Listing posts

Displaying posts 1 - 5 of 198 in total
Cotton cake
mouse 2 · person cloud · link
Last update
2019-07-16
2019
07-16
«Japanese cotton cake o Cheesecake giapponese.
Torta magica che si scioglie in bocca!»
Cover original

Strumenti:

  • 1x stampo a cerniera da 20cm
  • 1x teglia per contenere lo stampo

Versione classica

Ingredienti:

  • 30gr di burro
  • 60ml di latte
  • 180gr di formaggio spalmabile
  • un pizzico di sale
  • scorza di un limone grattugiata
  • 110gr di zucchero
  • 40gr di farina 00
  • 20gr di amido di mais
  • 5gr di lievito
  • 3x uova
  • 10ml di succo di limone

Procedimento:

  1. Foderare lo stampo: dentro carta forno e fuori carta stagnola (per isolarlo dall'acqua del bagno maria).
  2. Sciogliere il burro e lasciarlo raffreddare.
  3. Preparare il composto:
    1. Primo:
      • Frustare latte, formaggio, sale, scorza di limone.
      • Incorporare tuorli e burro.
      • Incorporare farina, amido e lievito.
      • Posizionare lo stampo dentro teglia più grande riempita a metà con acqua calda.
    2. Secondo:
      • Montare gli albumi col succo di limone triplicando il volume.
      • Incorporare lentamente lo zucchero.
    3. Unire i due composti con movimenti circolari dall'alto verso il basso.
  4. Cottura:
    1. Riempire con acqua metà teglia.
    2. Versare il composto nello stampo ed inserirlo nella teglia.
    3. Infornare (statico) per 60-70 minuti a 150°.
    4. Lasciar raffreddare nel forno spento e leggermente aperto.

Versione rapida

Ingredienti:

  • 120gr di cioccolato bianco
  • 120gr di formaggio spalmabile
  • 3x uova

Procedimento:

  1. Foderare lo stampo: dentro carta forno e fuori carta stagnola (per isolarlo dall'acqua del bagno maria).
  2. Sciogliere il cioccolato, incorporare formaggio e tuorli
  3. Montare a neve gli albumi ed incorporarli al composto
  4. Cottura:
    1. Riempire con acqua metà teglia.
    2. Versare il composto nello stampo ed inserirlo nella teglia.
    3. Infornare (statico) per 15 minuti a 170° e poi altri 15 minuti a 160°.
    4. Lasciar raffreddare nel forno spento e aperto.

Fonte: lacucinaitaliana.it


~~~ * ~~~

Rails upgrade notes
mouse 60 · person cloud · link
Last update
2019-07-12
2019
07-12
«rails notable/interesting changes from v4 to edge»

ActiveStorage -- upload to cloud ActiveJob -- background jobs ActionMailbox Security Backend, Tools Frontend

TODO

New in rails (till 2019-07-06)

Upgrade experiences -- google search

References

Tools

  • scaling ruby apps
  • 📺 DHH youtube videos on writing sw well
  • MiniMagick
  • ruby's set: a collection of unordered values with no duplicates
  • obj.method(:method_name).source_location => mostra dov'e' definito il metodo
  • <<~TAG ... TAG al poso di <<-TAG...TAG rimuove gli spazi di indentazione!
  • thor -- build powerful command-line interfaces

Benchmark howto

docs, ips extension, article

1
2
3
4
5
6
7
8
9
require 'benchmark'

a = [:a, :b]
b = :b
n = 10000000
Benchmark.bm do |x|
  x.report { n.times do !(Array(a) & Array(b)).empty? end }
  x.report { n.times do Array(a).include?(b) end }
end
1
2
3
4
5
6
7
8
require 'benchmark/ips'
require 'uri'

uri = 'http://example.com/foos_json?foo=heyo'

Benchmark.ips do |x|
  x.report('URI.parse') { URI.parse(uri) }
end

vedi esempi di barnchmark in Hash#deep_merge PR

Books


~~~ * ~~~

RaspberryPi server
Last update
2019-07-11
2019
07-11
«raspi, raspbian, nas, webdav, dlna, media center, torrent, rdp/vnc, print/scan, firewall, dns, monitoring, vpn, zram»

Table of contents:

