Convert flac audio to ogg/mp3

Use GNU parallel and fmpeg command for convert flac audio files

Install need packages
apt install -y parallel ffmpeg

Convert to OGG
parallel ffmpeg -y -i {} -q:a 5 -map_metadata 0 -id3v2_version 3 {.}.ogg ::: **/*.flac

Conver to MP3
parallel ffmpeg -y -i {} -q:a 0 -map_metadata 0 -id3v2_version 3 {.}.mp3 ::: **/*.flac

Safely remove SATA disk from a running Linux system

Stop using the disk for anything. Then unmounted any file systems on the disk.

sudo umount ...

Deactivate any LVM groups.

sudo vgchange -an

Prevent disk damage with stop system using disk.

echo 1 | sudo tee /sys/block/{disk}/device/delete

Once you’ve done that, it should be safe to unplug SATA disk from running system.

echo 1 | sudo tee /sys/block/{disk}/device/rescan

Update CentOS kernel for deploy Google BBR

BBR (Bottleneck Bandwidth and RTT) is a new congestion control algorithm which is contributed to the Linux kernel TCP stack by Google. With BBR in place, a Linux server can get significantly increased throughput and reduced latency for connections. Besides, it’s easy to deploy BBR because this algorithm requires only updates on the sender side, not in the network or on the receiver side.

Continue reading “Update CentOS kernel for deploy Google BBR”

Kernel tuning for linux server

Kernel sysctl configuration file for Linux

The following is suitable for dedicated web server, mail, file server etc.
place file in /etc/sysctl.d/60-zercle.conf
and run sysctl --system

# Kernel sysctl configuration file for Linux
# https://www.kernel.org/doc/Documentation/sysctl/
#
# Original by Michiel Klaver <https://klaver.it/linux/sysctl.conf>
# Modify by Kawin Viriyaprasopsook <[email protected]>
#
# The following is suitable for dedicated web server, mail, file server, KVM server etc.
# place file in /etc/sysctl.d/60-sysctl.conf
# and run sysctl –system
# ——————————————————————–
# System options
# ——————————————————————–
# Controls IP packet forwarding (Default 0 but docker,vpn,router server must set to 1)
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0
# Addresses of mmap base, heap, stack and VDSO page are randomized
kernel.randomize_va_space = 2
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Allow for more PIDs
kernel.pid_max = 65535
# Changing Semaphore Limits
kernel.msgmni = 1024
kernel.sem = 250 256000 32 1024
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65535
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65535
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 268435456
# Keep at least 64MB of free RAM space available
vm.min_free_kbytes = 65535
# Controls source route verification
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.default.rp_filter = 2
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Discourage Linux from swapping idle server processes to disk (default = 60)
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
# RFC 1337 fix
net.ipv4.tcp_rfc1337 = 1
# Tweak how the flow of kernel messages is throttled.
#kernel.printk_ratelimit_burst = 10
#kernel.printk_ratelimit = 5
# ——————————————————————–
# The following allow the server to handle lots of connection requests
# ——————————————————————–
# See also http://www.nateware.com/linux-network-tuning-for-2013.html for
# an explanation about some of these parameters, and instructions for
# a few other tweaks outside this file.
# Protection from SYN flood attack.
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
# Increase number of incoming connections that can queue up
# before dropping
net.core.somaxconn = 32768
# Handle SYN floods and large numbers of valid HTTPS connections
# https://shehab.tech/
net.ipv4.tcp_max_syn_backlog = 4096
# Increase the length of the network device input queue
net.core.netdev_max_backlog = 16384
# Increase system file descriptor limit so we will (probably)
# never run out under lots of concurrent requests.
# (Per-process limit is set in /etc/security/limits.conf)
fs.file-max = 209708
# Widen the port range used for outgoing connections
net.ipv4.ip_local_port_range = 1024 65535
# Increasing the amount of inotify watchers
fs.inotify.max_user_watches = 524288
# ——————————————————————–
# The following help the server efficiently pipe large amounts of data
# ——————————————————————–
# Disable source routing and redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
# Avoid falling back to slow start after a connection goes idle
# keeps our cwnd large with the keep alive connections (kernel > 3.6)
net.ipv4.tcp_slow_start_after_idle = 0
# Controls TCP Packetization-Layer Path MTU Discovery
net.ipv4.tcp_mtu_probing = 1
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_timestamps, accurate timestamp make TCP congestion control algorithms work better
net.ipv4.tcp_timestamps = 1
# Enable the TCP selective acks option for better throughput
net.ipv4.tcp_sack = 1
# Change Congestion Control
# Use BBR TCP congestion control and set tcp_notsent_lowat to 16384 to ensure HTTP/2 prioritization works optimally
# Do a 'modprobe tcp_bbr' first (kernel > 4.9)
# Fall-back to htcp if bbr is unavailable (older kernels)
net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_congestion_control = bbr
net.core.default_qdisc = fq
# bbr + fq_codel for kernel >= 4.13
#net.core.default_qdisc = fq_codel
net.ipv4.tcp_notsent_lowat = 16384
# Increase the maximum amount of option memory buffers
net.core.optmem_max = 65535
# Increase Linux autotuning TCP buffer limits
# Set max to 16MB (16777216) for 1GE and 32M (33554432) or 54M (56623104) for 10GE
# Don't set tcp_mem itself! Let the kernel scale it based on RAM.
# Increase the read-buffer space allocatable
net.ipv4.tcp_rmem = 8192 87380 33554432
net.ipv4.udp_rmem_min = 16384
net.core.rmem_default = 262144
net.core.rmem_max = 33554432
# Increase the write-buffer-space allocatable
net.ipv4.tcp_wmem = 8192 65536 33554432
net.ipv4.udp_wmem_min = 16384
net.core.wmem_default = 262144
net.core.wmem_max = 33554432
# If your servers talk UDP, also up these limits
net.ipv4.udp_rmem_min = 16384
net.ipv4.udp_wmem_min = 16384
# ——————————————————————–
# The following allow the server to handle lots of connection churn
# ——————————————————————–
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000
# Timeout broken connections faster (amount of time to wait for FIN)
net.ipv4.tcp_fin_timeout = 7
# Try to reuse time-wait connections, but don't recycle them (recycle can break clients behind NAT)
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
# Decrease the time default value for connections to keep alive
# Disconnect dead TCP connections after 600+(60*10) seconds
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 60
net.ipv4.tcp_keepalive_intvl = 10
# This will enusre that immediatly subsequent connections use the new values
net.ipv4.route.flush = 1
net.ipv6.route.flush = 1

view raw
60-zercle.conf
hosted with ❤ by GitHub

[Workaround] Override docker systemd service

Make config directory for docker service

mkdir -p /etc/systemd/system/docker.service.d/

Add config file for override etc. /etc/systemd/system/docker.service.d/host.conf

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd

Reload systemd

systemctl daemon-reload

Then can use host directive in /etc/docker/daemon.json

{
        "hosts":["unix:///var/run/docker.sock", "tcp://0.0.0.0:2376"],
        "dns": ["8.8.8.8", "1.1.1.1"],
        "tlsverify": true,
        "tls": true,
        "tlscacert": "/etc/ssl/private/docker/docker-ca.pem",
        "tlscert": "/etc/ssl/private/docker/server-cert.pem",
        "tlskey": "/etc/ssl/private/docker/server-key.pem"
}

Use LZ4 with tar for compress multiple directories

lz4 is an extremely fast lossless compression algorithm, based on byte-aligned LZ77 family of compression scheme. lz4 offers compression speeds of 400 MB/s per core, linearly scalable with multi-core CPUs. It features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limit on multi-core systems. The native file format is the .lz4 format. But lz4 accept input with files only if want to compress directory we need to tar them into tar files before compress it.

First install lz4

apt install liblz4-tool

Then compress it

tar cf - dir1 dir2 dir3 dirX | lz4 -v > file_name.tar.lz4
OR
tar cf - dir_pattern* | lz4 -v > file_name.tar.lz4

Finally decompress it

lz4 -d -v file_name.tar.lz4 | tar xf - -C /target/directory

For backup disk image

sudo bash -c "pv /dev/{disk} | lz4 > backup.img.lz4"

For restore disk image

sudo lz4 -d -c -v backup.img.lz4 > /dev/{disk}

Workaround openmediavault python 3.5 weakref.py error

When you update or install something in openmediavault 4.x and saw theses

Exception ignored in: <function WeakValueDictionary.__init__.<locals>.remove at 0x7fb7d2d82730>
Traceback (most recent call last):
  File "/usr/lib/python3.5/weakref.py", line 117, in remove
TypeError: 'NoneType' object is not callable
Exception ignored in: <function WeakValueDictionary.__init__.<locals>.remove at 0x7fb7d2d82730>
Traceback (most recent call last):
  File "/usr/lib/python3.5/weakref.py", line 117, in remove
TypeError: 'NoneType' object is not callable

You can workaround it with

curl -L https://raw.githubusercontent.com/python/cpython/3.5/Lib/weakref.py > /usr/lib/python3.5/weakref.py

 

 

Thailand ISP’s DNS

AIS
Preferred DNS server 115.178.58.10
Alternate DNS server 115.178.58.26

True
Preferred DNS server 203.144.207.29
Alternate DNS server 203.144.207.49

3BB
Preferred DNS server 110.164.252.222
Alternate DNS server 110.164.252.223

TOT
Preferred DNS server 203.113.127.199
Alternate DNS server 203.113.24.199

SINET
SINET-INET
Preferred DNS server 203.150.213.1
Alternate DNS server 203.150.218.161
SINET-BeeNet
Preferred DNS server 117.121.222.223
Alternate DNS server 117.121.210.111

CAT
Preferred DNS server 61.19.245.245
Alternate DNS server 61.19.245.246

Cloudflare
Preferred DNS server 1.1.1.1
Alternate DNS server 1.0.0.1

GOOGLE
Preferred DNS server 8.8.8.8
Alternate DNS server 8.8.4.4