Augmenting Linux Swap Space | ops.tips
How to extend Swap space on Linux after you already set it| ops.tips
How to extend Swap space on Linux after you already set it| ops.tips
Hey, I’ve recently bought a Raspberry Pi 3B+, and that seemed like a great target for a Concourse worker run at. It turns out that just the process of building and adapting the Concourse binary itself was already an interesting thing to do, so here I share the lessons learned and how that process looked like. To provide ARM-compiled binaries for node_extra_exporter (a Rust-based Prometheus exporter for exposing some metrics that the traditional node_exporter doesn’t expose), it felt like ...| ops.tips
Hey, If you’ve been working with web servers for a little while, you certainly have already hit the classic “address already in use” (EADDRINUSE). Here in this article, we go through not only how to see whether such condition as conditioned to happen (by looking at the list of open sockets), but also verify in the actual Kernel code paths where that check happens. In case you’ve been wondering about how the socket(2) syscall works where are these sockets stored, make sure you stick to...| ops.tips
Hey, The file covered in this article, /proc/<pid>/stack, is the one that motivated me to learn more about /proc and get The Month of Proc. It’s such a useful thing when you’re unaware of what is the state of a given process. Meanwhile, I’ve noticed that it’s not very well known by people getting started with Linux. Here in this post, you’ll get to know more about how procfs can gather a process' stack trace, as well as get an idea of its usefulness. This is the fifth article in a s...| ops.tips
Hey, When dealing with web servers, it’s not uncommon to face the problem of “too many files open”. Usually, people solve that by modifying a number using ulimit -n, and then, sometimes that doesn’t work as such setting is per-process, and not system-wide. In this article, I go through how that ulimit setting works under the hood, and how you can make use of /proc to inspect other processes limits without the need for additional tools. This is the fourth article in a series of 30 arti...| ops.tips
Hey, Something that is very common to get wrong when starting with Linux containers is to think that free and other tools like top should report the memory limits. Here you’ll not only go through why that happens and how to get it right, but also take a look at where is the Kernel looking for information when you ask it for memory statistics. Also, if you’re curious about how the code for keeping track of per-cgroup page counter looks, stick to the end! This is the third article in a seri...| ops.tips
Hey, Continuing with the Month of /proc, today’s blog post is about how reading /proc works (yep, the directory) . Not only is this article’s content about /proc, but also about reading directories in general (expect syscalls and Kernel inspection). If you’ve been curious about how listing directory entries works under the hood, this is for you! This is the second article in a series of 30 articles around procfs: A Month of /proc. If you’d like to keep up to date with it, make sure yo...| ops.tips
Hey, Although many people that are accustomed to Linux are aware of the existence of /proc and what some files over there can do, many lack the understanding of what goes behind the scenes to power such filesystem (myself included before writing this article). If you’ve been wondering about how /proc works under the hood, stay tuned! This is the first article in a series of 30 articles around procfs: A Month of /proc. If you’d like to keep up to date with it, make sure you join the mailin...| ops.tips
Hey! I’ve been wanting to better understand what are some of the capabilities of procfs (/proc), so I thought of a little challenge for me: for each day, for 30 days, I’ll be posting a new article about a single file under /proc that should be useful for someone either introspecting a system (or wanting to mutate some kernel param). Given that so many tools touch the /proc mountpoint to gather information, and that it’s such a great place to learn more about where you can look for the r...| ops.tips
Hey, Today I spotted something very interesting in my Twitter (I’m @cirowrc there, by the way): To learn bpftrace, there is a reference guide and one-liners tutorial: https://t.co/EztuxTK9iJhttps://t.co/foCH2TUCpv — Brendan Gregg (@brendangregg) October 8, 2018 That’s right, dtrace functionality for Linux via eBPF “superpowers”. To be very honest, I know almost nothing about dtrace itself, but I’ve heard about it many times - it brings to the operator a framework that allows he/sh...| ops.tips
Hey, This month I’ve been interested in increasing the overall time that a user spends navigating here in the blog. Being article recommendation something that the blog was missing, I went for it. Check out how you can do it for your static site too! The idea Implementing a Recommended Articles list in Hugo Displaying the recommendation list Closing thoughts The idea Given that my content usually is tagged, I thought that one easy way of adding article recommendation would be to simply take...| ops.tips
