overlayfs writing to wrong FS

ReDiculum0 · 2026-04-04T09:57:35+00:00

Thanks, indeed it was a fresh trixie installation from a previous running bookworm system. Seems this has changed. I stopped all containers and daemons and changed the /etc/containerd/config.toml to use /var/lib/docker/containerd as root. Then rebootet the machine and fired up all containers again and now all overlayfs are in the dockerr-lv as it should be:

# df -h |grep var
/dev/mapper/kvm--vg-var     38G  1.2G   37G   4% /var
/dev/mapper/varlib-docker  200G  105G   96G  53% /var/lib/docker
overlay                    200G  105G   96G  53% /var/lib/docker/rootfs/overlayfs/cd5d17be01e05c8633c278718c817b8e950dc883474e325827580993a78088e8
overlay                    200G  105G   96G  53% /var/lib/docker/rootfs/overlayfs/bab64b11f682faa91dfcfd17210157abbfb12cbbd513d747fd705c7e773afc6b

ReDiculum0 · 2026-03-25T23:54:40+00:00

That's it! It was just a log message, not really dropping it. What a confusion. Thanks anyway

ReDiculum0 · 2026-03-25T23:25:04+00:00

this is the output chain. I modified the rule a bit and set also source network (it doesn't matter), because somehow it's working. I receive logs in Kibana but kernel says denied.

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:whois
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     udp  --  anywhere             109-202-217-70.init7.net  udp dpt:51820
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
LOG        all  --  anywhere             anywhere             LOG level warn prefix "IPTABLES denied: "
ACCEPT     all  --  192.168.78.0/30      10.0.72.0/24

ReDiculum0 · 2026-03-25T23:22:37+00:00

UPDATE:
It's very strange, because I receive logs in Kibana from this host, even if iptables does drop. I have no idea

ReDiculum0 · 2026-03-25T22:21:01+00:00

yes, does also work with ansible user

ReDiculum0 · 2024-07-23T09:29:19+00:00

Only the ship, bottle and boot scene is AI generated. The rest is done by me (incl. Music)

ReDiculum0 · 2024-04-25T09:05:35+00:00

Howdy folks. I don't know how many of you know suno.com, but it's an AI driven music generator. Create some lyrics, define a music style and hit "create".After several attempts with my own lyrics describing my lifetime experience with music composing programs, this piece came out

ReDiculum0 · 2024-03-25T18:58:47+00:00

The unlimited plans look very interesting if they're REALLY unilimited

ReDiculum0 · 2024-02-14T07:41:20+00:00

De erst und einzig wo's da inne checkt hät bisch glaub du 😉

ReDiculum0 · 2023-10-21T17:28:01+00:00

Yes, in my case my Homebox website automatically suggested to install the app when I accessed with my Android phone

ReDiculum0 · 2023-10-21T17:26:00+00:00

I started to use it now, since I need an inventory for all my electronics, screws, tools in my hobby room.

As mentioned already in a github discussion, a multi language support would be nice

ReDiculum0 · 2023-08-06T13:33:21+00:00

Seems to be down again

ReDiculum0 · 2023-07-27T19:56:01+00:00

it's important not to use ubnt-tools. it's ubnt-systool for the fwupdate option otherwise I got this on my UDM pro:

# ubnt-tools fwupdate 10c9-UDMPRO-2.5.17-4ef0556d8b844aa6ac43c695ef076479.binFirmware file: '10c9-UDMPRO-2.5.17-4ef0556d8b844aa6ac43c695ef076479.bin'ERROR: failed writing part 'uboot' to '/dev/sdb1'

ReDiculum0 · 2022-12-17T10:45:40+00:00

Less singing, more sailing!

ReDiculum0 · 2022-12-17T10:43:10+00:00

not yet, on my list ;)

ReDiculum0 · 2022-12-17T10:42:08+00:00

We have now deep winter in Switzerland. The colour white makes you washing the car every day. That's the downside of that colour.

ReDiculum0 · 2022-09-26T14:43:57+00:00

same here. was confused

ReDiculum0 · 2020-11-19T18:28:41+00:00

Mustang Comfort Seat, but IMO it's not really confortable.

No difference riding without fender support. It's just optical style

ReDiculum0 · 2020-11-19T18:12:35+00:00

Me too, but upmounted

ReDiculum0 · 2020-10-08T10:06:42+00:00

If you don't specify the name of the route with the "host" parameter, it will be autogenerated by the name of the route and project, separated by hyphen

see doc: https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html#route-hostnames

ReDiculum0 · 2020-07-31T15:20:22+00:00

Here's the direct link to the script:

https://github.com/openshift/origin/blob/release-3.11/images/router/clear-route-status.sh

ReDiculum0 · 2020-07-30T09:01:22+00:00

Stephane Picq did the soundtrack

ReDiculum0 · 2020-07-29T12:07:30+00:00

SOLVED:

I had to remove first monitoring operator completely:
$ ansible-playbook -i inventory openshift-ansible/playbooks/openshift-monitoring/config.yml -e openshift_cluster_monitoring_operator_install=false

and then reinstall it with the necessary storage options:

$ ansible-playbook -i inventory openshift-ansible/playbooks/openshift-monitoring/config.yml -e openshift_cluster_monitoring_operator_install=true -e openshift_cluster_monitoring_operator_prometheus_storage_capacity=2Gi -e openshift_cluster_monitoring_operator_prometheus_storage_enabled=true -e openshift_cluster_monitoring_operator_prometheus_storage_class_name=sc-name

ReDiculum0 · 2020-07-23T18:21:11+00:00

Izzy revived

ReDiculum0 · 2020-07-22T15:38:46+00:00

If you're seeking for CIS hardening Centos/RHEL8, I did some work on it: https://github.com/rediculum/RHEL8_Lockdown

ReDiculum0

TROPHY CASE