/server-2020.md
+++ b/source/_posts/2021/server-2020.md
@ -40,17 +40,18 @@ Arch Linux のセットアップは[個別に記事](https://uechi.io/blog/insta

 # パーツ選定時のポイント

- パーツ購入前に [Linux Hardware Database](https://linux-hardware.org/) を見て、インストールする予定の Linux ディストリと相性が良いかチェックする
+- [PCPartPicker](https://jp.pcpartpicker.com/)でパーツのコスト計算をする
 - [Bottleneck Calculator](https://pc-builds.com/calculator/)で CPU と GPU の組み合わせを選び、そのうちどちらが性能のボトルネックになるか調べる
 - [UserBenchmark](https://www.userbenchmark.com/)でユーザーが投稿したベンチマーク結果を眺める
+- パーツ購入前に [Linux Hardware Database](https://linux-hardware.org/) を見て、インストールする予定の Linux ディストリと相性が良いかチェックする
 - CPU クーラーは大口径の方が静か
 - メモリはデュアルチャンネルによる高速化を目指し 2 枚構成にする
 - PSU は Seasonic が評判良い
 - 東芝 D01 が HGST の系譜
- [B550](https://www.amd.com/en/chipsets/b550) は長期運用に向いている
+- [B550](https://www.amd.com/en/chipsets/b550) は長期運用に向いている（らしい）
  - B520 は廉価版
 - TSUKUMO eX. の自作 PC コーナーのスタッフはガチ勢なので信頼できる
-  - 不明な部分があれば根掘り葉掘り聞きましょう
+  - 不明な部分があれば根掘り葉掘り聞く

 # 組立ての勘所

@ -58,10 +59,10 @@ Arch Linux のセットアップは[個別に記事](https://uechi.io/blog/insta
  - [MemTest86](https://www.memtest86.com/)でメモリの動作テスト
  - USB ブートで OS の起動確認
 - Ethernet が死んでいる場合は USB-Ethernet アダプターでまずネットを確保する
-  - マザボまたはアダプターメーカーからアップデートを探す
-  - ほとんどの場合 Linux カーネルのバージョンを上げると直る
+  - ほとんどの場合 Linux カーネルのバージョンを上げると（デバイスドライバーも新しくなり）直る
+    - Arch Linux の場合: `linux-lts`が駄目なら`linux`に切り替えて試す
    - Ubuntu の場合: [kernel.ubuntu.com](https://kernel.ubuntu.com/~kernel-ppa/mainline/?C=N;O=D) から探してアップデートする（[https://itsfoss.com/upgrade-linux-kernel-ubuntu/](https://itsfoss.com/upgrade-linux-kernel-ubuntu/)）
-    - Arch Linux の場合: 常に最新なので問題無い
+  - 駄目ならマザボまたはアダプターメーカーからアップデートを探す
 - 安い筐体のネジは柔いことがあるため、強く押し込みながら少しずつ回す
  - 山が潰れてきたらゴムシートを挟む
- すべて動いたら、[Probe を送信](https://linux-hardware.org/index.php?view=howto)してデータベースに貢献しましょう
+- すべて動いたら、[Probe を送信](https://linux-hardware.org/index.php?view=howto)してデータベースに貢献