Hey, While it’s prevalent to see implementations of TCP servers in Golang, it’s not very common to see the same when it comes to UDP. Besides the many differences between UDP and TCP, using Go it feels like these are pretty much alike, except for little details that arise from each protocol specifics. If you feel like some Golang UDP knowledge would be valuable, make sure you stick to the end. As an extra, this article also covers the underlying differences between TCP and UDP when it com...| ops.tips
Hey, Another day I was trying to make sure that a given process that I was running was using a specific binary that I had built, but I couldn’t figure out: ps would only show me the non-absolute path. # How could I know what is the absolute path of the# `hugo` binary, assuming that I could have multiple# `hugo` binaries in `$PATH`? ps PID TTY TIME CMD 4153 ttys000 5:14.98 hugo serve <<<9035 ttys001 0:00.04 /Applications/iTerm.app/Content... 9037 ttys001 0:00.10 -bash 9086 ttys001 0:02.27 /u...| ops.tips
Hey, This week I wanted to discover a bit more about how dmesg works under the hood. In the past, I wanted to have alerting based on error messages popping at dmesg, so, maybe by trying to create something that uses the same thing that dmesg uses under the hood, I could better understand it. Also, I knew that in some systems, it was possible to gather the same information from kern.log and that dmesg was all about reading “the kernel ring buffer”, but, what did that mean? More specificall...| ops.tips
Hey, I’ve been doing some work in a Linux VM recently, and having to use secure copy (scp) every time just to copy a tcpdump capture to my MacOS machine to inspect it with Wireshark is not very fun. VM MACOS tcpdump --> capture scp linux --> /tmp/capture wireshark /tmp/capture Given that Wireshark can inspect packets flowing in real time, what if Wireshark perform the equivalent of a tail -f operation on a given packet file? It turns out that this is possible and pretty simple. tl;dr: wires...| ops.tips
Hey, Being accustomed to tying together multiple bash programs with the pipe operator, sometimes I’ve seen myself not being able to easily do so when a command expected the input to come from a file instead of stdin. Given that `dirname` doesn't expect input from `stdin`, piping to it doesn't work as expected Using process substitution we can make sure that pretty much every command can perform the equivalent of taking contents from standard input. tl;dr: dirname <(echo "/var/lib/my/file.tx...| ops.tips
Hey, Oftentimes I see myself needing to check response times while making a bunch of requests quickly. Most of the tools out there either do not continuously make new requests (via an entirely new TCP connection) or don’t expose connection times. Snapshot of the `httpstat` tool httpstat is a great tool that does the job really well. It’s a single binary that you can put under your $PATH and have nice stats, but it’s yet another tool, and you might just be inside a container (or maybe a ...| ops.tips
Hey, Hugo v0.43 just got released today (see the GitHub Releases page for Download links and notes about all that’s included in v0.43) with great news! From my point of view, the most significant feature in this release (as noted in the gohugo.io website) is the introduction of the asset pipeline (Hugo Pipes), a way of allowing the user to specify transformations to be applied to assets (css, javascript, svg and more) right from the template. The tl;dr is illustrated in the release docs: {{...| ops.tips
| ops.tips
Differently from the blog posts, these are smaller posts which are usually more direct; not a lot of plain-text explanation - more code.| ops.tips
Hey, I’ve been trying to improve the Hugo template that I created for this blog, and one of the things I wanted to do was inject the contents of an index.css file into a index.amp.html layout file - Accelerated Mobile Pages (AMP) requires us to have our custom styles inlined in the HTML (see Custom Amp Styles). Here I go through a way of achieving that - using awk - and a way of not achieving that - using sed (naively). If you ever need to template a file with contents of another, this gist...| ops.tips
Hey, Some days ago I wrote about how you can configure YouCompleteMe to navigate the Linux source code. One great benefit of going through such setup is that it showed me how I could use the very same concepts to develop eBPF code better by leveraging autocompletion and jumps to definitions and declarations. While it’s common for people to just embed their eBPF code directly into Python scripts, I find such approach very hard to debug (not being very accustomed to Kernel stuff). Given that ...| ops.tips
