コンテンツにスキップ

Ubuntu

  • Landscape https://landscape.canonical.com/index.html
  • Ubuntu 18.04でsudoがやけに遅い場合の対処 https://serverfault.com/a/41820
  • Ubuntu 18.04以降ではインストール時にGitHubから信頼済み公開鍵をダウンロードしてくることができる。githubに置いてある公開鍵を指定してインストールすると、対になる秘密鍵を持っているユーザーはパスワードを設定しなくてもいい。
  • EDITORのデフォルトをvimにする: sudo update-alternatives --set editor /usr/bin/vim.basic

netplan

https://netplan.io/reference/

  • Live CDからインストールした場合は/etc/netplan/50-cloud-init.yaml
  • mini.isoからインストールした場合は/etc/netplan/01-netcfg.yaml
$ sudo vi /etc/netplan/50-cloud-init.yaml 

設定例

$ cat /etc/netplan/50-cloud-init.yaml 
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    ethernets:
        ens18:
            addresses:
                - 192.168.1.11/24
                - 2001:db8:1111::11/64
            gateway4: 192.168.1.1
            gateway6: 2001:db8:1111::1
            nameservers:
                addresses:
                    - 192.168.1.53
                search:
                    - ainoniwa.net
            optional: true
    version: 2

サービスの再起動で適用する場合は以下のコマンド

$ sudo netplan apply

dhcp4: yes の時にStatic Routeを設定する場合は、以下のように on-link: true を追加する。

dhcp4: yes
routes:
- on-link: true
  to: x.x.x.x/x
  via: x.x.x.x

apt

Debian系統で使うパッケージマネージャ

man APT(8): https://manpages.debian.org/stretch/apt/apt.8.ja.html

パッケージをアップデートするときのお手軽スニペット(Ubuntu 14.04/16.04では一部 apt-get に読み替えること)

apt -q update
apt -q -y upgrade
apt -y autoremove
apt -y autoclean
$ sudo apt update -q
$ sudo apt upgrade -q -y
$ apt-get autoremove -q -y
$ apt-get autoclean -q -y

Note

  • apt upgrade の実行後に /var/run/reboot-required が出来ている場合はOSの再起動が必要
  • linux-kernelをupgradeしていると /boot が溢れる可能性があるのでチェックする

needrestart

UnattendedUpgrades

自動的にアップデート、再起動をしてくれるツール群。Ubuntu 18.04/20.04の場合は最初から入っていると思われる。

To override the configuration it is recommended to create an other APT configuration file fragment which overrides the shipped default value because updates to to shipped configuration file may conflict with the local changes blocking updating unattended-upgrades itself. The new file should sort later than 50unattended-upgrades to be parsed later than the one shipping the default values, it can be e.g. 52unattended-upgrades-local.

ソースコードのドキュメントに書かれているように、既存のファイルを直接編集するのは適切ではない。
そこで、新しく /etc/apt/apt.conf.d/52unattended-upgrades-local を作成する。

/etc/apt/apt.conf.d/52unattended-upgrades-local に以下を設定(多分デフォルト "0" で設定されている)

// Do "apt-get update" automatically every n-days (0=disable)
// APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "1";

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
};
// Only Ubuntu 20.04/unattended-upgrades 2.3 or higher
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "true";
// If `/var/run/reboot-required` is exists, shutdown scheduled.
// Unattended-Upgrade::Automatic-Reboot-Time "02:00";
  • Automatic-Reboot-Time の設定はノードによる。
    ACTIVE/STANDBYなノードの場合は片方を無効にしておくとか Unattended-Upgrade::Automatic-Reboot-Time "02:00"; の時間をずらしておくとかしておく。
  • リポジトリを追加している場合 Allowed-Origins には OriginSuite を追加してやれば大抵動く
    • Dockerの場合だと以下の出力が得られるので "Docker:${distro_codename}"; と書いてやれば良いだろう
      $ grep -e Origin -e Suite /var/lib/apt/lists/download.docker.com_linux_ubuntu_dists_bionic_*
      /var/lib/apt/lists/download.docker.com_linux_ubuntu_dists_bionic_InRelease:Origin: Docker
      /var/lib/apt/lists/download.docker.com_linux_ubuntu_dists_bionic_InRelease:Suite: bionic
      

