If you are here, you are likely trying to enter the infrastructure world. First, I apologize. Second, the links here are my tried and true resources for navigating the fundamentals. Hopefully, they will help you too.
Several misconfigurations may prevent a Linux machine from accessing its integrated Intel GPU devices. Let’s check the most common problems and how to fix them.
Sometimes, we want to avoid going through the trouble of creating YAML files for resources, checking its syntax, and versioning everything. Sometimes, we only want something up and running for a POC, a quick test, or a debugging session. For those moments, these commands can help.
First, let’s clarify some terminology. The terms x86, x86_64, x64, and amd64 often refer to the same common Intel-based architecture found in most PCs and servers. In the same vein, the architecture used in Apple M1 processors may be referred to as ARM, ARM64, ARMv8 64, or aarch64. It can be confusing, but these terms are often used interchangeably.
For this example, we will use Raspberry Pi OS 64-bit as the base filesystem for our new Docker image. Since this operating system lacks an official image on Docker Hub, it is a good candidate. However, the principles described here apply to any OS.
Cross Origin Resource Sharing (a.k.a. CORS) is a powerful, and yet misunderstood, web standard for protecting web APIs from abuse. If you’re anything like me, however, you had your fair share of wasted work hours trying to deal with it from time to time. The concept seems deceptively simple, but the devil is in the details.
Lima (short for Linux on Mac) is a Virtual Machine management tool for running Linux boxes (think Vagrant, but for development tooling). It focuses on offering a convenient way to run and interact with containerd, but its high customizability allows for a lot more. The examples folder in its repository gives a good idea of its capabilities.
If you’re using Cloudflare to protect HTTP endpoints, it might be worth it to block any web traffic that doesn’t come from their servers.
iptables is a Linux firewall tool that manages packet routing. It can block or allow traffic based on rules such as a packet’s origin or destination.
If you’re using Ingress Nginx to manage public endpoints, ModSecurity is already installed but disabled by default. To enable it, add the following to the ConfigMap ingress-nginx-controller:
Ideally, you would open ports 80 and 443 of your public IP address and update DNS entries with solutions like ddclient or DNS-O-Matic.
Any webcam compatible with the USB Video Class (UVC) standard should expose an API usable via v4l2-ctl.
To use the regular Docker CLI with Amazon Elastic Container Registry (Amazon ECR), you have to acquire specific login credentials for it first. Assuming you already got basic AWS credentials, run the following to pass those on to Docker. Just note that, below, AWS_ACCOUNT_ID refers to the repository owner, which may not be your own AWS account.
When dealing with container IPs, it is important to note which network each container is connected to and which network mode it is using. The default network mode for a Docker installation is bridge, so we will assume you are using it.
The following command will start a Jupyter instance mounting the current folder.
Jenkins servers have a simple validator to check build files for basic errors without running them. Let’s use curl to send a local file named MyJenkinsfile:
We will use k3s, a lightweight Kubernetes distribution, to get the most out of our hardware. This tutorial uses a Raspberry Pi 4 and the latest Raspberry Pi 32-bit (formerly known as Raspbian). The 64-bit version is pretty much the same for this step-by-step.
This tutorial was tested on a Raspberry Pi 4 with RGB Cooling HAT model “YB-EBV02 VER1.1”, by Yahboom, on 32-bit and 64-bit OS.
This works for Raspberry Pi OS (formerly Raspbian) and requires no monitor or keyboard.
To customize how data about cluster objects is presented in the terminal, it is possible to use JSONPath syntax. Keep in mind that, under the hood, Kubernetes’ API already sends and receives data in JSON format (the YAML files we are used to seeing are an abstraction to ease reading and editing).
To create and manage Java projects, it is common to employ the help of an IDE like IntelliJ IDEA or Eclipse.
We will use cert-manager to issue HTTPS certificates for domains served publicly by a Kubernetes cluster.
If you have either Python 2 or 3 installed, use the “json.tool” module to pretty-print.
Search recursively for file names using a regex pattern. Use -name for a case sensitive search.
First, get the metrics API client.
Start by running kubectl’s proxy. With its help, we avoid dealing with authentication headers.
Start the MongoDB daemon with the --replSet flag.
Get a nicely formatted list:
Let’s use iperf to measure networking performance. First, set a “server” machine.
wipefs should work in most cases to clean filesystems.
To bootstrap a Go application using the Cobra Generator and Go Modules, start by installing the Cobra command line tool:
Unfortunately, SCP and Rsync are not always available to transfer files from a server. When FTP is the only option, wget can still perform well and avoid re-downloading files you already have, similar to a primitive Rsync.
During a site’s downtime, use the following command to print the current time and attempt to access the given URL every 2 seconds. Only the HTTP headers will be displayed.
The following regex matches any non-ascii characters, so it can be used to search and replace invisible garbage in a text file.
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE
SHOW FULL PROCESSLIST;
## OR
mysqladmin -u$MYSQL_USER -p$MYSQL_PASSWORD processlistWe will use Docker to avoid installing the Android SDK locally. This is possible thanks to the ionic Docker image.
du -ah / | sort -n -r | head -n 10docker run -it -v ${PWD}:/etc/letsencrypt --entrypoint="sh" certbot/certbot
certbot certonly -d <domain_name> --manual --preferred-challenges dns# Create the partition
parted --align optimal <raw_device>
mklabel msdos
mkpart primary ext4 0% 100%
quit
# Get the new partition device path
lsblk
# Make the filesystem
mkfs.ext4 <new_partition_device_path>
# Test the partition
mkdir /tmp/partition-test
mount -t ext4 <new_partition_device_path> /tmp/partition-test
# Get the UUID
blkid
# Edit /etc/fstab to mount the partition during boot
UUID=<uuid> /storage ext4 defaults,discard 0 2
## OR, if using XFS
UUID=<uuid> /storage xfs defaults 1 2psql -h $POSTGRES_HOST -U $POSTGRES_USER $POSTGRES_DB
\du # list all users
\l # list databases
\c # select a database
\d # list tables
\d+ <table_name> # describe table
\dx # list installed extensions
SELECT * FROM pg_available_extensions; # list extensions available on the server
CREATE EXTENSION IF NOT EXISTS <ext_name>; # install an extension
ALTER EXTENSION <ext_name> UPDATE TO 'new_version'; # upgrade an extension# Create the database dump on your server
docker exec <my_mongodb_container> mongodump --archive=/backups/mongodb-`date +%Y%m%d`.gz --gzip --db <database_name>
# Copy it to your local machine, if needed
scp -r <server_user>@<server_ip>:<remote_backup_path> <local_backup_path>
# Restore it directly into a running Docker container
zcat <backup_path> | docker exec -i <my_mongodb_container> mongorestore --archive --dropdocker run -it --rm -e KUBECONFIG=/root/.kube/config -v ${PWD}:/apps -v <local_path_to_kube_folder>:/root/.kube alpine/helm:<desired_version> <helm_command>You will need wp-cli for this.
rsync -avhP -e 'ssh -p <optional_server_port>' --info=progress2 <server_user>@<server_up>:<path_to_be_copied> <destination_path># Bring up the system
vagrant up
# Get into the running virtual machine
vagrant ssh
# Bring the machine down and up again
# (equivalent of running a halt followed by an up)
vagrant reload
# Destroy the current created virtual machines
vagrant destroy