  1. Update raspbian linux to latest version
  2. Change pi user password and hostname
  3. Configure a static IP address
  4. Tune kernel settings
  5. Tune wifi settings
  6. Remove tv black borders
  7. Fix slow usb mouse
  8. Reduce power consumption
  9. Extend lifespan of mechanical HDD
  10. Extend lifespan of sdcard
  11. Extend your RAM by enabling ZRAM
  12. Setup a NAS (via NFS)
  13. Setup a remote desktop (via VNC)
  14. Setup a shared printer
  15. Setup the firewall
  16. Dedicated posts:
  17. SSH access and tunnels
  18. Tools
  19. Backup
  20. Miscellanea

Update raspbian linux to latest version:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apt-get update
apt-get upgrade
apt-get dist-upgrade
apt-get clean
apt-get autoremove
rpi-update # update firmware & kernel

apt-get purge bash-completion     # speed up shell TAB-auto completion

# --- os version update, eg: from jessie (deb8) to stretch (deb9)
sed -i 's/jessie/stretch/g' /etc/apt/sources.list
sed -i 's/jessie/stretch/g' /etc/apt/sources.list.d/raspi.list
# repeat the commands above, then check the current version:
cat /etc/os-release

Debian 10 upgrade: see rpi blog post notes and comments.




Change pi user password and hostname:

1
sudo raspi-config # Change User Password; Hostname




Configure a static IP address (see also this and fallback method):

append the desired following blocks to /etc/dhcpcd.conf:

1
2
3
4
5
6
7
8
9
10
11
12
13
interface eth0
fallback mylan

SSID my_wifi_ssid
fallback mylan

interface wlan0
fallback mylan

profile mylan
static ip_address=192.168.1.110/24
static routers=192.168.1.1
static domain_name_servers=84.200.69.80 37.235.1.174 84.200.70.40 37.235.1.177

Note: Do not use the directive inform 192.168.1.110 because it breaks the UPS monitor.




Tune kernel settings

  • Disable IPv6: append ipv6.disable=1 to kernel parameters in /boot/cmdline.txt or:
1
2
3
4
# via sysctl:
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.d/local.conf
# via modprobe:
echo "blacklist ipv6" >> /etc/modprobe.d/local.conf
  • Set autoreboot on kernel panic: append panic=5 to kernel parameters in /boot/cmdline.txt or via sysctl:
1
echo "kernel.panic = 5" >> /etc/sysctl.d/local.conf
  • Remove tv black borders: set disable_overscan=1 in the /boot/config.txt.

  • Fix slow usb mouse: append usbhid.mousepoll=0 to kernel parameters in /boot/cmdline.txt.




Tune wifi settings

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# disable roaming
echo "options brcmfmac roamoff=1" >> /etc/modprobe.d/local.conf

# set correct regional domain
sed -i 's/REGDOMAIN=.*/REGDOMAIN=IT/' /etc/default/crda

# auto turn off power management
cd /etc/network/if-up.d/
echo -e '#!/bin/bash\n/sbin/iw dev wlan0 set power_save off' > local-wlan
chmod 755 local-wlan
# find an optimal MTU size via:
#   ping -c 2 -M do -s 1600 www.google.com
# then save it with:
echo "/sbin/ip link set dev wlan0 mtu 1400" >> local-wlan

Turn off bluetooth if unused, see this section.




Reduce power consumption:

put in /etc/rc.local:

1
2
3
4
5
6
7
8
9
10
11
# turn off leds multiple times
(for i in 1 2 3 4 5; do
  for i in /sys/class/leds/led?; do
    echo none > $i/trigger
    echo 0    > $i/brightness
  done
  sleep 60
done) &

# disable HDMI output (and set boot to console via raspi-config)
/usr/bin/tvservice -o # -p to re-enable

set boot to console and reduce memory split:

1
2
raspi-config # Boot Options > Desktop / CLI > Console
raspi-config # Advanced Options > Memory Split > 16

turn off unsued wlan/bluetooth (see /boot/overlays/README), put in /boot/config.txt:

1
2
dtoverlay=pi3-disable-wifi
dtoverlay=pi3-disable-bt

and turn off the bluetooth services:

1
2
systemctl disable hciuart
systemctl disable bluetooth




Extend lifespan of mechanical HDD:

put in /etc/hdparm.conf:

1
2
3
4
5
6
7
/dev/sda {
  write_cache = on
  # -B -- disable Advanced Power Management
  apm = 254
  # -S -- 1h timeout
  spindown_time = 242
}




