update-alternatives --install "/usr/bin/vim" "vim" "/usr/bin/vim.tiny" 1
update-alternatives --set "vim" "/usr/bin/vim.tiny"
Register new repository:
Register-PSRepository -Name Artifactory -SourceLocation http://10.12.12.157:8081/artifactory/api/nuget/dillen-nuget -PublishLocation http://10.12.12.157:8081/artifactory/api/nuget/dillen-nuget -InstallationPolicy Trusted
Publish module:
Publish-Module -Name Foobar -Repository Artifactory -NuGetApiKey 'dillen:XXX'
The NuGetApiKey is retrieved from Artifactory using the “Set Me Up” button of the repository.
Mounting /proc and /dev
nsenter
Tested these colors:
BUILDKIT_COLORS="run=light-blue:error=light-red:cancel=light-yellow:warning=white" docker buildx build .
docker ps --format "table {{.Names}}\\t{{.Image}}\\t{{.Status}}"
cat ~/.docker/config.json
#...
"psFormat":"table {{.ID}}\\t{{.Names}}\\t{{.Image}}\\t{{.Status}}"
#...
Build agents usually have not seen a previous of an image. Solve this by pulling the last version and referencing it:
docker build \
--tag myimage:mytag \
--cache-from myimage:myoldtag \
.
When using micro-labeling, make sure to move them to the bottom to prevent cache misses.
Mounting the socket creates a new network context and creaks name resolution between containers.
Docker-in-Docker starts containers in the same network context.
SHELL ["bash", "-e", "-x", "-c"]ADD files /gosu instead of sudosudoLABEL over MAINTAINERMAINTAINERexec, use init--pull on docker builddocker build --pulldocker-compose.ymldocker-compose.ymldocker-compose.yml--read-only to make the root fs read-only and --tmpfs to mount writable in-memory fsapt install language-pack-en
update-locale LANG=en_US.UTF-8 LC_MESSAGES=POSIX
locale-gen
Environment variables http_proxy and https_proxy must be set.
How to build behind a proxy:
docker build --env http_proxy --env https_proxy --env no_proxy --tag myimage:mytag .
How to run behind a proxy:
docker run --env http_proxy --env https_proxy --env no_proxy myimage:mytag
How to configure the daemon behind a proxy (only situation to specify the proxy):
$ mkdir -p /etc/systemd/system/docker.service.d
$ cat >> /etc/systemd/system/docker.service.d/proxy.conf <<EOF
[Service]
Environment="http_proxy=http://1.2.3.4:3128" "https_proxy=http://1.2.3.4:3128" "no_proxy=localhost"
EOF
$ systemctl daemon-reload
$ service docker restart
How to use docker-compose behind a proxy:
$ cat docker-compose.yml
version: '2'
services:
example1:
build:
context: .
args:
- http_proxy
- https_proxy
- no_proxy
example2:
image: myimage:mytag
environment
- http_proxy
- https_proxy
- no_proxy
How to use docker-machine behind the proxy:
docker-machine --engine-env http_proxy --engine-env https_proxy --engine-env no_proxy ...
Add ther following variables to the service definition:
USERSHELLLANGUse timezone of host:
docker run -v /etc/localtime:/etc/localtime myimage:mytag
Use specific timezone:
docker run -v /usr/share/zoneinfo/Europe/Berlin:/etc/localtime myimage:mytag
Containerized time sync:
$ cat ../docker-ntp/Dockerfile
FROM alpine:3.7
ENV TIME_SERVER=pool.ntp.org
RUN apk update \
&& apk add openntpd gettext
ADD files /
ENTRYPOINT /entrypoint.sh
$ cat ../docker-ntp/files/entrypoint.sh
#!/bin/sh
cat /etc/ntpd.conf.envsubst | envsubst > /etc/ntpd.conf
exec ntpd -d
$ cat ../docker-ntp/files/etc/ntpd.conf.envsubst
servers ${TIME_SERVER}
sensor *
constraints from "https://www.google.com"
$ docker build --tag myimage:mytag
$ docker run --cap-add SYS_TIME --cap-add SYS_NICE myimage:mytag
https://docs.docker.com/engine/security/userns-remap/#disable-namespace-remapping-for-a-container
$PSDefaultParameterValues.Add('Format-Table:AutoSize', {if ($host.Name -eq "ConsoleHost"){$true}})
XXX
How to extend a LVM volume:
Rescan if disk not found:
echo 1 >/sys/class/block/sda/device/rescan
Create primary partition sda2 of type 8e (Linux LVM):
fdisk /dev/sda
Create physical volume:
pvcreate /dev/sda2
Note name of existing volume group:
vgdisplay
Extend volume group
vgextend ubuntu-vg /dev/sda2
Scan for physical volumes
pvscan
Note name of logical volume
lvdisplay
Extend logical volume
lvextend /dev/ubuntu-vg/root /dev/sda2
Resize filesystem
a. extN:
resize2fs /dev/ubuntu-vg/root
b. xfs:
xfs_growfs /dev/centos/root
XXX go
git log -L :initInstallCmd:cmd/docker-setup/install.go
XXX
git log -L '/assertMetadataIsLoaded/',+10:cmd/docker-setup/install.go
XXX
git grep extractVersion
Show history with diff:
git log -p
Set current branch to SHA:
git reset --hard SHA
Copy all files from tag TAG:
git checkout tags/TAG '*'
Interactive rebase from very first commit:
git rebase --interactive --root
Create orphan branch
git checkout --orphan ghpages
The proxy can be set on different levels (--local, --global or --system):
git config --global http[s].proxy 'http://proxy.mydomain.com:3128'
git clone $URL
cd $PROJECT_NAME
git reset --hard $SHA1
For HTTP(S) URLs use a custom credential helper (source):
git config --global credential.helper '!f() { sleep 1; echo "username=${GIT_USER}\npassword=${GIT_PASS}"; }; f'
GIT_USER=user GIT_PASS=pass git clone https://git-rd.haufe.io/...