設定が終わった後は sudo unattended-upgrade -d で意図通り動いているか確認する。
試験的に実行する場合は --dry-run を付与する。
例えば、以下のケースでは追加したDockerのリポジトリは Unattended-Upgrade::Allowed-Origins の設定に追加していないので「アップデートできるが自動更新の対象ではない」という出力になる。

$ sudo unattended-upgrade -d --dry-run
Initial blacklisted packages: 
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESMApps,a=bionic-apps-security, o=UbuntuESM,a=bionic-infra-security, o=Ubuntu,a=bionic-updates
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^linux-image-unsigned-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*|^linux-buildinfo-[0-9]+\.[0-9\.]+-.*|^linux-source-[0-9]+\.[0-9\.]+-.*|^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^linux-image-unsigned-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*|^linux-buildinfo-[0-9]+\.[0-9\.]+-.*|^linux-source-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.15\.0\-180\-generic$|^linux-headers-4\.15\.0\-180\-generic$|^linux-image-extra-4\.15\.0\-180\-generic$|^linux-modules-4\.15\.0\-180\-generic$|^linux-modules-extra-4\.15\.0\-180\-generic$|^linux-signed-image-4\.15\.0\-180\-generic$|^linux-image-unsigned-4\.15\.0\-180\-generic$|^kfreebsd-image-4\.15\.0\-180\-generic$|^kfreebsd-headers-4\.15\.0\-180\-generic$|^gnumach-image-4\.15\.0\-180\-generic$|^.*-modules-4\.15\.0\-180\-generic$|^.*-kernel-4\.15\.0\-180\-generic$|^linux-backports-modules-.*-4\.15\.0\-180\-generic$|^linux-modules-.*-4\.15\.0\-180\-generic$|^linux-tools-4\.15\.0\-180\-generic$|^linux-cloud-tools-4\.15\.0\-180\-generic$|^linux-buildinfo-4\.15\.0\-180\-generic$|^linux-source-4\.15\.0\-180\-generic$|^linux-image-4\.15\.0\-180\-generic$|^linux-headers-4\.15\.0\-180\-generic$|^linux-image-extra-4\.15\.0\-180\-generic$|^linux-modules-4\.15\.0\-180\-generic$|^linux-modules-extra-4\.15\.0\-180\-generic$|^linux-signed-image-4\.15\.0\-180\-generic$|^linux-image-unsigned-4\.15\.0\-180\-generic$|^kfreebsd-image-4\.15\.0\-180\-generic$|^kfreebsd-headers-4\.15\.0\-180\-generic$|^gnumach-image-4\.15\.0\-180\-generic$|^.*-modules-4\.15\.0\-180\-generic$|^.*-kernel-4\.15\.0\-180\-generic$|^linux-backports-modules-.*-4\.15\.0\-180\-generic$|^linux-modules-.*-4\.15\.0\-180\-generic$|^linux-tools-4\.15\.0\-180\-generic$|^linux-cloud-tools-4\.15\.0\-180\-generic$|^linux-buildinfo-4\.15\.0\-180\-generic$|^linux-source-4\.15\.0\-180\-generic$) regexp to find running kernel packages
Checking: containerd.io ([<Origin component:'stable' archive:'bionic' origin:'Docker' label:'Docker CE' site:'download.docker.com' isTrusted:True>])
Checking: docker-ce ([<Origin component:'stable' archive:'bionic' origin:'Docker' label:'Docker CE' site:'download.docker.com' isTrusted:True>])
Checking: docker-ce-cli ([<Origin component:'stable' archive:'bionic' origin:'Docker' label:'Docker CE' site:'download.docker.com' isTrusted:True>])
Checking: docker-ce-rootless-extras ([<Origin component:'stable' archive:'bionic' origin:'Docker' label:'Docker CE' site:'download.docker.com' isTrusted:True>])
Checking: docker-scan-plugin ([<Origin component:'stable' archive:'bionic' origin:'Docker' label:'Docker CE' site:'download.docker.com' isTrusted:True>])
pkgs that look like they should be upgraded: 
Fetched 0 B in 0s (0 B/s)                                                                                                                                                                                                                                                                                  
fetch.run() result: 0
blacklist: []
whitelist: []
No packages found that can be upgraded unattended and no pending auto-removals

