FATA[0000] Error response from daemon: Cannot start container a788e23879a4257918008b62bd6bfdaceb69cb6364180d1259c1348df0a4bd91: failed to find the cgroup root

Today after a reboot on a fresh CentOS 6.6 docker host, the containers were failing to startup with the error message:

FATA[0000] Error response from daemon: Cannot start container xxxxxxx: failed to find the cgroup root

Fix seems simple enough, the cgroup services aren't running:

[[email protected] ~]# /etc/init.d/cgred status
cgred is stopped  
[[email protected] ~]# /etc/init.d/cgred start
Starting CGroup Rules Engine Daemon:                       [  OK  ]  
[[email protected] ~]# /etc/init.d/cgconfig status
Stopped  
[[email protected] ~]# /etc/init.d/cgconfig start
Starting cgconfig service:                                 [  OK  ]

[[email protected] ~]# /etc/init.d/docker restart
Stopping docker:                                           [  OK  ]  
Starting docker:                                       [  OK  ]

[[email protected] ~]# docker run ....

Now run your containers and you should be all good to go :)

Hope this may help someone who stumbles across this. Remember to enable the services so it doesn't happen on next reboot!

chkconfig cgconfig on  
chkconfig cgred on  

Docker is fun :)

Installing Google Music Manager on Fedora 21

If you're wondering why Google Music Manager isn't starting after you installed it from their website, here's the problem:

$ google-musicmanager 
/usr/bin/google-musicmanager: error while loading shared libraries: libQtWebKit.so.4: cannot open shared object file: No such file or directory

How to resolve it,

yum provides '*/libQtWebKit.so.4'  
Repo        : fedora  
Matched from:  
Filename    : /usr/lib/libQtWebKit.so.4  
Filename    : /usr/lib/sse2/libQtWebKit.so.4



qtwebkit-2.3.4-1.fc21.x86_64 : Qt WebKit bindings  
Repo        : fedora  
Matched from:  
Filename    : /usr/lib64/libQtWebKit.so.4



qtwebkit-2.3.4-1.fc21.i686 : Qt WebKit bindings  
Repo        : @fedora  
Matched from:  
Filename    : /usr/lib/libQtWebKit.so.4  
Filename    : /usr/lib/sse2/libQtWebKit.so.4

Solution:

sudo yum install qtwebkit qtwebkit-devel  

Now it should load for you :) Would be damn helpful if Google just included it as a dependency with the rpm..

However once it's loaded, the problems aren't gone yet. There seems to be ANOTHER bug, with actually getting it to load, the current workaround seems to be, empty your Music directory first (or choose an EMPTY directory) to first upload your files. Don't worry if it says it failed to upload or there are less than 10 songs in the directory. Follow through and then reopen it again, and finally it'll load what we wanted to see.

If you don't follow these steps, you'll find you can't open it again..

Finally, if it goes missing again, check your message icon tray as it's probably just minimized itself. Windows Key + M, and you'll see that tiny headphone icon tucked away in the bottom right corner.

Enjoy the music

My Fedora 21 Gaming Rig using VT-D and VFIO without compromise!!

Fedora 21 was released recently, and naturally it was a good excuse to buy a new gaming rig, am I right?

Previously, I was happy with gaming on Linux with my current favourite, Dota 2 but new games were coming out which I just wanted to try, but, winblows...

So here's how I got setup with a Windows 8 VM, with VT-D passthrough, with almost the same level of performance.

Hardware:

  • Asrock H97M PRO4 ($105)
    • Asrock has better "support" for Linux, where as the popular Asus will full shut you down if you mention Linux.
  • EVGA Geforce GTX 750TI ($169)
    • Best output display ports, and small form factor.
  • Intel i5-4590 ($249)
    • Best price per performance other than the G3258, but the i5 is required for Vt-D
  • Corsair CS550M 80+ Gold PSU ($119)
    • PSU is what you should never skimp on. The power savings of using a 80+ GOLD, will pay for itself after 2-3 years, so it's a no brainer..
  • Samsung 830 Series 128GB SSD (reused)
    • I reused the SSD from my old rig
  • Fractal Design Core 1100 Mini Tower Case ($54)
    • Nice small case which looks decent and was cheap, it's internals aren't that bad but cable management is a little annoying.
  • Kingston HyperX Fury Blue 1886Mhz Desktop Ram (4GBx2) ($95)
    • RAM is RAM now a days, but I definitely need another 8GB as VMs are memory intensive with their overhead. Note, the MB is 1600Mhz but the price for 1886Mhz is only $1 extra..

