If you have a simple directory containing multiple template files that should be generated on a target host, the ‘with_fileglob‘ lookup plugin provides an easy way to render them. Below is an example rendering all the files from the ‘templates’ directory of a role. – name: create file out of every file in template directory … Ansible: generating templates with deep directory structure using with_filetree
Whether you are working on scaling, performance, or high-availability, it can be useful to see exactly which Kubernetes worker node that pods are being scheduled unto. Pods as distributed across worker nodes ns=default kubectl get pods -n $ns -o=custom-columns=NAME:.metadata.name,NODE:.spec.nodeName Pods as distributed across zones (GKE specific) If you wanted to take it one step further … GKE: show pod distribution across nodes and zones
If you are managing GKE clusters using Anthos Config Management (ACM) and need to take advantage of newer features or enhancements in ConfigSync or PolicyController, upgrading these components can be done using the gcloud utility. # check current version of ACM on GKE clusters gcloud beta container fleet config-management version # select membership to upgrade … GKE: upgrade Anthos Config Management for GKE cluster
If you are getting a warning similar to below when running a Python3 application: /usr/lib/python3/dist-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated This can be resolved by upgrading to the latest paramiko module. # check current version then upgrade pip3 show paramiko pip3 install paramiko –upgrade # check upgraded version pip3 show paramiko In my case, this … Python: fixing ‘CryptographyDeprecationWarning: Blowfish has been deprecated’
In this article I will demonstrate how to take a Terraform configuration that is using a local state file and migrate its persistent state to a remote Google Cloud Storage bucket (GCS). We will then perform the migration again, but this time to bring the remote state back to a local file. We will illustrate … Terraform: migrate state from local to remote Google Cloud Storage bucket and back
If you are using Anthos GKE on-premise and need to determine which node of your Admin Cluster is the master, query for the master role. The label is ‘node-role.kubernetes.io/master’. $ kubectl get nodes -l node-role.kubernetes.io/master NAME STATUS ROLES AGE VERSION gke-admin-master-adfwa Ready control-plane,master 7d v1.24.9-gke.100 # using wide will also show External and Internal IP … GKE: Determine Anthos on-prem GKE master node and IP address
Listing all the pods belonging to a deployment can be done by querying its selectors, but using the deployment’s synthesized replicaset identifier allows for easier automation. # deployment name and namespace deployment_name=mydeployment deployment_ns=mynamespace # get replica set identifier for deployment dep_rs=$(kubectl describe deployment $deployment_name -n $deployment_ns | grep ^NewReplicaSet | awk ‘{print $2}’) # get … Kubernetes: list all pods in deployment
The dig utility is convenient for doing manual DNS resolution from your system. Additionally, it uses the same OS resolver libraries as your applications which makes it more accurate than nslookup for emulating application issues and its output is more suitable for machine parsing. # ensure ‘dig’ is installed sudo apt install -y bind9-dnsutils dig … Bash: using dig for reverse DNS lookup by IP
For troubleshooting DNS issues, running the dig utility directly from OpenWrt can be essential. This is easily done by installing the ‘bind-dig’ package as shown below. opkg update opkg install bind-dig
If you are upgrading from Ubuntu 20 to Ubuntu 22 using ‘do-release-upgrade’ and get a fatal error ‘Connection to the the Snap Store failed’, this may be resolved by removing the ‘lxd’ package which is a lightweight container supervisor. sudo /etc/init.d/lxd stop sudo rm -fr /var/lib/lxd sudo dpkg –force depends -P lxd; sudo dpkg –force … Ubuntu: ‘Connection to the Snap Store failed’ during upgrade from Ubuntu 20 to 22
Creating a Google Cloud Storage bucket is simple, but the IAM permissions required to perform operations in the bucket can be difficult to understand. Especially when you want something as simple as to provide upload/download access to the person who created the bucket and perhaps a service account. Below are the commands for creating a … GCP: Google Cloud Storage bucket with permissions for user or service account
While enabling HTTPS is a important step in securing your web application, it is critical that you take steps to disable legacy protocols and low strength ciphers that can circumvent the very security you are attempting to implement. The Qualys SSL test is popular for grading the overall security of a public site, but you … Linux: using nmap to check the secure protocols and ciphers of a site
If you need a way to simply encrypt and decrypt files or strings with a symmetric key (same password for encryption and decryption), openssl provides this functionality. Be sure to avoid weak ciphers such as 3DES, and employ salt as well as PBKDF2 iterations to reduce vulnerability to brute force attacks. Here is a simple … Linux: using openssl to encrypt and decrypt files and strings