Extend lifespan of sdcard:

install my tmpfs-folders script and add a custom periodic cleaning of /var/log files in root crontab:

1
2
#  m   h   dom   mon   dow   command
   0   0     *     *     3   /opt/systemd-units/clear_var_log.sh > /dev/null 2> /dev/null




Extend your RAM by enabling ZRAM (compressed RAM):

put in /etc/rc.local:

1
2
3
4
5
6
7
8
9
10
if modprobe zram num_devices=1 ; then
  echo lz4  > /sys/block/zram0/comp_algorithm
  echo 384M > /sys/block/zram0/mem_limit
  echo 768M > /sys/block/zram0/disksize

  mkswap /dev/zram0
  swapon -p 10 /dev/zram0

  sysctl vm.swappiness=90
fi

and optionally disable dphys-swapfile swapfile service:

1
systemctl disable dphys-swapfile




Setup a NAS (via NFS):

Server side commands:

1
2
3
4
5
6
7
8
9
apt-get install nfs-kernel-server

systemctl enable rpcbind # it's disabled by default...
systemctl restart nfs-kernel-server

# add a share to /etc/exports
echo "/path 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=1001,anongid=1001)" >> /etc/exports

exportfs -ra # reload server

and append these lines to /ect/rc.local:

1
2
3
# fix: nfs server doesn't start without rpcbind
systemctl start   rpcbind
systemctl restart nfs-kernel-server

Client side commands:

1
2
echo "192.168.1.110:/path /mnt/path nfs defaults,user,exec 0 0" >> /etc/fstab
mount /mnt/path




Setup a remote desktop (via VNC):

You have three options:

  1. Install the modern TigerVNC server, see the dedicated post
  2. Use the lightdm TigerVNC service by enabling it in /etc/lightdm/lightdm.conf
  3. Install the old TightVNC:

    1
    2
    3
    4
    5
    apt-get install tightvncserver
    # set a password and run a LQ server on display 1:
    vncpasswd
    vncserver -geometry 1024x768 -depth 8 :1
    vncviewer server_ip:1 # connect from another host
    




Setup a shared printer:

1
2
3
4
5
6
7
apt-get install cups
apt-get install hplip # HP printers drivers
hp-setup -i # install printer + dl drivers

elinks http://localhost:631
# Administration > Printers > Add printer
# Server settings > Share printers connected to this system

then turn the printer off and on again.

On Android you can install these apps: Let's print Droid, and Let's Print PDF.




Setup the firewall:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
apt-get install ufw

ufw reset # reset to defaults

ufw default allow outgoing
ufw default deny  incoming

ufw limit 22/tcp              # max 6 new connections every 30 seconds
ufw limit 2200:2230/udp       # mosh port range
ufw allow from 192.168.1.0/24 # your intranet
ufw allow 1810:1819/tcp       # deluge
ufw allow 1810:1819/udp       # deluge

ufw enable




Dedicated posts:




SSH access and tunnels:

1
2
3
4
5
6
7
# deluge thin client & web ui, vnc, nginx
ssh \
  -L 58846:localhost:58846 \
  -L 8112:localhost:8112   \
  -L 5901:localhost:5901   \
  -L 1234:localhost:1234   \
  user@server_addr

You can use these very useful clients: PuTTY for windows/linux and juiceSSH on Android.

You can also use your server as a SOCKS proxy.

You can use mosh (even with juiceSSH!) to reliably connect from unstable or high latency networks:

1
2
apt-get install mosh               # run this both on client and server
mosh -p 2200:2230 user@server_addr # connect to opened UDP ports on server




Tools:

1
2
3
apt-get install rpi-chromium-mods # video acceleration on google chrome
apt-get install remmina           # very handy VNC/SSH GUI
apt-get install omxplayer         # accelerated cli media player
  • OMXplayer GUIs:

    1
    2
    3
    4
    5
    sudo apt install libdbus-1-dev
    pip install omxplayer-wrapper
    wget -O ~/bin/gomx https://github.com/vladcc/gomx/raw/master/gomx/gomx.py
    chmod 755 ~/bin/gomx
    sed -i 's/^PL_WIN_PAD = .*/PL_WIN_PAD = 0/' ~/bin/gomx # adjust padding
    
  • raspi-keygen -- Patch for MPEG-2, VC-1 license (untested, use it at your own risk)

    1
    2
    cd /boot && cp start.elf start.elf_backup && \
      perl -pne 's/\x47\xE9362H\x3C\x18/\x47\xE9362H\x3C\x1F/g' < start.elf_backup > start.elf
    




Backup:

You can do a full/raw sdcard backup or a live/tar one.