For SSH based repos use a custom SSH command:
GIT_SSH_COMMAND='echo "${SSH_KEY}" | ssh-add -t 20 -; ssh' git clone git@github.com:nicholasdille/test-ssh.git
<Measurement>[,<tag>=<value>] <field>=<value>[,<field>=<value>] [<timestamp>}
Kubelet uses serving certificates created from a separate certificate authority. Enabling serving cetificates signed by the cluster CA is work in progress as per kubernetes/kubeadm#1223.
The following workaround can be used to enable serving certificates for kubelet but has the multiple caveats:
serverTLSBootstrap: true to the kubelet configuration, e.g. using kind:kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
kubeadmConfigPatches:
- |
kind: KubeletConfiguration
serverTLSBootstrap: true
- role: worker
- role: worker
kubectl --namespace=kube-system get csr --output=json \
| jq --raw-output '.items[] | select(.spec.signerName == "kubernetes.io/kubelet-serving") | .metadata.name' \
| xargs -I{} kubectl certificate approve {}
Mind the caveats listed above!
Move a complete repo from oldserver to newserver:
git clone --mirror git@oldserver:oldproject.git
cd oldproject.git
git remote add new git@newserver:newproject.git
git push --mirror new
netsh can be used to configure port forwarding:
netsh interface portproxy add v4tov4 listenport=443 connectaddress=10.0.0.21 connectport=443
netsh interface portproxy delete v4tov4 listenport=443
Sniffing packets and displaying HTTP requests and responses:
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
cat /etc/apt/preferences.d/docker-ce.pref
Package: docker-ce
Pin: version 17.09.*
Pin-Priority: 1000
Some characters cannot be used in URLs without causing weird behaviour on servers and or clients:
[System.Web.HttpUtility]::UrlEncode('&')
Create a session to the remote host:
$Session = New-PSSession -Computer 'RemoteHost'
Import the module in the remote session:
Invoke-Command -Session $Session -ScriptBlock {
Import-Module -Name 'MyModule'
}
Import remote session:
$RemoteModule = Import-PSSession -Session $Session -Module 'MyModule'
Load module from remote session:
Import-Module -Name $RemoteModule -Global
Import-Module -Name Helpers -Function 'Get-Epoch'
$PSDefaultParameterValues.Add("*:Confirm",$True)
$Proxy = 'http://proxy.mydomain.com:3128'
$PSDefaultParameterValues.Add('Register-PSRepository:Proxy') = $Proxy
$PSDefaultParameterValues.Add('Set-PSRepository:Proxy') = $Proxy
$PSDefaultParameterValues.Add('Install-Module:Proxy') = $Proxy
$PSDefaultParameterValues.Add('Invoke-WebRequest:Proxy') = $Proxy
$PSDefaultParameterValues.Add('Invoke-RestMethod:Proxy') = $Proxy
PowerShell Gallery is not available as a package repository on PowerShell Core. It is registered by running the following:
Register-PSRepository -Default
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Rancher deploys incrementally when docker-compose.yml is missing an existing service
Using rancher-compose pull on a docker-compose.yml forces all hosts to pull the specified images reducing deployment times
Explore manifests and blob contents: https://explore.ggcr.dev/
Short-lived storage: https://ttl.sh
Reverse proxies usually service a long list of different services. Some of which are secured using HTTPS which others are still HTTP-only.
echo | openssl s_client -showcerts -servername name.to.test -connect reverse.proxy.name:443 | openssl x509 -inform PEM -noout -text
curl -vH "Host: name.to.test" http://reverse.proxy.name
curl --resolve name.to.test:443:reverse.proxy.name https://name.to.test/v2/image/tags/list
Process standard input and standard error separately:
(echo stdout && echo stderr >&2) > >(cat | while read -r LINE; do echo "stdout: ${LINE}"; done) 2> >(cat | while read -r LINE; do echo "stderr: ${LI
NE}" >&2; done)
$ sudo cat /etc/sudoers.d/myuser
# allow myuser to execute all commands without a password
myuser ALL=(ALL) NOPASSWD: ALL
# add the following line if executed command will not provide a tty
Defaults:myuser !requiretty
# add the following if using a proxy
Defaults:myuser env_keep+="http_proxy https_proxy no_proxy"
If a separate swap partition was not configured:
dd if=/dev/zero of=/myswap bs=1M count=4096
chmod 0600 /myswap
mkswap /myswap
swapon /myswap
Insert the following line in /etc/fstab for swap from the next boot:
/myswap none swap sw 0 0
https://robots.thoughtbot.com/tdd-your-dockerfiles-with-rspec-and-serverspec https://blog.jevsejev.io/2016/06/09/docker-image-tests/ http://www.infrabricks.de/blog/2014/09/10/docker-container-mit-serverspec-testen/
vim.tiny followed by
update-alternatives --install "/usr/bin/vim" "vim" "/usr/bin/vim.tiny" 1
update-alternatives --set "vim" "/usr/bin/vim.tiny"