Posts

Tools CI/CD https://docs.drone.io/ https://gitea.io/en-us/ Blog https://gohugo.io/ https://github.com/adityatelange/hugo-PaperMod as git submodule Pipeline .drone.yml kind: pipeline type: docker name: default # default clone doesn't recursive clone: disable: true steps: - name: clone-with-submodules image: plugins/git pull: if-not-exists settings: depth: 50 recursive: true - name: build image: klakegg/hugo pull: if-not-exists commands: - hugo - name: deploy image: drillster/drone-rsync settings: user: from_secret: deploy-blog-user hosts: from_secret: deploy-blog-host key: from_secret: deploy-blog-key source: ./public target: /home/www/releases/${DRONE_BUILD_NUMBER} script: - ln -sfn /home/www/releases/${DRONE_BUILD_NUMBER}/public /home/www/b when: branch: include: - master trigger: branch: - master - dev Badge ...

https://www.opensearch.org/ opensearch opensearch-dashboards logstash Works with rootless podman with podman-compose version: '3' services: opensearch-node1: image: opensearchproject/opensearch:1.3.1 container_name: opensearch-node1 environment: - cluster.name=opensearch-cluster - node.name=opensearch-node1 - discovery.seed_hosts=opensearch-node1,opensearch-node2 - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 #- bootstrap.memory_lock=true # along with the memlock settings below, disables swapping - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # minimum and maximum Java heap size, recommend setting both to 50% of system RAM # ulimits: # memlock: # soft: -1 # hard: -1 # nofile: # soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems # hard: 65536 volumes: - opensearch-data1:/usr/share/opensearch/data ports: - 9200:9200 - 9600:9600 # required for Performance Analyzer networks: - opensearch-net opensearch-node2: image: opensearchproject/opensearch:1.3.1 container_name: opensearch-node2 environment: - cluster.name=opensearch-cluster - node.name=opensearch-node2 - discovery.seed_hosts=opensearch-node1,opensearch-node2 - cluster.initial_master_nodes=opensearch-node1,opensearch-node2 #- bootstrap.memory_lock=true - "OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m" # ulimits: # memlock: # soft: -1 # hard: -1 # nofile: # soft: 65536 # hard: 65536 volumes: - opensearch-data2:/usr/share/opensearch/data networks: - opensearch-net opensearch-dashboards: image: opensearchproject/opensearch-dashboards:1.3.0 container_name: opensearch-dashboards ports: - 5601:5601 expose: - "5601" environment: OPENSEARCH_HOSTS: '["https://opensearch-node1:9200","https://opensearch-node2:9200"]' # must be a string with no spaces when specified as an environment variable logstash: image: opensearchproject/logstash-oss-with-opensearch-output-plugin:7.16.2 container_name: logstash volumes: - ./config/:/usr/share/logstash/pipeline/:ro ports: - 5044:5044 expose: - "5044" environment: LS_JAVA_OPTS: "-Xmx256m -Xms256m" # networks: # - opensearch-net networks: opensearch-net:

Simple Dockerfile to build pinnwand. https://pinnwand.readthedocs.io/en/latest/index.html FROM alpine RUN apk update && apk add py3-pip gcc python3-dev musl-dev g++ RUN pip3 install pinnwand EXPOSE 9000 CMD pinnwand http --port 9000