As an alternative to 7za you can use xz just like the gz command (or use the -J option of tar).




Miscellanea:

  • Fix TV/monitor not detected unless powered on first:

    1
    sudo tvservice -d /boot/edid.dat
    
    1
    2
    3
    # /boot/config.txt
    hdmi_edid_file=1
    hdmi_force_hotplug=1
    
  • Test if we are on a raspberry (/sys, /proc/cpuinfo):

    1
    2
    cat /sys/firmware/devicetree/base/model # Raspberry Pi 3 Model B Rev 1.2
    grep Hardware /proc/cpuinfo             # Hardware : BCM2708
    
  • To save space on new installs of ruby gems, put in ~/.gemrc:

    1
    2
    install: --no-rdoc --no-ri -​-no-document
    update:  --no-rdoc --no-ri -​-no-document
    

    and to install a gem in the user $HOME use this command:

    1
    2
    3
    4
    gem install --user-install bundler
    
    # remember to update your PATH adding this line to ~/.bashrc
    export PATH=$HOME/.gem/ruby/2.1.0/bin:$PATH
    
  • If you have a logitech wireless keyboard (eg: K400+) then you can use solaar to query and configure it:

1
2
3
4
5
6
git clone https://github.com/pwr/Solaar.git
cd Solaar/bin

solaar show all
solaar show 1 | grep Battery
solaar config 1 fn-swap off # toggle function keys
  • If you have a keyboard without the F# keys (like the kano keybord) you can emulate them with xdotool and then run it via xbindkeys:

    1
    2
    3
    4
    sudo apt-get install xdotool xbindkeys xbindkeys-config
    xdotool key ctrl+alt+F1  # emulate these key press
    xbindkeys-config         # create and save your bindings
    xbindkeys                # run daemon
    

    or you can use xmodmap to remap existing keys:

    1
    2
    3
    xmodmap -pke | tee ~/.Xmodmap > ~/.Xmodmap-orig
    nano    ~/.Xmodmap # edit keys
    xmodmap ~/.Xmodmap # load changes (run this on X startup)
    

    see Xorg keyboard references on the bottom.

  • Autostart programs when loggin in LXDE: put your commands prefixed by @ in ~/.config/lxsession/LXDE-pi/autostart




Notes:

  • Raspberry Pi 3 provides 1.2A USB current by default (no need to set max_usb_current=1 in /boot/config.txt). Of course a 2.5A PSU is mandatory.

Tips:

Sources:


TODO/WIP:

