lmquang / til Goto Github PK

yes Y | command-that-asks-for-input

grafana/loki#3519

context: redirect clients to https, but container exposes port 80 (nohttps)

api:
    environment:
     VIRTUAL_HOST: domain.com
     VIRTUAL_PROTO: http
     HTTPS_METHOD: redirect
     CERT_NAME: domain.com
    expose:
     - 80

CREATE TABLE two
( id bigint NOT NULL PRIMARY KEY
, name varchar
);
CREATE SEQUENCE "two_id_seq"
INCREMENT 1
MINVALUE 1
MAXVALUE 9223372036854775807
START 1
CACHE 1;
ALTER SEQUENCE "two_id_seq"
OWNED BY two.id
;
ALTER TABLE two
ALTER COLUMN id SET default nextval('two_id_seq')
;

In this case, empty the PAGE_TITLE value

select max_conn,used,res_for_super,max_conn-used-res_for_super res_for_normal 
from 
  (select count(*) used from pg_stat_activity) t1,
  (select setting::int res_for_super from pg_settings where name=$$superuser_reserved_connections$$) t2,
  (select setting::int max_conn from pg_settings where name=$$max_connections$$) t3

https://dba.stackexchange.com/questions/161760/number-of-active-connections-and-remaining-connections

options 1:
export DOCKER_DEFAULT_PLATFORM=linux/amd64

options 2:
add “--platform=linux/amd64” to build command

1. remove readiness & liveness
2. update dp, statefulset, etc. command & args to

command: ["/bin/sh"]
args: ["-c", "while true; do echo hello; sleep 10;done"]

This will help pod to be available and you can kubectl exec -it to debug

When you delete a namespace in Kubernetes, the namespace status is always "Terminating". Run this command to find all resources which aren't deleted in the namespace, and remove 1 by 1:

$ kubectl api-resources --verbs=list --namespaced -o name \
  | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace_name>

You also can run these commands to delete a "Terminating" namespace

$ export NAMESPACE="cattle-global-data" && \
  kubectl api-resources --verbs=list --namespaced -o name \
  | xargs -n 1 kubectl get --show-kind --ignore-not-found -n "$NAMESPACE" | awk '{print $1}' | grep '.io' \
  | xargs -n 1 kubectl patch -p '{"metadata": {"finalizers": []}}' --type='merge' -n "$NAMESPACE"

http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/

add -i (--ignore-errors) flag, ex: make -i destroy

git config --global url."[email protected]:".insteadOf "https://github.com/"

*/5 * * * * [cmd]
https://askubuntu.com/questions/220474/how-to-run-a-cronjob-after-every-5minutes

If you cannot delete an ingress (because k8s will recreate) due to:
extensions/v1beta1 Ingress is deprecated in v1.14+, unavailable in v1.22+; use networking.k8s.io/v1 Ingress

let's try:
$ kubectl delete -n <namespace> challenges.acme.cert-manager.io <resource-name>

git reset --hard [commit-id]

https://stackoverflow.com/questions/47876025/glide-cannot-find-package-in

Solution: should put this package into glide.yml and set version which has missing subpackage

Errno::EACCES: Permission denied @ rb_file_s_rename - (/gitlab-data/uploads, /gitlab-data/uploads.1497726946)

Solution:

After restore by using backup file, gitlab will extract something like:

- artifacts.tar.gz  
- backup_information.yml 
- builds.tar.gz  
- db  
- lfs.tar.gz  
- pages.tar.gz 
- registry.tar.gz  
- repositories  
- uploads.tar.gz

So we just need to extract manually uploads.tar.gz by using command tar -zxvf uploads.tar.gz -C <uploads-directory-in-gitlab-data-directory>

<uploads-directory-in-gitlab-data-directory> may be like: /srv/gitlab-data/gitlab-beta/data/uploads/

Summary

The Docker toolset to pack, ship, store, and deliver content.

This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-registry project with a new API design, focused around security and performance.

To be simple

Server

Simply, just run below command:

$ docker run -d -p 5000:5000 --restart=always --name registry registry:2

Client

Get any image from the hub and tag it to point to your registry:

$ docker pull ubuntu && docker tag ubuntu your-domain:5000/ubuntu

$ docker push your-domain/ubuntu

$ docker pull your-domain:5000/ubuntu

Running a domain registry

While running on localhost has its uses, most people want their registry to be more widely available. To do so, the Docker engine requires you to secure it using TLS, which is conceptually very similar to configuring your web server with SSL.

Server

Lets create a directory to save some items related to.

$ mkdir registry && cd registry && mkdir certs && mkdir data && mkdir auth

First of all, lets create htpasswd file so that client can login to this hub.