タイマーに apt-daily.timerapt-daily-upgrade.timer があることを確認して完了。

$ systemctl list-timers
NEXT                         LEFT          LAST                         PASSED        UNIT                         ACTIVATES
Tue 2022-05-24 17:33:46 JST  5h 41min left Tue 2022-05-24 11:23:36 JST  28min ago     ua-timer.timer               ua-timer.service
Tue 2022-05-24 19:01:34 JST  7h left       Tue 2022-05-24 07:06:57 JST  4h 45min ago  apt-daily.timer              apt-daily.service
Tue 2022-05-24 20:44:34 JST  8h left       Tue 2022-05-24 09:55:25 JST  1h 56min ago  motd-news.timer              motd-news.service
Wed 2022-05-25 06:13:20 JST  18h left      Tue 2022-05-24 06:23:57 JST  5h 28min ago  apt-daily-upgrade.timer      apt-daily-upgrade.service
Wed 2022-05-25 10:10:26 JST  22h left      Tue 2022-05-24 10:10:26 JST  1h 41min ago  systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Mon 2022-05-30 00:00:00 JST  5 days left   Mon 2022-05-23 00:00:19 JST  1 day 11h ago fstrim.timer                 fstrim.service

6 timers listed.
Pass --all to see loaded but inactive timers, too.

設定参考

トラブルシューティング

Container

  • lxc
  • lxd

Docker

インストール

一般ユーザーでもdockerコマンドが使えた方が良いので、セットでいつもやる。(あんまり良くない

sudo apt update
sudo apt upgrade -y
sudo apt install -y docker docker-compose
sudo usermod -a -G docker $USER
sudo reboot

よく使うイメージ

メモ

Ubuntu 18.04だと docker build がエラー吐くときがある: https://github.com/docker/docker-credential-helpers/issues/103

$ sudo docker build .
double free or corruption (out)
SIGABRT: abort
PC=0x7f0d7bcc7e97 m=0 sigcode=18446744073709551610
signal arrived during cgo execution

とりあえずこうすると直る。

$ sudo apt update && sudo apt install -y gnupg2 pass gpg

edac-utils

ECCメモリのエラーカウンタの確認ツール。

$ sudo apt install edac-utils
$ edac-util -rfull
mc0:noinfo:all:UE:0
mc0:noinfo:all:CE:0

ツールを使わなくても /sys/devices/system/edac/mc 以下をcatで確認できる。

See: How do I get notified of ECC errors in Linux?

ECCメモリーが認識されているかどうかを見る

sudo dmidecode --type memoryError Correction Type: Single-bit ECC が確認できる。
Total Width: 72 bitsData Width: 64 bits を見ると、DIMMのバス幅(64bits)に誤り訂正符号用の8bitsが追加されている。

ECCの場合:

# dmidecode --type memory
# dmidecode 3.3
Getting SMBIOS data from sysfs.
SMBIOS 3.0.0 present.

Handle 0x0029, DMI type 16, 23 bytes
Physical Memory Array
        Location: System Board Or Motherboard
        Use: System Memory
        Error Correction Type: Single-bit ECC
        Maximum Capacity: 64 GB
        Error Information Handle: Not Provided
        Number Of Devices: 4

