Ubuntu user hits thread number limit preventing SSH login

Ubuntu user hits thread number limit preventing SSH login

Recently I was investigating quite an interesting issue - there is Ubuntu based VM our testers run some tests on. It was reported they’re unable to log into the virtual machine.

After a brief investigation it became clear the issue is not network or SSH key related.

These are records from auth log:

/var/log/auth.log

Feb 28 20:21:39 test-instance sshd[21954]: pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
Feb 28 20:21:39 test-instance systemd-logind[756]: New session 75 of user ubuntu.
Feb 28 20:21:39 test-instance sshd[21954]: fatal: fork of unprivileged child failed
Feb 28 20:21:39 test-instance systemd-logind[756]: Removed session 75.

Quite an obscure error message, but smells like cgroup problem. Indeed:

GCE and self hosted k8s 1.6 no route created

GCE and self hosted k8s 1.6 no route created

There is an annoying bug in Kubernetes 1.6 running on GCE with Calico/Flannel networking operating via CNI plugin interface.

You may experience same issue if kubelet on your nodes runs with options

--network-plugin=cni --cloud-provider=gce

When a new node is added to the k8s cluster it’s recognized as ‘Ready’ but no pods except Calico/Flannel pod are being scheduled there.

I'll be back Shasta

I'll be back Shasta

Sup guys I’m back and I have something for you nerdy hikers. If you’re impatient enough please feel free to skip to the bottom of the post to get the details.

Few weeks ago I’ve made an attempt to summit mt. Shasta in northern California - from Bunny flats, via Horse camp, 50/50, Helen lake, Red banks. Reached the bottom of Misery hill (4km point) and turned back.

TLS termination using Nginx and application/json error handling

TLS termination using Nginx and application/json error handling

This is quite common nowadays to have some TLS terminatin reverse proxy in front of your REST API. Nginx is being used frequently for this purpose.

The problem I faced and spent some time trying to resolve is that API backing Nginx responds in JSON, but if something is wrong with the request itself or Nginx can’t reach the backend Nginx returns error page in ‘text/html’.

Travis CI and deploying golang applications to GAE

Travis CI and deploying golang applications to GAE

Disclamer - this post covers the situation with Travis CI and GAE as of January 2017, APIs may be changed and issues may be resolved soon.

Travis CI provides possibility to deploy go applications to GAE after a successful build. There are quite severe limitations if you’re using plain App Engine, not Managed VMs.

First of all there are two ways Golang application can be deployed to GAE. You can use either gcloud command