$ docker run --entrypoint htpasswd registry:2 -Bbn testuser testpassword > auth/htpasswd

And now, lets copy or create your own domain.crt and domain.key and save it into certs/

$ openssl req \ -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \ -x509 -days 365 -out certs/domain.crt

Then, we need to create docker-compose.yml:

registry:
  restart: always
  image: registry:2
  ports:
    - 443:5000
  environment:
    REGISTRY_HTTP_TLS_CERTIFICATE: /certs/domain.crt
    REGISTRY_HTTP_TLS_KEY: /certs/domain.key
    REGISTRY_HTTP_SECRET: someRandomSecret
    REGISTRY_AUTH: htpasswd
    REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd
    REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
  volumes:
    - ~/docker_registry_tls/data:/var/lib/registry
    - ~/docker_registry_tls/certs:/certs
    - ~/docker_registry_tls/auth:/auth

And run, $ docker-compose up -d

That's all, now you can login to your hub to push, pull

Client

You need to login

$ docker login your-domain/ubuntu

Issue

You may get some troubles like:

FATA[0000] Error response from daemon: v1 ping attempt failed with error:
Get https://myregistrydomain.com:5000/v1/_ping: tls: oversized record received with length 20527.
If this private registry supports only HTTP or HTTPS with an unknown CA certificate,please add
`--insecure-registry myregistrydomain.com:5000` to the daemon's arguments.
In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag;
simply place the CA certificate at /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt

Solution

• Linux

$ cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
update-ca-certificates

• RedHat

$ cp certs/domain.crt /etc/pki/ca-trust/source/anchors/myregistrydomain.com.crt
update-ca-trust

• On some distributions, e.g. Oracle Linux 6, the Shared System Certificates feature needs to be manually enabled:

$ update-ca-trust enable

or You can open /etc/default/docker and add the following at the end:

DOCKER_OPTS="$DOCKER_OPTS --insecure-registry <your-domain>"

Note:

If you use boot2docker (Mac), you may do some steps below:

$ docker-machine ssh <your-machine>

$ cd /var/lib/boot2docker && sudo vi profile

and you need to add --insecure-registry=<your-domain> (dont need to include port if your hub server use port 443) inside EXTRA_ARGS like:

EXTRA_ARGS='
--label provider=virtualbox
--insecure-registry=<your-domain>
'

Exit and docker-machine restart <your-machine>.

Now you can login to your hub and pull-push your image.

apply cùng một thay đổi cho cả 2 branches khác nhau

// Đang ở branch A, commit những thay đổi đó
git add -A
git commit -m "Awesome Bug Fixed :("

// Chuyển qua branch B và thực hiện lệnh cherry-pick
git checkout B
git cherry-pick A

https://kipalog.com/posts/Su-dung-git-cherry-pick

issue with volumes = ["/var/run/docker.sock:/var/run/docker.sock", "/cache"]

https://stackoverflow.com/questions/30596866/how-can-i-customize-bashrc-bash-profile-or-profile-on-a-coreos-installation

To add an insecure docker registry, add the file /etc/docker/daemon.json with the following content:
{
"insecure-registries" : [ "hostname.cloudapp.net:5000" ]
}
and then restart docker.

https://support.rackspace.com/how-to/rescue-mode

docker exec --user [container_user] -t [ContainerID] bash -c "psql [db_name] < [sql_file]"

grep matches, grep -v does the inverse. If you need to "match A but not B" you usually use pipes:

grep "${PATT}" file | grep -v "${NOTPATT}"

https://stackoverflow.com/questions/10411616/grep-regex-not-containing-string

Unlike Ubuntu, OS X requires the extension to be explicitly specified. The workaround is to set an empty string:

$ sed -i '' 's/megatron/pony/g' /path/to/file.txt

Add the -i option to sed to save the result back to input.txt.

https://myshittycode.com/2014/07/24/os-x-sed-extra-characters-at-the-end-of-l-command-error/

Increase max_connection and shared_buffers

in /var/lib/pgsql/data/postgresql.conf

change

max_connections = 100
shared_buffers = 24MB

to

max_connections = 300
shared_buffers = 80MB

The shared_buffers configuration parameter determines how much memory is dedicated to PostgreSQL to use for caching data.

If you have a system with 1GB or more of RAM, a reasonable starting value for shared_buffers is 1/4 of the memory in your system.
it's unlikely you'll find using more than 40% of RAM to work better than a smaller amount (like 25%)
Be aware that if your system or PostgreSQL build is 32-bit, it might not be practical to set shared_buffers above 2 ~ 2.5GB.
Note that on Windows, large values for shared_buffers aren't as effective, and you may find better results keeping it relatively low and using the OS cache more instead. On Windows the useful range is 64MB to 512MB.

https://stackoverflow.com/questions/30778015/how-to-increase-the-max-connections-in-postgres