  • remote control: ruby Sinatra/telegram bot
    • toggle Wi-Fi
    • scan: to hd/dl/mail, jpeg/pdf, color/grey, resolution
    • print PDF (upload file) Fronte/retro?
    • copy (scan & print)
    • restart services
    • reboot, shutdown

~~~ * ~~~

Docker howto attachment
Last update
2019-07-08
2019
07-08
« — »

Installation on debian

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# check system compatibility
wget -q -O - https://raw.githubusercontent.com/docker/docker/master/contrib/check-config.sh | \
  bash | tee docker-check.txt

# install docker: key, repo, packages
apt-get install apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -

# echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" > /etc/apt/sources.list.d/docker-ce.list # armhf @ raspi
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable" # armhf @ raspi

apt-get update && apt-get install docker-ce

# allow user to use docker
usermod -aG docker username

# test installation
docker version
docker info

# run a simple test image
docker run hello-world

See also post install for troubleshooting dns/network/remote access.

On raspberry pi just use curl -sSL https://get.docker.com | sh (repo not working).

Creating an image (ref, best practices)

1
2
3
4
5
6
7
8
9
10
11
12
touch Dockerfile # and fill it
docker build -t test-myimg . # create the image with a tag

# test run image
docker run -p 4000:80    test-myimg
docker run -it test-myimg /bin/bash

# run image detached/on background
docker run -p 4000:80 -d --name tmi test-myimg
docker container ls -a
docker container stop <container_id>
docker container start -i tmi # restart container

Interact (ref)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# run interactive shell into debian image (temporary)
docker run --name prova --rm -it debian /bin/bash 

# run interactive shell into debian image
docker run -it debian /bin/bash 

apt-get update

apt-get install -y dialog nano ncdu
apt-get install -y locales

localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8
echo "LANG=en_US.utf8" >> /etc/environment

rm -rf /var/lib/apt/lists/*

docker commit e2b7329257ba myimg:v1

docker run --rm -it myimg:v1 /bin/bash

# run a command in a running container
docker exec -ti a123098734e bash -il

docker stop a123098734e
docker kill a123098734e

Save & restore

1
2
3
4
5
docker save imgname | gzip > imgname.tgz
zcat imgname.tgz | docker load

# flatten image layers (losing Dockerfile)
docker export <id> | docker import - imgname:tag

Registry - Image repository

1
2
3
4
5
# push image to gitlab registry
docker login registry.gitlab.com
docker tag test-myimg registry.gitlab.com/username/repo:tag # add new tag...
docker rmi test-myimg # ...and remove the old tag
docker push registry.gitlab.com/username/repo:tag

DockerHub official base images links: debian, ruby, rails, redis, nginx.

Available free registry services:

Name # Priv/Pub Notes
gitlab inf/ND 1 prj x registry
treescale inf/inf max 500 pulls & 50GB
canister 20/ND very good service
docker hub 1/inf perfect

Running arm image on x86

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# https://ownyourbits.com/2018/06/27/running-and-building-arm-docker-containers-in-x86/
apt-get install qemu-user-static

docker run \
  -v /usr/bin/qemu-arm-static:/usr/bin/qemu-arm-static \
  -e LANG=en_US.utf8 -ti --name myarmimg arm32v7/debian:wheezy

[...]

docker commit myarmimg myarmimg

docker container prune -f

docker run \
  -v /usr/bin/qemu-arm-static:/usr/bin/qemu-arm-static \
  -ti --rm --name myarmimg \
  myarmimg /bin/bash -il

Composer (ref, dl) - Services

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# docker-compose.yml
version: "3"
services:
  web:
    image: username/repo:tag
    deploy:
      replicas: 5
      resources:
        limits:
          cpus: "0.1"
          memory: 50M
      restart_policy:
        condition: on-failure
    ports:
      - "4000:80"
    networks:
      - webnet
networks:
  webnet:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# install docker-compose
curl -L  -o /usr/local/bin/docker-compose https://github.com/docker/compose/releases/download/1.24.0-rc1/docker-compose-`uname -s`-`uname -m`
chmod 755 /usr/local/bin/docker-compose

docker swarm init

docker stack deploy --with-registry-auth -c docker-compose.yml getstartedlab
docker service ls
docker service ps getstartedlab_web # or docker stack ps getstartedlab

# change the yml file and restart service
docker stack deploy --with-registry-auth -c docker-compose.yml getstartedlab
docker service ps getstartedlab_web
docker container prune -f

# stop & destroy service
docker stack rm getstartedlab
docker container prune -f

# leave the swarm
docker swarm leave --force

Machine (ref, dl) - SWARM/Provisioning

Remember to update the host firewall: open port 2376 and do not apply rate limits on port 22.

On the fish shell you can install the useful omf plugin-docker-machine to easily select the current machine.

Without an official supported driver we can use the generic one. Install docker-ce on your worker nodes and then in your swarm manager host:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# install docker-machine
curl -L -o /usr/local/bin/docker-machine https://github.com/docker/machine/releases/download/v0.16.1/docker-machine-`uname -s`-`uname -m`