Hey, When Docker Swarm mode got announced, one of the big features included was the routing mesh. Image from docs.docker.com Although the feature indeed works as expected, there’s the possibility that you might not want to have all of your nodes accepting connections and performing the job of a load-balancer. In this blog post, I go through what are the fundamental blocks that the routing mesh uses under the hood so we can block such kind of traffic on specific machines. The ingress load-ba...| ops.tips
Hey, Some time ago I needed to check whether AWS EC2 instance profiles would work fine with Docker Registry, and guess what? It does! What interests me the most in such setup is how it facilitates a scenario where you can have a highly available internal registry, having a load-balancer in front of a set of registries and granting privileges to only those who really need it. Given that the pushes to the registry (and pulls from it) usually involve large amounts of data being transferred, with...| ops.tips
Hey, Today I was looking at the internal struct that ends up being filled as the result of parsing the Docker Registry configuration, and doing that I found that in the master branch of the repository there’s already support for metrics scraping by Prometheus (see configuration.go), something that used to be only available in OpenShift (see openshift/origin issue). It surprised me that this addition came not super recently: commit e3c37a46e2529305ad6f5648abd6ab68c777820a Author: tifayuki <t...| ops.tips
Hey, These days I’ve been doing some research that involves looking at the Linux kernel to figure things out. Since I’ve been using YouCompleteMe for a reasonable amount of time, and that I love how simple it is to configure it, why not give a try to using it for inspecting the Linux kernel? Example of YouCompleteMe searching available functions. ps.: for a browser experience, bootlin is AMAZING. It lets you navigate through the code providing links to definitions and making you go back i...| ops.tips
Hey, This week I needed to check whether in a given situation a given error would occur when connecting to a TCP server, so why not go back to the man pages and review the steps? Here’s what I come up with! I hope it’s going to be useful for you who’s reading. /** * Start by specifying our dependencies. * * As we're using only standard dependencies you'd find in a * Linux machine, these can be found under `/usr/include`. * * - `stdio.h` gives us the standard io (input and output) method...| ops.tips
Hey, I’ve been working on an tc + ebpf-based load-balancer that I’ll soon talk about here in this blog, and one of the things I wanted to do was test such load-balancing feature. In my line of thought, I wondered: if I’m going to redirect the traffic by changing the destination address of the packets, that means that I’ll need somehow to have a different internet set up in the machine where I could put processes listening on those addresses. Having worked with Docker and implemented a...| ops.tips
Hey, There’s been some time since an issue has been open under SwarmKit to address the lack of support to having privileged containers (see https://github.com/docker/swarmkit/issues/1030). Although pull requests have been made (see https://github.com/docker/swarmkit/pull/1129, for instance), it seems like there’s no intention by the Docker team to have the feature added before entitlements get into moby (see https://github.com/moby/moby/issues/32801). Knowing those facts, and given that I...| ops.tips
Hey, Some days ago I needed to tweak Docker a little bit to check if changing some parameters of SwarmKit would make it work more reliably. Given that the value I needed changing was hardcoded, no /etc/docker/daemon.json configuration would do the job. That meant that a fork would be needed. It turns out that building and running a forked version of Docker is not complicated once you get to know what are the pieces involved. What does the docker-ce package installs on my system? Running the d...| ops.tips
Hey, This week I wanted to make the logs of a Docker build easier to read, and remembering how some tools prefix their outputs with a name, I thought that doing so would be a good way to go. In such scenario, I had the following structure: . ├── Dockerfile # The Dockerfile that instruct the │ # image building process │ └── scripts # directory full of scripts to be run ├── first.sh # Ideally, each script would have its name ├── second.sh # used as the prefix in the ...| ops.tips
Hey, If you’ve ever wondered whether you can tie Access Control Lists (ACLs) with maps in HAProxy, the answer is: yes. Let’s tailor a scenario here: based on a map, decide whether a request to a given domain should be answered by the current frontend or not - in the negative case, forward the request to a different frontend. One application that can be thought from this is the case where some domains are meant to be served by both a plain HTTP frontend and a HTTPS frontend too, but some o...| ops.tips
