Using docker-machine to deploy multi-manager docker swarm

Of course, HA is a must in production environment. So, you gonna need multi-manager docker swarm. It is super easy when you know how.

First, you cannot use token, you need a discovery service (consul, etcd, zookeeper). So, create one if you don’t have, e.g.

$ docker-machine create -d virtualbox consul
$ docker-machine ssh consul
[email protected]:~$ docker run -d --name consul \
  --net host gliderlabs/consul-server \
  -advertise \
  -bootstrap-expect 1

Next,  create multiple swarm managers (we have obsoleted the term swarm master, though.)

$ docker-machine create -d virtualbox --swarm \
  --swarm-master \
  --swarm-opt replication \
  --swarm-discovery consul:// \
  --engine-opt cluster-store=consul:// \
$ docker-machine create -d virtualbox --swarm \
  --swarm-master \
  --swarm-opt replication \
  --swarm-discovery consul:// \
  --engine-opt cluster-store=consul:// \

Note that you need –swarm-master and –swarm-opt replication to make this works. Now, you have it. You can either

$ eval $(docker-machine env --swarm manager-0)


$ eval $(docker-machine env --swarm manager-1)

Check the “role” line, one will be the primary, the others will be replicas.

Normally, you would want to set docker environment to the primary. Somehow, if the primary has failed, one of the replicas will takeover and you can set the environment to the replica to control your swarm cluster. You can later recover the failed manager, or create a new manager.

Easy, right ? ;)

สงกรานต์ 2559

สงกรานต์ปี 2559 เป็นปี จ.ศ. (2559 – 1181) = 1378

วันเถลิงศก ตรงกับ

(1378 * 0.25875)
 + floor(1378 / 100 + 0.38)
 - floor(1378 / 4 + 0.5)
 - floor(1378 / 400 + 0.595)
 - 5.53375
 = 356.5575 + 14 - 345 - 4 - 5.53375
 = 16.02375

= วันที่ 16 เมษายน 2559 เวลา 00:34:12

วันสงกรานต์ ตรงกับ

16.02375 - 2.165 = 13.85875

= วันที่ 13 เมษายน 2559 เวลา 20:36:36

AlphaGo and the future of AI.

The Go match between AI and pro is very interesting. I’m a fan of igo/weiqi/baduk. I used to play constantly, and was rated SDK (single-digit kyu). Also, as a computer scientist, Go is the only board game that the best human can defeat the best AI.

Well, not anymore.

AlphaGo, with deep/machine learning, was well-trained, and beat one of the world’s best professional, Lee Sedol 4-1 (game records [1] [2] [3] [4] [5]).

With the advancements of methods, algorithms, and abundant resources of Google/Alphabet, I would not surprise much about the result. What surprised me was that it came much earlier than I expected.

With such advances in AI, many people start discussing about AI/robots will take over the planet – like Terminator’s SkyNet, or the Matrix. I think we, humanity, should must be very careful about using AI. We all should must know that, in the end, human cannot be superior the AI.

Biologically, we just can’t.

Many scientists knew that. For decades, groups of researchers tried to come up with the ultimate laws to control AI to ensure the public safety; something like Asimov’s Three Law of Robotics in the real world. There are many recent papers published in the area called “Ethics of Artificial Intelligence“.  Having ethics / laws is great, I totally agree with that. But, then again, just like any laws humanity came up with – religions, rules, laws, ethics, orders, you name it – the problem is the control.

Controls, including ones that will apply over AI, depend on human. But, humans are radical. They are uncontrollable. I’m pretty confident that, even with the ultimate laws of robotics, ones will build AI without the laws embedded.

The threat against humanity is, unfortunately, not the AI, but humans themselves.

Graylog Extractor for Fortigate Firewall

I’ve been using Graylog in production for awhile. It’s a great log analysis tool, backed by elasticsearch. Conceptually, graylog is pretty much like splunk. I consolidate approximately 170-200 million log messages to graylog everyday. So, I need to optimize them well enough.

Few days ago, I started to use Fortigate extractors from a git repo. It uses regex, and it is very slow. So I (have to) write my own extractors. I write Grok pattern, and keep rewriting until I could cover all messages I need to extract. Then, I started to optimize the pattern. The result is quite good though. I could reduce extractor time from more than 100,000 usec to about 100 usec.


Yes, that’s approximately 1000x times faster. It’s definitely not perfect though, but it works for me. If you think it might be good for you, you can download my Fortigate content pack here.

Enjoy :)


dnsmasq is the default DNS resolver if you use NetworkManager. It runs pretty well most of the time. When it doesn’t, you would not be able to access the Internet if you need to resolve names.

I’m not a fan of dnsmasq, and if you – like me – want to disable it, just edit


and remove/comment


Restart NetworkManager, it will use traditional faithful method of /etc/resolv.conf.

Quick install graylog on Ubuntu

Yes, yes, I know. There is the official document to guide you, e.g.

BUT, RTFM ! You need to install Java, MongoDB, elasticsearch config, and ensure they run well BEFORE you can run Graylog. That would need skills and time to do it right.

For those Ubuntu people, there is another way. Graylog officially (and constantly) releases a single deb package to update the OVA version. This package includes everything you need to run Graylog, so you can use it to deploy Graylog.

You can simply download the package at, dpkg -i to install, graylog-ctl to configure and run.



Remount tmpfs

This is simple, and you can do it without rebooting the machine.

For example, let’s say you have /tmp using tmpfs, and you want to set size to 4 GB:

# mount -o remount,size=4G,noatime /tmp

That’s it.

IBM AMM USB keyboard issue

Many admin faced an issue when using a USB keyboard on IBM Advanced Management Module (AMM) with Linux.

It seems that some Linux distros do not recognize USB device on IBM AMM and then power off the USB port, disconnect a device plugged in.

The solution is quite straightforward: always supply the power to the port.

With udev, you can add the following rules


ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="04b3", ATTR{idProduct}=="4002", TEST=="power/control", ATTR{power/control}="on"