chmod 755 /usr/local/bin/docker-machine

# setup each VMs (this creates and shares the certificates for a secure
# connetion between your client and the daemon runnig on the server)
ssh-copy-id -i ~/.ssh/id_rsa user@ww.xx.yy.zz
docker-machine create --driver generic --generic-ssh-key ~/.ssh/id_rsa \
  --generic-ip-address=ww.xx.yy.zz myvm1

ssh-copy-id -i ~/.ssh/id_rsa user@ww.xx.yy.kk
docker-machine create --driver generic --generic-ssh-key ~/.ssh/id_rsa \
  --generic-ip-address=ww.xx.yy.kk myvm2

docker-machine ls

# run a command via ssh in a VM
docker-machine ssh myvm1 "ls -l"                 # use internal SSH lib
docker-machine --native-ssh ssh myvm1 "bash -il" # use system SSH lib

# set env to run all docker commands remotely on a VM
eval $(docker-machine env myvm1) # on bash
docker-machine use myvm1         # on fish + omf plugin-docker-machine

# set VM1 to be a swarm manager
docker-machine use myvm1
docker swarm init # --advertise-addr ww.xx.yy.zz
docker swarm join-token worker # get token for adding worker nodes

# set VM2 to join the swarm as a worker
docker-machine use myvm2
docker swarm join --token SWMTKN-xxx ww.xx.yy.zz:2377

# check cluster status on your local machine...
docker-machine ls
# ...or on the manager node
docker-machine use myvm1
docker node ls

# locally login on your registry...
docker-machine unset
docker login registry.gitlab.com
# ...then deploy the app on the swarm manager
docker-machine use myvm1
docker stack deploy --with-registry-auth -c docker-compose.yml getstartedlab
docker service ls
docker service ps getstartedlab_web

# access cluster from any VM's IP
curl http://ww.xx.yy.zz:4000
curl http://ww.xx.yy.kk:4000

# eventually re-run "docker stack deploy ..." to apply changes

# undo app deployment
docker-machine use myvm1
docker stack rm getstartedlab

# remove the swarm
docker-machine ssh myvm2 "docker swarm leave"
docker-machine ssh myvm1 "docker swarm leave --force"

Stack / Deploy application

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# docker-compose.yml
version: "3"
services:
  web:
    image: username/repo:tag
    deploy:
      replicas: 5
      restart_policy:
        condition: on-failure
      resources:
        limits:
          cpus: "0.1"
          memory: 50M
    ports:
      - "80:80"
    networks:
      - webnet
  visualizer:
    image: dockersamples/visualizer:stable
    ports:
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    deploy:
      placement:
        constraints: [node.role == manager]
    networks:
      - webnet
  redis:
    image: redis
    ports:
      - "6379:6379"
    volumes:
      - "/home/docker/data:/data"
    deploy:
      placement:
        constraints: [node.role == manager]
    command: redis-server --appendonly yes
    networks:
      - webnet
networks:
  webnet:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
docker-machine use myvm1
docker-machine ssh myvm1 "mkdir ./data" # create redis data folder

# run stack / deploy app
docker stack deploy -c docker-compose.yml getstartedlab
docker stack ps getstartedlab

# show deployed services and restart one
docker service ls
docker service update --force getstartedlab_web

firefox http://<myvm1-ip>:8080/ # docker visualizer
redis-cli -h <myvm1-ip>         # interact with redis

docker stack rm getstartedlab

Container-Host user remapping

You can map container users to the host ones for greater security.

  • put myuser:100000:65536 in /etc/subuid and /etc/subgid, this defines the mapping id range 100000-165535 available to the host user myuser
  • configure docker daemon to use the remapping specified for myuser:

    1
    2
    echo '{ "userns-remap": "myuser" }' > daemon.json
    systemctl restart docker
    

    note that all images will reside in a /var/lib/docker subfolder named after myuser ids

  • now all your container user/group ids will be mapped to 100000+id on the host

You can write up to 5 ranges in sub* files for each user, in this example we set identical ids for users 0-999 and map ids >=1000 to id+1:

1
2
myuser:0:1000
myuser:1001:65536

Terms:

  • service = containers that only runs one/same image,
  • task = a single container running in a service,
  • swarm = a cluster of machines running Docker,
  • stack = a group of interrelated services orchestrated and scalable, defining and coordinating the functionality of an entire application.

Source: tutorial, overview, manage app data, config. daemon, config. containers,

Source for user mapping: docker docs, jujens.eu, ilya-bystrov

Useful tips: cleanup, network host mode for nginx to get client real IP, limit ram/cpu usage


~~~ * ~~~

Git manage branches
mouse 357 · person cloud · link
Last update
2019-07-08
2019
07-08
« — »
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
git checkout -b <branch>          # create branch
git push -u origin <branch>       # push branch to remote

# pull the new branch from another pc:
git fetch                         # download all data
git branch -v -a                  # shows avaiable branches
git checkout <branch>

# delete branch
git push origin :<branch>         # remote
git branch -d <branch>            # local

# rename branch
git branch -m old-name new-name       # local
git push -u origin :old-name new-name # remote