Hey, This is a quick post for those who might need to perform HTTP health checks against a running HAProxy instance. From my perspective, three ways of doing it: using the monitor-uri directive (you should use this one); using a custom HTTP file with errorfile directive; using a lua script. While the first and seconds should work in any HAProxy installation, the third requires lua, which your HAProxy binary might have support or not. ps.: In the past, I wrote about how to install haproxy with...| ops.tips
Hey, Those who already have deployed Docker to an EC2 instance might have noticed (or not) that, within the containers, you’re able to perform requests to the EC2 metadata service, discovering information about the host from within these containers. While in some cases that’s a desired thing (i.e., not needing to explicitly pass credentials to containers and make use of instance profiles to authenticate against AWS services), sometimes it ends up leaking information that the containers (w...| ops.tips
Hey, While Docker takes some time to expose more options to service creation (for instance, limiting the maximum number of PIDs of a service), it’s important that they are still enforced (at least with a default number). Many docker options that are not exposed to docker swarm mode yet - see add more options to service create / `service update. It turns out though that there’s a way of adding such functionality without forking SwarmKit and Docker just to add that if you’re fine with set...| ops.tips
Hey, I’ve wanted to cover some Linux networking basics, and I felt that going through the exercise of setting up a straightforward TCP server would do good, and writing a guide during that process would certainly force me to go over details that I’d usually skip. If you’re curious (or just wanted a tutorial) on how to set up a TCP server using Linux and C, this is for you. The overview The socket Creating a Socket (extra) Writing to a socket in CLOSED state Binding the socket to an addr...| ops.tips
Hey, I came through a great article this week (Write yourself a strace in 70 lines of code) and decided to give a try, going through every step with a bunch of care such that I’d understand each piece. While writing the code, I came up with the following schematics of how everything works together: Let’s dive into it. Executing a new process with tracing enabled By controlling the execution of a new process (being its parent) we can set this new process to have tracing enabled. This is po...| ops.tips
Hey, this is a quick follow up for the article I wrote about the locks quota of AWS EFS (The first limit you’ll hit on AWS EFS: Locks) and an article about settings up AWS networking with Terraform (A practical look at basic AWS Networking with Terraform). Here I take the concept of creating multiple subnets in a VPC explored in the second article and then tie with the AWS EFS provisioning tips from the first one. The architecture Creating a multi-az AWS EFS set up with Terraform Creating t...| ops.tips
Hey, I noticed that recently a bunch of people has been getting to the website through queries about HAProxy in the context of AWS - mainly how to receive traffic through a set of instances and forward them to another set of machines. As I aim at making this blog as much practical as I can, I feel that if I taught the basics around AWS networking first, then I could have the ground set for further discussions about either HAProxy, NGINX or other options out there. The client point of view The...| ops.tips
Hey, While people generally know (and agree) that cAdvisor is the guy in the room to keep track of container metrics, there’s a sort of hidden feature of the docker daemon that people don’t take into account: the daemon by itself can be monitored too - see Collect Docker Metrics with Prometheus. You indeed can determine whether the daemon is running by checking the systemd metrics via cAdvisor (if you’re running the Docker daemon as a systemd service), you can’t know much more than th...| ops.tips
Hey, some days ago HTTP2 server push has been added to Nginx (at least the open source version). That’s great news since this was one of the most interesting features from HTTP2 that Nginx was lacking. Given that I didn’t use server push myself so far, I decided to learn a bit more about it and give a try to Nginx' implementation. A minimal HTTP2 Server push example in Go Verifying HTTP2 Push with Google Chrome Inspecting the HTTP2 streams using Wireshark Installing NGINX from source Conf...| ops.tips
Hey, I’ve been exploring the new Go support for AWS Lambda that has been announced by AWS early this year (see Announcing Go Support for AWS Lambda), and there’s a little detail of it that I found very interesting: at its core, it uses Go’s net/rpc package as a mean of communication between the AWS infrastructure and your code. Having never used net/rpc myself, I decided to explore it. Architecting an RPC hello world Creating a Go RPC Handler Creating a Go RPC Server and Client Go RPC i...| ops.tips