There were significant changes made to VLAN configuration between OpenWrt 19.x and 21.x. Also, many of the target chipset were migrated from swconfig to DSA (Distributed Switch Architecture), which introduced differences in bridging. In this article, I will create a set of VLAN for my OpenWrt 21.x DSA-enabled router with isolated guest Wi-Fi networks. I … OpenWrt: bridge VLAN filtering for OpenWrt 21.x with DSA, isolated guest Wi-Fi
A pod belonging to a deployment can be manually deleted, scaled down, or restarted to get a fresh pod. However, if all you have is a simple pod definition, these actions are not available. One way of restarting the pod is to output its full yaml definition and use ‘kubectl replace’ with the force option. … Kubernetes: restart a simple pod
Below is an example using ‘kubectl patch’ to update the securityContext of a single, specific container named ‘my-init-container1’ of the ‘initContainers’ list. kubectl patch deployment my-deployment -n default –patch='{ “spec”: { “template”: { “spec”: { “initContainers”: [ { “name”: “my-init-container1”, “securityContext”: { “runAsUser”: 999 } } ] } } } }’ But ‘initContainers’ is an … Kubernetes: patch every array element using kubectl and jq
If apt update throws warnings about invalid signature verification and NO_PUBKEY, you may need to migrate from using the deprecated system keyring to using a ‘signed-by’ attribute in your apt repo definition file. Here are examples of errors you might see when doing an ‘apt update’. W: An error occurred during the signature verification. The … Ubuntu: fixing apt NO_PUBKEY errors by converting deprecated keyring to signed-by attribute
If you are going to create a GKE cluster in a region, you may need to be explicit with the version of the master control plane and worker nodes. Below is how you would list the available versions. # specify your region region=us-east1 gcloud container get-server-config –region=$region
If you are attempting to ssh to a server and receive an error like below, it means the server side ssh daemon only supports a cryptographically weaker algorithm. Unable to negotiate with 192.168.2.1 port 22: no matching host key type found. Their offer: ssh-rsa If you still wish to connect, you can either provide this … Linux: ssh client throwing unable to negotiate error
OpenWrt now has a feature called Attended Sysupgrade that removes the friction required to do a sysupgrade. Previously, we needed to take note of the user installed packages on a system so they could be manually re-installed after the sysupgrade, but now the ASU backend dynamically builds an image with our custom packages pre-installed. This … OpenWrt: sysupgrade using Attended Sysupgrade
Starting with OpenWrt 21, a specific list of chipsets starting using DSA (Distributed Switch Architecture) from the Linux kernel instead of swconfig. This significantly changes the way switches and vlan are handled in OpenWrt, and therefore system configurations cannot always be migrated. Trying to run sysupgrade on a chipset that is changing from swconfig to … OpenWrt: upgrading to latest version when chipset migrated to DSA support
If you have neglected to upgrade your OpenWrt router from an older version (such as 15.x) to the latest 19.x release, there are manual steps that must be taken to ensure persistence of any custom configurations and package installations. This article will take you through a manual sysupgrade to 19.x. The reason we are upgrading … OpenWrt: upgrading from older OpenWrt versions to 19.x
If you have ever considered moving from WordPress to the Hugo static site generator, you can preview this migration by running Hugo on your local Ubuntu host. This will allow you to assess whether you can find suitable replacements for the WordPress plugins you have come to rely upon, validate your content syntax, and tweak … Hugo: exporting a WordPress blog to a static Hugo site on Ubuntu
If you need to extract the Nth occurrence of a match in a file (given definitive block separators), awk provides a convenient way to express the extraction. For example, a chained pem certificate will have multiple certification definitions with unique starting and ending marker lines. Here is how you would extract the second certificate. awk … Bash: awk to extract Nth match from file based on line separator
If you have ever considered moving from WordPress to the Jekyll static site generator, you can preview this migration by running jekyll on your local Ubuntu host. This will allow you to assess whether you can find suitable replacements for the WordPress plugins you have come to rely upon, validate your content syntax, and tweak … Jekyll: exporting a WordPress blog to a static Jekyll site on Ubuntu
The Plotly graphing library has a wide array of visualizations for datasets. And it has native support for Pandas DataFrame, which makes it convenient for datasets coming from a wide range of sources. One visualization that I find particularly useful for hierarchical data is the TreeMap, which can group on data lineage, uses area as … Python: TreeMap visualization of hierarchical Pandas DataFrame