Try this : pip3 install pip_search pip_search podman-compose -s released 🐍 https://pypi.org/search/?q=podman-compose 🐍 ┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓ ┃ Package ┃ Version ┃ Released ┃ Description ┃ ┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩ │ 📂 compose-addons │ 0.2.1 │ 20-08-2015 │ Tools to supplement │ │ 📂 compose-deploy │ 0.1.5 │ 13-05-2016 │ A wrapper around docker-compose to aid in deploying to a remote server. │ │ 📂 compose_diff │ 0.4.0 │ 03-01-2017 │ diff docker-compose files │ │ 📂 compose-monitor │ 1.2.6 │ 10-07-2017 │ This utility is designed for monitoring and updating of the services in the specified docker-compose.yml file. │ │ 📂 compose_format │ 1.2.0 │ 12-10-2017 │ format docker-compose files │ │ 📂 compose-dump │ 0.1b4 │ 27-02-2018 │ Backup tool for Docker Compose projects │ │ 📂 compose-paas │ 1.0.3 │ 14-05-2018 │ Deploy to multiple container platforms/PAAS using docker-compose files │ │ 📂 dockerfile-compose │ 0.0.3 │ 16-09-2018 │ Utils for making dockerfiles from other dockerfiles │ │ 📂 flask-compose │ 0.2.0 │ 27-10-2018 │ A routing library for flask applications obeying the "Decorator Design Pattern". │ │ 📂 ansible-compose │ 1.0.8.post5 │ 15-02-2019 │ The obscene docker-compose deploy with ansible cli │ │ 📂 pandoc-compose │ 0.0.7 │ 14-06-2019 │ Create and run a fully configured pandoc command. │ │ 📂 jinja-compose │ 0.0.1 │ 22-07-2019 │ docker-compose wrapper with Jinja support │ │ 📂 compose-watcher │ 1.2.5 │ 19-03-2020 │ compose-watcher │ │ 📂 compose-cms │ 1.0.3 │ 24-07-2020 │ │ │ 📂 context-compose │ 0.0.2 │ 22-10-2020 │ Compose context managers from a sequence │ │ 📂 compose-plantuml │ 0.2.1 │ 23-11-2020 │ converts docker-compose into plantuml │ │ 📂 gen-compose │ 1.1.0 │ 27-11-2020 │ Key generator for macos keybinding system │ │ 📂 opod │ 0.0.1 │ 24-01-2021 │ Use opod orchestrate Podman │ │ 📂 ecs-compose │ 0.9.92 │ 25-01-2021 │ Amazon ECS cli for docker-compose like deployments │ │ 📂 location-guessing-game-telegram-bot │ 0.1.1 │ 14-02-2021 │ Basic Telegram Bot Sending Random Wikimedia Commons Photos │ │ 📂 backup-compose │ 0.0.4 │ 16-03-2021 │ Backup/Restore your docker-compose projects │ │ 📂 neoload-compose │ 0.1.4 │ 02-04-2021 │ A command-line native utility for creating NeoLoad performance tests │ │ 📂 gada-compose │ 0.1a0 │ 07-04-2021 │ Python frontend for mysql cli │ │ 📂 compose-flow │ 3.8.2 │ 06-05-2021 │ codified workflows for docker compose │ │ 📂 docker-compose │ 1.29.2 == │ 10-05-2021 │ Multi-container orchestration for Docker │ │ 📂 compose-mode │ 0.6.0 │ 03-06-2021 │ A tiny wrapper around docker-compose to easily use multiple sets of config files │ │ 📂 guacamole-compose │ 0.1.7 │ 17-06-2021 │ Easy deployment of Apache Guacamole. │ │ 📂 precompose │ 0.4.0 │ 09-08-2021 │ Import a Docker Compose application into ostree │ │ 📂 connexion-compose │ 0.3.2 │ 03-09-2021 │ Create Connexion schema composed from several files in a nested directory structure. │ │ 📂 compose.db2 │ 0.2.0.2 │ 16-10-2021 │ compose db2 management library │ │ 📂 compose │ 1.2.8 │ 19-10-2021 │ The classic ``compose``, with all the Pythonic features. │ │ 📂 podman-compose │ 1.0.3 == │ 21-12-2021 │ A script to run docker-compose.yml using podman │ │ 📂 repo2podman │ 0.1.1 │ 07-02-2022 │ Repo2docker Podman extension │ │ 📂 cloudview │ 0.3.8 │ 09-02-2022 │ View instance information on all supported cloud providers │ │ 📂 podman │ 4.0.0 │ 28-02-2022 │ Bindings for Podman RESTful API │ │ 📂 v-podman-compose │ 1.0.4b1 │ 23-03-2022 │ A script to run docker-compose.yml using podman │ │ 📂 compose-pydantic │ 0.2.0 │ 02-04-2022 │ Parse Compose Specification data using Pydantic │ │ 📂 thoth-messaging │ 0.16.1 │ 05-04-2022 │ Messaging module of Project Thoth │ │ 📂 molecule-podman │ 2.0.0 │ 08-04-2022 │ Molecule aids in the development and testing of Ansible roles │ │ 📂 thoth-storages │ 0.71.2 │ 11-04-2022 │ Storage and database adapters available in project Thoth │ └────────────────────────────────────────┴─────────────┴────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