Hey, a month ago I was looking at some issues with a container running a MySQL instance against an NFS-mounted directory on the host (should you do this? maybe not). The issues seemed pretty weird as I’m not a MySQL guy and there were all sorts of errors popping up related to disk quotas. Sure, we did have a bunch of space: df -h fs-<...>.amazonaws.com:/ 8.0E 1.6G 8.0E 1% /mnt/nfs The problem, as the logs revealed, was that InnoDB wasn’t able to grab a lock that it wanted. That seemed eve...| ops.tips
Hey, this week the team behind Grafana released a beta release of Grafana v5 (which is almost there - check the milestone) and I got very happy to know that now it’s easier to get an instance from ground up without having to use the UI to configure the dashboards. The niceness of that feature is that now you can redeploy a Grafana container that has a bunch of dashboards without needing to go through the UI to configure them. While previously you’d had to manually import dashboards and co...| ops.tips
Hey, some time ago I had the challenge of setting a monitoring system for some machines in AWS. I end up taking Prometheus as the system to retrieve the metrics from the sources and Grafana as the way of graphing them. Nothing fancy, pretty standard. After that, I had a problem though. How could I test this setup locally? Everything was very much tied to how service discovery worked within an AWS environment. The machines would get fetched from EC2’s DescribeInstances with all the tags that...| ops.tips
Hey, this blog post is the continuation of the previous post (How to build and run Concourse CI locally). In this one, I try to understand better how one of its main components works internally to keep track of pipelines and have builds triggered. Let’s dig into what goes on when a pipeline is submitted to Concourse. The API As a consumer of the “concourse service”, the API server is the first point that we touch. The API server in this case is atc: From the words of the atc repository:...| ops.tips
Hey, close to a year ago I got in touch with concourse.ci when evaluating a tool to perform builds whenever changes happened in a git repository and even though the team I worked with end up creating a custom tailored system (we needed much less than what concourse - or something like Jenkins - provided) I think Concourse does a lot right. This post is not meant to teach you the concepts behind Concourse or provide use cases, but let you know how you can run a development version of it locall...| ops.tips
Hey, since some months ago I’ve been struggling a bit with the amount of information that I consume in a single day. It’s just outrageous that sometimes I’d put myself in a zombie mode and just keep following news (even if something like HackerNews which, in theory, should be a good source of interesting information) for so long and not really produce much. I decided to try blocking all these sources for a while and see how it goes. To do so, I looked for some Chrome extensions that wou...| ops.tips
Hey, This is a quick tip on how you can switch from using ACLs (access control lists) to use maps for selecting backends based on a request parameter. The usefulness of using maps instead of acls is that sometimes it might be easier to update the mappings rather than the ACLs (as well as allowing us to perform mutations on the maps without needing to spawn a new process due to the possibility of using the runtime api via unix sockets). Overview Selecting a backend using ACLs Selecting a backe...| ops.tips
Hey, I just got an idea about a tool, and given that I think it’s a type of thing that pairs nicely with a blog to drive people to it, I decided to create one. Given that I already have everything set up for this one (ops.tips, I mean), I thought about sharing my setup with you so that you can also adopt it - if you think it’s cool. ps.: this is not meant to be advertising for AWS. I’m just talking about my use-case here. update: added a CDN invalidation step to the Travis-CI deployment...| ops.tips
Hey, Recently, HAProxy 1.8 got announced, and it came with some pretty good news: HTTP/2 is automatically detected and processed in HTTP frontends negotiating the “h2” protocol name based on the ALPN or NPN TLS extensions. At the moment the HTTP/2 frames are converted to HTTP/1.1 requests before processing, so they will always appear as 1.1 in the logs (and in server logs). No HTTP/2 is supported for now on the backend, though this is scheduled for the next steps. HTTP/2 support is still ...| ops.tips
Hey, some time ago I got curious about whether gRPC would be something suitable for sending files over the wire. One of its goodness is the native support of streams, so, why wouldn’t it be? A service and a message To get the idea going, I took the approach of defining a minimum viable service, one that takes some chunks and then, once received, counts how many bytes of the actual content has been received. These chunks were defined like the following: messageChunk{bytesContent=1;} As the s...| ops.tips