If you have warning messages coming from apt about an invalid signature verification and EXPKEYSIG, then it is likely that a signing key for one of the remote apt repo has expired. Below is an example coming from an expired podman package at the “download.opensuse.org” repo. W: An error occurred during the signature verification. The … Ubuntu: fixing apt invalid signature warnings
If you have Dropbox installed on your Linux desktop and have recently started seeing this warning message from apt: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details This can be resolved by adding the Dropbox PGP key to the ‘signed-by’ of the apt repo definition (as … Ubuntu: fix apt warning for Dropbox with key in legacy keyring
Mike Farah’s yq yaml processor has a a rich set of operators and functions for advanced usage. In this article, I will illustrate how to update a deeply nested element in yaml. Install yq Here are the steps for installing the latest yq on Snap enabled systems like Ubuntu/Debian. See the notes at bottom if … yq: update deeply nested elements in yaml
Mike Farah’s yq yaml processor has a a rich set of operators and functions for advanced usage. In this article, I will illustrate how to take a block of yaml from one file to populate a specific location in another. Install yq Here are the steps for installing the latest yq on Snap enabled systems … yq: replace section of one yaml file with content section of another
Gitlab has an official CLI tool that allows you to perform many of the operations you may currently perform in the web UI. Among its many uses, the ‘glab‘ utility will allow you to fork repositories, manage issues, merge PR, and create releases all from the console for ease of use or automation. Below I … GitLab: glab official CLI tool for repository operations
Github Actions provide the ability to define a build workflow based on Github repository events. The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a statically-linked GoLang binary that when … Github: automated build and publish of containerized GoLang app with Github Actions
Github Actions provide the ability to define a build workflow directly in Github. The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a statically-linked GoLang binary that is automatically built … Github: automated Github release of GoLang binary using Github Actions
Python issues warning messages to users when an exception or halting the program is not warranted but there is still useful information that should be relayed to the end user. Instead of following your first instincts to suppress these warnings you should instead resolve the root issue. However, if you already understand the problem and … Python: suppressing warnings from Python applications
If you are using Linux with graphical X interface and need to copy to the clipboard, the ‘xclip‘ utility works similar to ‘pbcopy’ on a Mac terminal and will place the content unto your clipboard. Here is the basic usage: sudo apt install xclip -y # copies to clipboard echo “hello” | xclip -selection clipboard … Linux: xclip to place content on the clipboard
A Gradle Exec task will only run the last ‘commandLine’ defined inside its block. Putting multiple entries inside its block will not run multiple commands. As an example, if you run the following Gradle task. task willOnlyRunLast(type: Exec) { commandLine “echo”, “first” commandLine “echo”, “second” commandLine “echo”, “last” } The task above will only echo … Gradle: running more than one command in an Exec task
Github Actions provide the ability to define a build workflow directly in Github. The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a simple Spring Boot web application that when … Github: automated Github release for Spring Boot jar using Github Actions
Github Actions provide the ability to define a build workflow directly in Github. The workflow steps are defined as yaml and can be triggered by various events, including a code push, branch, or tagging in the repository. In this article I will detail the steps of creating a simple Spring Boot web application that when … Github: automated build and publish of containerized Spring Boot app using GitHub Actions
The GitHub “Release” page for a repository can provide your consumers a convenient way to download a binary version of your software as well as track the latest changes and enhancements. In this article, I will show how to invoke a local release process for a Java Spring Boot jar built with Gradle. A new … Github: locally invoked release process for a Gradle built Java Spring Boot project
The GitHub “Release” page for a repository can provide your consumers a convenient way to download a binary version of your software as well as track the latest changes and enhancements. In this article, I will show how to invoke a local release process for a Go language binary. A new Github release will be … Github: locally invoked release process for a Go binary