Total: $791 AUD (from MSY)

Here are just some of my own personal tweaks and package installation. After the Fedora 21 installer has finished (which btw, has improved a lot since 20 -- thank you!!)

sudo -i  
echo 'vm.swappiness = 10' >> /etc/sysctl.conf

yum -y update  
# Download Google Chrome here

sudo yum localinstall --nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm  -y

# Install packages
sudo yum update  -y  
sudo yum install python pyxdg pygobject2 pylast gstreamer-python notify-python dbus-python gstreamer1-plugins-good gstreamer1-plugins-bad-free gstreamer1-plugins-ugly gstreamer-plugins-good gstreamer-plugins-bad gstreamer-plugins-ugly python-setuptools python-distutils-extra git  -y  
sudo yum install nano tmux pithos  -y

# Enable TRIM
cat <<'EOF' > /etc/cron.daily/fstrim.sh  
#! /bin/sh  

# By default we assume only / is on an SSD. 
# You can add more SSD mount points, separated by spaces.
# Make sure all mount points are within the quotes. For example:
# SSD_MOUNT_POINTS='/ /boot /home /media/my_other_ssd'  

SSD\_MOUNT\_POINTS='/ /home'  

for mount_point in $SSD_MOUNT_POINTS  
do  
    fstrim $mount_point  
done  
EOF  
chmod +x /etc/cron.daily/fstrim.sh

# skype
sudo yum install lpf-skype  
lpf-skype  
sudo yum install alsa-plugins-pulseaudio.i686

# Use virt-preview for the latest goodies
cd /etc/yum.repos.d/  
wget http://fedorapeople.org/groups/virt/virt-preview/fedora-virt-preview.repo

yum update  
yum install @virtualization  

The magic begins here:

# Grab the EFI OVMF image
wget https://www.kraxel.org/repos/firmware.repo  
yum install edk2.git-ovmf-x64

# Give time for guests to shutdown when host is powering off
sed -i 's/#ON_SHUTDOWN=.*/ON_SHUTDOWN=shutdown/' /etc/sysconfig/libvirt-guests  
systemctl enable libvirt-guests  
systemctl enable libvirtd

# Note down the PCI numbers [xxxx:xxxx] of the NVIDIA cards
lspci -vvvvv  
lspci -nn

yum -y install nano  
nano /etc/default/grub  

Append to the end of the line: GRUB_CMDLINE_LINUX with:

intel_iommu=on pci-stub.ids=10de:1380,10de:0fbc,8086:0c0c,8086:8ca0  

Note, these values would come from the above lspci commands, they are comma seperated. I took all the NVIDIA ones. What this does, is prevents the host machine (Fedora 21) from claiming these PCI devices, leaving them "hanging" for our VM to later claim them.

YOURS WILL BE DIFFERENT

Now regenerate grub2 config, note EFI, if you didn't install with EFI, then it'll be in a different location (/boot/grub.cfg ?)

grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

reboot

Create a copy of our OVMF efi image.

cp /usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd /var/lib/libvirt/images/win8-OVMF.fd  
restorecon -r /var/lib/libvirt/images/win8-OVMF.fd  
chmod 755 /var/lib/libvirt/images/win8-OVMF.fd  

When you've booted back up, fire up virt-manager (it's gotten better, trust me). Now create a VM and add the PCI cards (all NVIDIA devices), USB keyboard, Mouse etc.

Attach the firmware file as a USB device so selinux labels it correctly (/var/lib/libvirt/images/win8-OVMF.fd). I couldn't find any other way to relabel it correctly as they seem to be assigned per VM.