Hey, some weeks ago I wrote a Docker logging plugin that acts as an oklog forwarder: oklog-docker-plugin. oklog makes use of a fairly straightforward format for ingesting logs: send it a line with some predefined fields and ta-da, it’ll be properly ingested. While coding the plugin, I remember considering whether I should buffer these stuff or not. My rationale was that I should probably look at the tradeoff of between immediate availability of the logs and some kind of network optimization...| ops.tips
Hey, Yesterday I read a pretty interesting article from James Routley with the title Let’s hand write DNS messages. It goes all the way down to preparing a UDP query by hand and then interpreting it by reading the bytes received back. That was cool mainly because it makes clear that DNS messages are not all that complicated. It takes some encoding/decoding to create a message and understand its result but, still, not hard. I took the opportunity to go through the article and the DNS RFC and...| ops.tips
Hey, I’ve been trying to put myself in the skin of project managers this week and started thinking about some questions related to managing GitHub-based projects. Just trying to grasp what the experience would look like if I needed to gather answers to some very fundamental questions about how my team performs. The conclusion that came out from this is that project managers might be having a hard time with GitHub. I see that there are all these tools like ZenHub and CodeTree, but I still do...| ops.tips
Hey, I’ve been recentely developing, once again, a service that needs to expose an HTTP api which has to be publicly exposed and well documented. Guess what?! That’s not new! Write a new service that talks via HTTP and you’ll have to document the interface and write, again, all the same boilerplate for dealing with logging requests, handling preflight requests made by browsers, checking parameters and so on and so on. The greatness of using swagger is that we can simply skip all of that...| ops.tips
Hey, there are plenty of Docker Ansible roles out there but it turns out that most of them are overly complex while at the same time it’s very simple to install it. Actually, most of the times not even Ansible is needed: if you have a single machine and just needs to have it there, Docker already got you covered on how to install Docker: head to get.docker.com pick a script that installs it from a specific release channel and done (if you’re curious - or worried - about the development of...| ops.tips
Hey, a friend of mine recently told me about a way of performing incremental backups making use of the ubiquitous tar tool. I was really impressed that such a useful thing could be hidden there without people talking about it (or is it just me who didn’t know? anyway …) Here are my two cents on how you can tailor a script that will backup a directory incrementally sending the snapshots to S3 and then recovering later. In the end, I also include restic as an alternative. Goal The ultimate ...| ops.tips
Hey, for some good time, Travis has been allowing anyone to run Docker in their infrastructure - see Using Docker in Builds - be it on a paid or free plan. Something that is not outlined there is that it’s very common to not have the latest version of Docker running in your builds. For some people, that’s a problem. Updating the version To update the version we must, before using Docker in the build, set a script that will fetch Docker from the official apt repository and perform the upgr...| ops.tips
Hey, this is a quick tip that might save you some time if you need to have all the output of a script going out to a file and you don’t have control over the execution of it. Here I go through two possible ways to tackle the problem: using exec to redirect the stdout and stderr to a specific file; using a subprocess and controlling its stdout and stderr. Both achieve the same, but are slightly different. When do you need this? Using exec to redirect stdout and stderr Redirecting subprocess ...| ops.tips
Hey, depending on what you’re trying to build it might happen that part of it involves inspecting a Docker image from a registry but you can’t afford to pull it. It turns out that there’s an API that allows you to perform exactly that - be it DockerHub or a private registry. The Docker Registry HTTP API is the protocol to facilitate distribution of images to the docker engine. It interacts with instances of the docker registry, which is a service to manage information about docker image...| ops.tips
Hey, with the upcoming release of HAProxy 1.8 (see the blog post at haproxy.com) it’ll be possible to keep your stack behind the goodness of http2 without changing your code at all. That’s pretty cool as you can have very perceptive differences under real-life scenarios. One thing to notice is that browsers only establish these connections if you’re HTTPS ready, and that means having TLS certificates in your load-balancer (or regular server). Here are my 2 cents on how you can have a fu...| ops.tips
