If you’re here, most likely, you’re trying to get into the infrastructure world. First, I’m so sorry. Second, the links here are my tried and true resources to navigate the fundamentals in this jungle. Hopefully, they’ll make a difference for you too.
Several misconfigurations may stop a Linux machine from having access to its integrated Intel GPU devices. Let’s check the most common problems and how to fix them.
Sometimes, we want to avoid going through the trouble of creating YAML files for resources, checking its syntax, and versioning everything. Sometimes, we only want something up and running for a POC, a quick test, or a debugging session. For those moments, these commands can help.
First of all, let’s get some terminology out of the way. In the wild, the terms x86, x86_64, x64, and amd64 can be used to refer to the same very common Intel-based architecture we find on most PCs and servers. In the same vein, the architecture used on Apple M1 processors may be referred to as ARM, ARM64, ARMv8 64, and aarch64. It’s kind of a mess, but don’t think too much about it. Just remember the names.
For the purposes of this example, we’ll be using Raspberry Pi OS 64-bit as the base filesystem for our new Docker image. Since this operating system lacks an official one on Docker Hub, it feels like a good fit. However, the principles described here should work well enough for any OS.
Cross Origin Resource Sharing (a.k.a. CORS) is a powerful, and yet misunderstood, web standard for protecting web APIs from abuse. If you’re anything like me, however, you had your fair share of wasted work hours trying to deal with it from time to time. The concept seems deceptively simple, but the devil is in the details.
Lima (short for Linux on Mac) is a Virtual Machine management tool for running Linux boxes (think Vagrant, but for development tooling). It focuses on offering a convenient way to run and interact with containerd, but its high customizability allows for a lot more. The examples folder in its repository gives a good idea of its capabilities.
If you’re using Cloudflare to protect HTTP endpoints, it might be worth it to block any web traffic that doesn’t come from their servers.
iptables is a Linux firewall tool that manages packet routing and can block or allow traffic based on rules like a packet’s origin or destination.
If you’re using Ingress Nginx to manage public endpoints, ModSecurity is already installed but disabled by default. To enable it, add the following to the ConfigMap ingress-nginx-controller:
Ideally, you would be able to open ports 80 and 443 of your public IP address and update DNS entries with solutions like ddclient or DNS-O-Matic.
Any webcam compatible with the USB Video Class (UVC) standard should expose an API usable via v4l2-ctl.
To use the regular Docker CLI with Amazon Elastic Container Registry (Amazon ECR), you have to acquire specific login credentials for it first. Assuming you already got basic AWS credentials, run the following to pass those on to Docker. Just note that, below, AWS_ACCOUNT_ID refers to the repository owner, which may not be your own AWS account.
When dealing with container IPs, it’s important to take note of which network each container is connected to and which network mode it’s using. The default network mode for a Docker installation is bridge, so I’ll assume you’re using it too.
The following command will start a Jupyter instance mounting the current folder.
Jenkins servers have a simple validator to check build files for basic errors without running them. Let’s use curl to send a local file named MyJenkinsfile:
We will use k3s, a lightweight Kubernetes distribution, to get the most out of our hardware. This tutorial uses a Raspberry Pi 4 and the latest Raspberry Pi 32-bit (formerly known as Raspbian). The 64-bit version is pretty much the same for this step-by-step.
This tutorial was tested on a Raspberry Pi 4 with RGB Cooling HAT model “YB-EBV02 VER1.1”, by Yahboom, on 32-bit and 64-bit OS.
This will work for Raspberry Pi OS (formerly known as Raspbian) and no monitor or keyboard are needed.
To customize how data about cluster objects is presented on the terminal, its possible to use JSONPath syntax. Keep in mind that, under the hood, Kubernetes’ API already sends and receives data in JSON format (the YAMLs we’re used to see are an abstraction to ease reading and editing).
In order to create and manage Java projects, its common to employ the help of an IDE like IntelliJ IDEA or Eclipse.
We will use cert-manager to issue HTTPS certificates for domains served publicly by a Kubernetes cluster.
If you have either Python 2 or 3 installed, use the “json.tool” module to pretty-print.
Search recursively for file names using a regex pattern. Use -name for a case sensitive search.
First, get the metrics API client.
Start by running kubectl’s proxy. With its help, we avoid dealing with authentication headers.
Start the MongoDB daemon with the --replSet flag.
Get a nicely formatted list:
Let’s use iperf to measure networking performance. First, set a “server” machine.
wipefs should work in most cases to clean filesystems.
To bootstrap a Go application using Cobra Generator and Go Modules, start by installing the Cobra command line:
Unfortunately, SCP and Rsync aren’t always an option to get our files out of a server. When FTP is all we have, wget can still do a pretty good job and not re-download files you already have, like a primitive Rsync.
During a site’s downtime, the following line will print the current time and try to access the given URL one time every 2 seconds. Only the received HTTP headers will be shown.
The following regex matches any non-ascii characters, so it can be used to search and replace invisible garbage in a text file.
mysql -u$MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE
SHOW FULL PROCESSLIST;
## OR
mysqladmin -u$MYSQL_USER -p$MYSQL_PASSWORD processlistWe’ll use Docker to avoid installing the Android SDK on our computer for this task. This is possible thanks to this ionic Docker image.
du -ah / | sort -n -r | head -n 10docker run -it -v ${PWD}:/etc/letsencrypt --entrypoint="sh" certbot/certbot
certbot certonly -d <domain_name> --manual --preferred-challenges dns# Create the partition
parted --align optimal <raw_device>
mklabel msdos
mkpart primary ext4 0% 100%
quit
# Get the new partition device path
lsblk
# Make the filesystem
mkfs.ext4 <new_partition_device_path>
# Test the partition
mkdir /tmp/partition-test
mount -t ext4 <new_partition_device_path> /tmp/partition-test
# Get the UUID
blkid
# Edit the /etc/fstab to mount partition during boot
UUID=<uuid> /storage ext4 defaults,discard 0 2
## OR, if using XFS
UUID=<uuid> /storage xfs defaults 1 2psql -h $POSTGRES_HOST -U $POSTGRES_USER $POSTGRES_DB
\du # list all users
\l # list databases
\c # select a database
\d # list tables
\d+ <table_name> # describe table
\dx # list installed extensions
SELECT * FROM pg_available_extensions; # list extensions available on the server
CREATE EXTENSION IF NOT EXISTS <ext_name>; # install an extension
ALTER EXTENSION <ext_name> UPDATE TO 'new_version'; # upgrade an extension# Create the database dump on your server
docker exec <my_mongodb_container> mongodump --archive=/backups/mongodb-`date +%Y%m%d`.gz --gzip --db <database_name>
# Copy it to your local machine, if needed
scp -r <server_user>@<server_ip>:<remote_backup_path> <local_backup_path>
# Restore it directly into a running Docker container
zcat <backup_path> | docker exec -i <my_mongodb_container> mongorestore --archive --dropdocker run -it --rm -e KUBECONFIG=/root/.kube/config -v ${PWD}:/apps -v <local_path_to_kube_folder>:/root/.kube alpine/helm:<desired_version> <helm_command>You will need wp-cli for this.
rsync -avhP -e 'ssh -p <optional_server_port>' --info=progress2 <server_user>@<server_up>:<path_to_be_copied> <destination_path># Bring up the system
vagrant up
# Get into the running virtual machine
vagrant ssh
# Bring the machine down and up again
# (equivalent of running a halt followed by an up)
vagrant reload
# Destroy the current created virtual machines
vagrant destroy