Administration

Misc information for SSC Administrators.

Load Admin Tools:

source "${SF_BASEDIR:-/sf}/sfbin/funcs_admin.sh"

Reset a messed up docker/overlay2:

systemctl stop docker
docker rm -vf $(docker ps -aq)
docker rmi -f $(docker images -aq)
docker volume prune -f
systemctl start docker

(to free enough space docker rmi -f sf-guest is normally sufficient)

Enlarge XFS (AWS):

xfs_growfs -d /sf

Quick Traffic Rate check:

iftop -BnN -f "not host ${SSH_CONNECTION%% *}" # then press 's' and 't'

iptstate -ftLR 10

---

It is possible to enable logging. We must at all cost protect the user's privacy. Logging is forced to memory only and we do not log anything from the user's root server. Logging is disabled by default but can be enabled like so:

cd /dev/shm/sf-u1000/run/
mkdir logs
touch logs/segfault.log ; chown 1000:1000 logs/segfault.log

(the logs are to errors happening inside the sf-host container).

---

Update & restart just 1 container

SF_REDIS_AUTH=$(echo -n "Redis AUTH ${SF_SEED:?}" | sha512sum | base64 -w0)
SF_REDIS_AUTH="${SF_REDIS_AUTH//[^[:alnum:]]}"
SF_REDIS_AUTH="${SF_REDIS_AUTH:0:32}"
export SF_REDIS_AUTH
SF_SEED=$SF_SEED docker-compose build tor
SF_SEED=$SF_SEED docker-compose up -d --no-deps tor

---

Check CGROUP stats:

systemd-cgtop

List all guest processes:

systemctl status sf_guest.slice

List processes for $LID

systemctl status docker-"$(docker inspect --format='{{.Id}}' "$LID")".scope

Display cgroup for a pid

cat /proc/PID/cgroup

List all cgroups on the system

ps xawf -eo pid,user,cgroup,args

---

Firewall an IP

iptables -I FORWARD -p tcp --dport 22 -s 46.106.190.5 -j DROP

Delete all rules

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -F 
iptables -X 
iptables -Z 
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F
iptables -t raw -X

tcpdump -n -i ens5 'tcp[tcpflags] & tcp-syn != 0 and tcp[tcpflags] & tcp-ack == 0' and port 22

---

Common startup problems: