overlay2 for Docker within an unprivileged LXC container

For my Jenkins installation I use a Docker agent inside an LXC container. I want this container to be unprivileged, so that the host is somewhat protected from misconfiguration (not deliberate attacks). The default setup works fine, but after a bit of experimenting, I noticed that I was soon running out of disk-space. The reason for that turned out that Docker had fallen back to using the vfs storage backend instead of overlay2, which basically creates a copy for every layer and every running container.

# docker info | grep Storage
 Storage Driver: vfs

Further investigation showed, that this was due to the fact that the container was unprivileged. Short experiments with making the container privileged also yielded issues with cgroup management of the outer docker container on the host. So what was the reason for the issues? It seems that the ID mapping / shifting of the user IDs prevented the overlay2 driver from working.

Therefore I decided to try to mount a host directory as a “device” into the container’s /var/lib/docker. But using the shift=true option, this again fails, since this way the underlying filesystem is shiftfs and not plain ext4 (see supported filesystems for various storage drivers). So a solution without “shift” is required.

Shifting UIDs is done by a fixed offset for a container, in my case it’s 1,000,000. You need to figure this out for your system, but likely it’s the same. So by creating the external storage directory with this as owner and then mounting it inside the container without shifting, things start to get working.

export CONTAINER_NAME=mycontainer
export DOCKER_STORAGE_DIRECTORY=/mnt/pool/mycontainer/var-lib-docker

mkdir -p "$DOCKER_STORAGE_DIRECTORY"
chown 1000000:1000000 "$DOCKER_STORAGE_DIRECTORY"

lxc config device add "$CONTAINER_NAME" var-lib-docker disk source="$DOCKER_STORAGE_DIRECTORY" path=/var/lib/docker

# important, security.nesting is required for nested containers to work!
lxc config set "$CONTAINER_NAME" security.nesting=true

After this docker info | grep Storage finally showed what I wanted:

# docker info | grep Storage
 Storage Driver: overlay2

Trilium – An Awesome Note-taking App

I’ve been a long-time user of WikidPad for personal note-taking. Unfortunately, development has slowed down over time and it was time for me to look for some alternative. And wow, did I find an alternative, that really ticks most (all) of my boxes: meet Trilium, the most feature-packed outliner / hierarchical note taking app I’ve ever encountered.

Take a look at the screenshot tour to get a feeling of what’s possible with Trilium.

The features I adore most about it:

  • Can act standalone and in a client/server model
  • Server provides a browser-based interface to the instance
  • Client-application can work offline and then sync back changes to the central server instance
  • It’s incredible scriptable using JavaScript
  • mermaid.js support for quickly creating diagrams
  • Linking, Cross-Linking, Cloning of notes in various places
  • Journal functions

There are also a ton of features that I don’t use personally, e.g. encrypted notes that are only available once you enter your decryption password.

I personally recommend that you give it a look and try very much!

Moto G6 Plus without GPS Lock

I’ve been a quite happy owner of the Moto G6 Plus for some years now. Since the beginning, I always had a “minor” issue: sometimes the GPS started to suddenly stopped getting a lock. Which was especially cumbersome, if I was using the phone as navigation system while driving. Today, the GPS lost it’s locking mid-drive and I’ve not been able to reestablish it, not even by power-cycling the device. Also various attempts of changing battery saving options and changing location accuracy settings did not result in any improvements (normally it did). The internal diagnostics of the device (*#*#2486#*#*) just said it didn’t get a lock.

My assumption was that it somehow might be related to the A-GPS data. Therefore I looked if there was any tool in the Play Store that might help me clear the A-GPS data, and luckily I stumbled upon “GPS Status & Toolbox“. Even in the free version it allowed to clear the A-GPS data and from this “cold start” mode the device got a lock rather quickly. To support the devs, I decided to upgrade to the PRO version for less than €2,00.

I’m now curious if this is a long-term fix or if it was just lucky coincidence. I’m hoping for the first.

Quick Checklist

  • Disable battery optimizations on Google Maps (and any navigational map you might be using)
  • Disable battery optimization for the “LocationService”
  • Turn off WiFi- and Bluetooth-Background Scans since they might clash with Improved Google Location Accuracy setting
  • Use a tool (like GPS Status & Toolbox) to reset A-GPS data of the GPS receiver

Update 2020-01-06

Since I’ve installed “GPS Status & Toolbox“, the problem has been fixed. Never had the problem of not getting a GPS fix any more.

Fix two Ubuntu 10.04 window manager annoyances

When upgrading to Ubuntu 10.04 I noticed two annoyances (which actually are just a matter of personal taste):

  • The OSX-like positioning of the close, minimize and maximize buttons on the left instead of the right of the window.
  • The fade-out (invisibility) of other windows when using Alt-Tab for tabbing through the available windows on the current desktop.

As I tend to forget and need to Google every time I encounter a newly setup 10.04 system, I now jot down the settings to change.

For changing the window buttons:

  1. Start gconf-editor.
  2. Find /apps/metacity/general/button_layout.
  3. Change its value to menu:minimize,maximize,close.

For changing the opacity of inactive windows during Alt+Tab window switching:

  1. Start gconf-editor.
  2. Find /apps/compiz/plugins/staticswitcher/screen0/options/opacity.
  3. Change it to any value you like, where 100 is fully visible and 0 is totally invisible.

Windows Vista Home/Business/Enterprise has a telnet client, too

For some unknown reason, Microsoft decided that only the “Ultimate” version of Windows Vista ships with the telnet client installed by default. It can, however, be easily installed on all the other versions as well.

  • Open the Control Panel
  • Select “Programs”
  • Select “Turn Windows features on or off”
  • Scroll through the list, select “Telnet client”
  • Press OK
  • Wait (for surprisingly long)

That’s it, voila, the telnet client is now installed on your Windows Vista Non-Ultimate.

Missing dictionaries on OpenOffice.org 3

I just upgraded to OpenOffice.org 3 and I really like it. But there was a small, but very anoying problem: OO.org seemed to be unable to find any dictionaries. I found out rather quicky, that starting with OO.org 3 dictionaries are only available as extensions. Well, basically this is no problem, but the English (at least the US and GB variante) are supposed to be bundled with the installer and are not available as seperate extension.

It seems there is a little bug with the installation on Vista under certain circumstances which causes the extensions not being registered properly with OO.org.

To solve the problem, follow the same following steps:

  • Locate your OO.org “install” directory of your installation, usually it is C:\Program Files\OpenOffice.org 3\share\extensions\install” [Updated 2008-12-21 to include “extensions”, thanks to the anonymous commenter!]
  • Manuylla install the appropriate dictionary extension (“dict-en.oxt”, “dict-de.oxt”, “dict-fr.oxt”, “dict-it.oxt”) by either launching the oxt directly or by chosing Tools -> Extension Manager.

For me this worked after restarting OO.org totally (i.e. closing down all Writer, Calc, …).

A first look at Google Chrome

Just played around with Google Chrome. First impression: Wow! This is definitely going to encourage development of other browsers as well!

It feels lightweight, fast for JavaScript applications, and offers some nice features (I especially like the possibility to open an “anonymous window” which will forget all cookies etc. when being closed without being forced to delete all other cookies as well.) Tabs can be dragged out and dropped back into the browser, something I’d always wanted Firefox to be able as well.

Each tab runs within its own process and Chrome offers a “Task Manager” (Shift-Esc), which will display memory usage, CPU usage and bandwidth consumption for each tab, which I consider very handy.

Chrome is available for Windows only at the moment, but is expected to be released for MacOS X and Linux as well. I am really curious how this is going to develop and if this is going to really affect “the Internet as a whole” (I really believe Google has gained enough market power to push their products).

Nice to know – Volume 2

udev renames you network interfaces

Sometimes udev renames your devices. This happened to me when upgrading a server, eth0 suddenly became eth1 and vice-versa. Of course, this broke nearly all firewall scripts on the server… There is a nice explanation how to get udev to name your devices the way you want.

Visual Studio 2005 Service Pack 1 on Microsoft Windows Server 2003

When installing Visual Studio Service Pack 1 under Windows Server 2003, it might fail because it cannot verify the signature. You should take time and visit the link provided in the error message, because it will take you to a hotfix that will correct the problem.

(via Mark Caroll’s Blog)

VMWare Server on Ubuntu 8.04

A nice tutorial for getting free VMWare Server 1.0.5 running on Ubuntu 8.04.

Nice to know – Volume 1

As I definitely should post more on my blog, I now try to start a new series: “Nice to know”. It will be a collection of interesting things I consider memorable but which don’t deserve their own blog-post.

Trickle

Tricke allows you to limit bandwith for processes that do not support bandwith limitation out-of-the-box. It works by preloading and simulating the socket API. You use it as a wrapper when starting the process, like trickle -d 80 someapp.

You can use it to limit rsync speed for instance (thanks to http://www.yak.net/fqa/404.html): rsync -auvPe “trickle -d 80 ssh” user@host:/src/ /dst/

VMWare Tools and Kernel 2.6.24

VMWare Tools out of the box do not install on kernel 2.6.24 (as used in Ubuntu 8.04 for instance). A possible solution is described here. It is based on using the open-source version of the VMWare tools (open-vm-tools).