Si on démarre un container avec : docker run -p 80:80 nginx, docker rajoute une règle dans sa chaîne DOCKER-USER de iptables afin de faire son foward. De cette manière, les règles de INPUT ne sont pas utilisées et le filtre entrant ne s’applique pas au service des containers. On joue donc avec DOCKER-USER pour contourner ce problème. Par exemple on peut ajouter en dernière ligne à cette chaîne une règle -j DROP -i eth0 et filtrer par la suite. ...

gitlab-runner.yaml : Un truc du genre à adapter. [[runners]] name = "Cool" url = "https://cool/" token = "123456789" output_limit = 50000000 executor = "docker" [runners.custom_build_dir] [runners.cache] [runners.cache.s3] [runners.cache.gcs] [runners.cache.azure] [runners.docker] tls_verify = false image = "docker:stable" privileged = true disable_entrypoint_overwrite = false oom_kill_disable = false disable_cache = false shm_size = 0

Pour ne plus oublier : insert into new_table (select * from old_table);

On peut mettre dans : /etc/apache2/conf.d/http2.conf H2ModernTLSOnly on Protocols h2 h2c http/1.1 /etc/apache2/sites-enable/default-ssl.conf <VirtualHost *:443> ServerName www.example.net ServerAdmin webmaster@localhost H2EarlyHints on DocumentRoot /var/www/ Header always set Strict-Transport-Security "max-age=15552001; includeSubdomains;" LogLevel warn ErrorLog ${APACHE_LOG_DIR}/error_.log CustomLog ${APACHE_LOG_DIR}/access_.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.net-0001/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.net-0001/privkey.pem <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options FollowSymLinks MultiViews Options -Indexes AllowOverride None Order allow,deny allow from all </Directory> <Directory /var/www/h/> <FilesMatch "\.html$"> H2PushResource "/h/assets/css/common.css" critical H2PushResource "/h/images/profile.png" critical H2PushResource "/h/theme/pygments/github.min.css" critical H2PushResource "/h/theme/stylesheet/style.min.css" critical </FilesMatch> </Directory> </VirtualHost>

On a essayé de rediriger 2 millions d’url avec la fonction remaps de nginx. Les redirections occupaient beaucoup de temps CPU et chargaient la mémoire du serveur (1Go). Les temps de réponses étaient très moyens. Une autre solution est possible sans ces inconvénients. On récupère la lib lua sur OpenResty. https://github.com/openresty/lua-resty-redis On le range et on édite nginx.conf pour placer le chemin ci-dessous dans la balise http : lua_package_path "/etc/nginx/lib/redis.lua;;"; On édite la conf du vhost : ...

Pour vérifier les url d’un site et les liens morts. linkchecker est présent dans les dépôts de Debian. Il peut être agressif… Attention à la charge. Dans les logs on a : X.X.X.X - - [10/Dec/2018:10:10:10 +0100] "GET /fr/tout-pour-les-cadeaux-.html HTTP/1.1" 200 38266 "https://www.wwww.com/fr/evenement/noel/j-envoie-mes-voeux/" "Mozilla/5.0 (compatible; LinkChecker/9.4.0; +http://wummel.github.io/linkchecker/)"