Handle 0x002A, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x0029
        Error Information Handle: Not Provided
        Total Width: 72 bits
        Data Width: 64 bits
        Size: 16 GB
        Form Factor: DIMM
        Set: None
        Locator: DIMM CHA3
        Bank Locator: BANK 0
        Type: DDR4
        Type Detail: Synchronous
        Speed: 2133 MT/s
        Manufacturer: Samsung
        Serial Number: 332480F6
        Asset Tag: 1632
        Part Number: M391A2K43BB1-CPB    
        Rank: 2
        Configured Memory Speed: 2133 MT/s
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: 1.2 V

Handle 0x002B, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x0029
        Error Information Handle: Not Provided
        Total Width: 72 bits
        Data Width: 64 bits
        Size: 16 GB
        Form Factor: DIMM
        Set: None
        Locator: DIMM CHA1
        Bank Locator: BANK 1
        Type: DDR4
        Type Detail: Synchronous
        Speed: 2133 MT/s
        Manufacturer: Samsung
        Serial Number: 332479AB
        Asset Tag: 1632
        Part Number: M391A2K43BB1-CPB    
        Rank: 2
        Configured Memory Speed: 2133 MT/s
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: 1.2 V

Handle 0x002C, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x0029
        Error Information Handle: Not Provided
        Total Width: 72 bits
        Data Width: 64 bits
        Size: 16 GB
        Form Factor: DIMM
        Set: None
        Locator: DIMM CHB4
        Bank Locator: BANK 2
        Type: DDR4
        Type Detail: Synchronous
        Speed: 2133 MT/s
        Manufacturer: Samsung
        Serial Number: 332478B4
        Asset Tag: 1632
        Part Number: M391A2K43BB1-CPB    
        Rank: 2
        Configured Memory Speed: 2133 MT/s
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: 1.2 V

Handle 0x002D, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x0029
        Error Information Handle: Not Provided
        Total Width: 72 bits
        Data Width: 64 bits
        Size: 16 GB
        Form Factor: DIMM
        Set: None
        Locator: DIMM CHB2
        Bank Locator: BANK 3
        Type: DDR4
        Type Detail: Synchronous
        Speed: 2133 MT/s
        Manufacturer: Samsung
        Serial Number: 332476CF
        Asset Tag: 1632
        Part Number: M391A2K43BB1-CPB    
        Rank: 2
        Configured Memory Speed: 2133 MT/s
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: 1.2 V

ECCじゃない場合:

$ sudo dmidecode --type memory
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.0.0 present.

Handle 0x0009, DMI type 16, 23 bytes
Physical Memory Array
        Location: System Board Or Motherboard
        Use: System Memory
        Error Correction Type: None
        Maximum Capacity: 32 GB
        Error Information Handle: Not Provided
        Number Of Devices: 2

Handle 0x000A, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x0009
        Error Information Handle: Not Provided
        Total Width: 64 bits
        Data Width: 64 bits
        Size: 4096 MB
        Form Factor: DIMM
        Set: None
        Locator: DIMM1
        Bank Locator: Not Specified
        Type: DDR4
        Type Detail: Synchronous Unbuffered (Unregistered)
        Speed: 2400 MT/s
        Manufacturer: 80CE000080CE
        Serial Number: 24880502
        Asset Tag: 03185100
        Part Number: M378A5244CB0-CRC    
        Rank: 1
        Configured Memory Speed: 2133 MT/s
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: 1.2 V

Handle 0x000B, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x0009
        Error Information Handle: Not Provided
        Total Width: Unknown
        Data Width: Unknown
        Size: No Module Installed
        Form Factor: Unknown
        Set: None
        Locator: DIMM2
        Bank Locator: Not Specified
        Type: Unknown
        Type Detail: None
        Speed: Unknown
        Manufacturer: Not Specified
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Part Number: Not Specified
        Rank: Unknown
        Configured Memory Speed: Unknown
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: Unknown

最終更新日: 2023-06-20 16:34:30