Attach virtio drivers as CD disk, you can find these here http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/

Now we stopped our VM earlier because we wanted to make a few modifications with can't be done through virt-manager

virsh edit xyz


# Append the following sections (between the ...).
<domain type='kvm'>  
  <features>
    ...
    <kvm>
      <hidden state='on'/>
    </kvm>
    ...
  </features>
 ...
  <os>
    ...
    <loader type='pflash'>/var/lib/libvirt/images/win8-OVMF.fd</loader>
  </os>

# Make sure CPU mode is host-passthrough and the topology is the same.
<cpu mode='host-passthrough'/>  
   <topology sockets='1' cores='4' threads='1'/>
</cpu>

# Remove these lines
    <hyperv>
      <relaxed state='on'/>
      <vapic state='on'/>
      <spinlocks state='on' retries='8191'/>

    </hyperv>

# Remove hypervclock

  <clock offset='localtime'>
    ...
    <timer name='hypervclock' present='yes'/>
    ...
  </clock>

These edits load up our EFI OVMF image as our bios loader, allowing us to passthrough our NVIDIA card without gimping our own host PC's performance. More info at this amazing blog site http://vfio.blogspot.com.au/2014/08/primary-graphics-assignment-without-vga.html

Finally, the other changes allow us to bypass the stupid Nvidia's ignorence that blocks the Nvidia drivers from being loaded if it detects that your running it in a VM.

Now fire up the VM through virt manager, attaching your Winblows ISO and watch as it speeds through the install (if you're on an SSD) and get gaming friends!!

Two major issue I noticed, which seems they may be linked is 8GB ram is just not enough. Right now, it's out of my budget to upgrade with another 8GB, but unless your host is running nothing, you may find even if you allocated 4GB to your guest (windows 8), it may end up using close to 6GB~. If the host is running some memory hungry application like Chrome, it'll start hitting swap space, which has negative effects on your VMs performance. I'm not sure if they may be linked, but the other issue is I'm noticing horrible artifacts appearing in my games after about 60-90 minutes of game play. When I'm not hitting swap space, it doesn't seem to happen (so far).

Hope this helps..

If you want to read more, and haven't already gone to playing games. This site has so much interesting read, you'll be stuck there a few hours http://vfio.blogspot.com.au/

My standing desk, one year later. Now 2015 man cave..

So it seems everytime people come to visit my place, there's a comment about my desk and the mandatory 2 minutes of staring followed by 8 minutes of questions. Here's a snapshot of what it looks like now, at Novemember 2014

It's a work in progress ever since I decided to try the concept early 2014. I think my main motivation was my Officeworks leather chair had started to lose it's padding and I felt my buns starting to get sore sitting all day and my lower back always felt weak. But rather than being any other normal person and going out on the hunt for a new chair - well I stumbled upon the concept of standing desk and felt the urge to do it. Now if you know me, if there's something I want, I will get it... eventually, plus I was bored...

What I used:

  • 3x IKEA Black Lack Table, same ones used for the LackRack ($7 each).
  • 2x IKEA RAST Bedside table, one for keyboard and mouse. Second for vesa mount ($15 each)
  • 1x Vesa Mount Stand (2 monitor stand for $50)
  • Mikrotik RB2011UAS-RM ($1xx from Duxtel)
  • 2x Wood planks, various sizes (Few bucks from Bunnings)
  • Large Standing Mat from Imagemats ($50~)

Original Standing Desk

2014 Standing (Post VESA mount install), the three phone books served me well! On the left, were some boxes to prop up my Thinkpad Yoga which connected to the One Link dock.

I used the three Lack tables, stacked up on top of my old long traditional wood table. I actually bought a table top piece from the IKEA "as-is" section, and combined placed it ontop of two smaller tables to give me a total of 2 meters of desk space.

For the monitor stands, I didn't trust the cardboardy Lack tables to mount my two brand new IPS screens (not in above image), so using one of the RAST bedside tables, a more solid feeling construction, along with a plank of wood to give the stand more to grip, this gave me more table space for storage, phones, HDDs etc.