Hey, oftentimes I have some code that ends up in a Docker image which I want to have pushed to Dockerhub. Docker itself is capable of automatically building images from git repositories but it has the restriction that I can’t specify a certain Docker daemon version to run the build. This used to be important (not sure if it still is) as in the stable version of Docker we already have been using multi-stage builds but the Dockerhub builder didn’t allow us to use it. As I already make use o...| ops.tips
Hey, today I happened to write a script to solve a specific problem that it looks like a good deal of people face: rename a Elasticsearch index. Naturally, there are documented solutions but I didn’t find quickly a script that would get me where I wanted - all the data from an index named a now being queryable in an index named b with all the properties set. Note.: the following code is aimed at Elasticsearch 2.4.6. Here it comes then. Reindexing step by step There are four steps to get tow...| ops.tips
Hey, it’s not uncommon for me to have to execute a quick command against a set of machines. Naturally, the easiest way of performing that against a single machine is using ssh: readonlyprivate_key='./key.rsa'readonlycommand='echo test'readonlyip='10.0.0.2'readonlyuser='ubuntu'readonlyport='22'echo"$command"| ssh \ -i ${private_key}\ -p ${port}\ ${user}:${ip} Having the command properly wrapped in terms of variables now it’s just a matter making it a method, looping through a list of machi...| ops.tips
Hey, oftentimes I see myself having to run two types of tests in travis-ci: unitary and integration tests. For the first category, that usually means running some plain Golang code that interacts with no other services (e.g, it uses a mocked database or it mocks HTTP requests). In the other scenario, spawning Docker containers which end up creating a database that is used in the test - requiring docker to be present, thus, VM-based builds. Using the matrix property we can tailor our build mat...| ops.tips
tl;dr: you’re missing the --login flag in your bash execution. --- Hey, yesterday I was trying to test some ansible roles I had written and to do so I was using a containerized version of Ubuntu that I tailored for doing the job - cirocosta/ubuntu. The image does its job pretty well: it can run with systemd as the PID 1, it has SSH and I can mess around with systemd services, units .. etc etc as if I had a working “VM” (given the set of boundaries of how far we can simulate a VM). Anywa...| ops.tips
Hey, The first time I got involved with Docker was three and a half years ago while I was still an undergraduate student. By that time, the only thing that used to matter to me in regards to Docker was the fact that I was able to run “a minimalistic VM” (which is almost an absurd way of referring to Docker or Linux containers in general). Remember the time when the blogs were all about “how a container compares to a VM”? Some years later (having dealt with Docker in production a lot),...| ops.tips
Hey, I remember back when I was introduced to Arch Linux this thing called LVM but I never really used it and knew what were its capabilities. I simply couldn’t understand why someone would want to resize a partition on the fly (guess what, I’ve done that so many times in AWS nowadays). Why would someone want to snapshot? Why LVM? Now many years after my first Arch Linux installation I understand what are its benefits but I’ve never really set up on a Linux machine myself though. Here i...| ops.tips
Hey, Most of the time I see myself creating a Golang project: be it a one-file single-purpose thing or a more complex project. To facilitate that process, I try always to keep the structure the same such that there’s no need to put much thought into the process of bootstrapping a new project - for me, the less friction to get started, the better. The file structure usually looks like this: . ├── .editorconfig # Allows you to define and maintain │ # a consistent editor configuratio...| ops.tips
Hey, Since 2016, a great Lua script has been used by many people deploying HAProxy instances that need to allow LetsEncrypt certificates generation: haproxy-acme-validation-plugin. I’ve even written about how to respond to HTTP requests right from HAProxy: Making HAProxy respond 200 OK to health checks. Many other scripts that extend HAProxy’s functionality have been made, but that’s not the point of this post. If you ever need (or want) to test this script in a MacOS machine (or any ot...| ops.tips
If you simply take the official HAProxy docker image, you’ll quickly see that your logs will not show. That’s because by default, HAProxy won’t log to stdout - you need to have a facility (rsyslog) that will take those logs and ship it to somewhere. A Dockerfile with RSYSLOG for HAProxy logging Although adding rsyslog is straightforward with the alpine-based image, we can go further with linking the generated haproxy.log from rsyslog to /dev/stdout such that whenever rsyslog writes HAPr...| ops.tips