The second RAST table, I put face down as a base for my keyboard and mouse. This is so useful, because I often found myself leaning against it, and it feels so sturdy and solid.

The other bits and pieces, you can see my Mikrotik rooter sits snuggly in between the legs, no screws at all. It just sits there because it's so damn light. Finally, the standing mat is a MUST have, if you don't have one, you'll give up. Trust me, it's worth the investment, don't skimp on a cheap low quality one.

2015 - Man Cave

So this is my setup now, for the new year, after 1 full week of cleaning up and multiple vists to the recycling center (there was too much crap for hard rubbish).

Standing Desk 2015

2015 Standing

New Things:

  • Dicksmith 40" TV (Discounted for $219)
  • Chromecast (Got it free with the Moto G 2nd gen I bought for my mum)

Other than the TV, I just rearranged my area and merged it with my workoutspace to create a more relaxed environment. I've now replaced my Laptop with a more powerful desktop where I had fun with VT-D and creating a winblows VM for gaming. I'm happy with Dota 2 on linux, but the variety on Winblows is nice. Plus, with the use of a simple xrandr script, I can very easily switch between my standing desk and a chair without the hassle of changing too much. Right now, one script and the input button on my monitor. More on my VT-D fun soon!

Hope this inspires someone to try a standing desk in the new year, I've found my lower back has improved dramatically and I can finally get back to running instead of just cycling.

Happy New Year!

OpenShift in Australia with AusNimbus

Platform as a Service is growing in demand, over the new year holidays we finally had the time to finish our website after months of private beta.

Check it out, AusNimbus has finally got a website and accepting public signup with a 7 day free trial.

When you signup you'll find a complete different experience if you've been using OpenShift Online, as we've done a full design overhall including integrated domain registration and management included as part of the service. Which means you can register, create and manage your domain and application all from one place.

Pricing starts from $10 AUD/month for standard gears, billed per hour. This includes 512 RAM + 1GB SSD Storage.

Installing PositiveSSL on Apache (and on AWS cloudfront)

PositveSSL is that cheap SSL cert which we all get for peanuts from Namecheap, there's no shame in hiding that. However, installing it properly always seems to be misguided and Comodo's website is just horrible...

Here's all you need to do. Your zip file should contain four .crt files:

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • domain.crt

For browers to trust you properly, you need to provide the intermediate certificate WITH your certificate. Putting it in just the chain seems to not be enough, so your cert AND chain file should end up being this combined.crt

cat domain.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > combined.crt

Note, AddTrustExternalCARoot.crt is not recommended to be included.

So finally, our Apache config should be something like:

  SSLCertificateFile /etc/pki/tls/certs/combined.crt
  SSLCertificateKeyFile /etc/pki/tls/private/domain.key
  SSLCertificateChainFile /etc/pki/tls/certs/combined.crt

You'll probably want to do your own research to determine the ideal cipher methods too.

Hope that helped some of you, as I spent a bit of time puzzled why many people were giving the wrong steps.

When in doubt, this site is the best to verify you have anything setup properly:
https://ssltools.geotrust.com/checker/views/certCheck.jsp

Happy New Year!

UPDATE:

If you try this method on AWS, it will error back with something like:

A client error (MalformedCertificate) occurred when calling the UploadServerCertificate operation: Unable to validate certificate chain. The certificate chain must start with the immediate signing certificate, followed by any intermediaries in order. The index within the chain of the invalid certificate is: -1  

To get it working with AWS, it expects a PEM format and the SSLCertificate to be by itself. So this should get you fixed up:

(openssl x509 -inform PEM -in COMODORSADomainValidationSecureServerCA.crt; openssl x509 -inform PEM -in COMODORSAAddTrustCA.crt) > ca.crt

Then:

aws iam upload-server-certificate --server-certificate-name www.domain.com.au --certificate-body file:////domain_com_au.crt --private-key file:///domain_com_au.key --certificate-chain file:///ca.crt --path /cloudfront/www.domain.com.au/