Research memo¶

未整理メモをどんどこ書く。

設計概論¶

Webサービス設計概論
ネットワーク設計概論
ストレージ設計概論
仮想基盤設計概論
監視設計概論
- 監視は次の行動を決定するための情報を取得するもの

雑記（いつか整理されるかも）¶

Embarcadero - C++Builder® - Community Edition
- https://www.embarcadero.com/jp/products/cbuilder/starter
ゆうパックがアプリを使うと180円割引 http://news.livedoor.com/article/detail/15364991/
timeコマンドにはシェルの組み込みコマンドとGNU版の2種類ある https://www.xmisao.com/2014/09/28/shell-time-command-and-gnu-time-command.html
サーバーにssh出来なくてbashrcが悪さをしているとき https://lealog.hateblo.jp/entry/2012/12/30/160812
Steve Yegge の Google とプラットフォームに関するぶっちゃけ話を訳した
- https://anond.hatelabo.jp/20111018190933
- https://anond.hatelabo.jp/20111018192953
- https://anond.hatelabo.jp/20111018193022
ゴミdockerイメージの削除: docker rmi $(docker images | awk '/none/ { print $3 }')
- docker rmi $(docker images -f "dangling=true" -q) の方が適切
- http://docs.docker.jp/v17.06/engine/reference/commandline/images.html#dangling
SSDで DRAMバッファのキャッシュの無い製品の一覧表 2018年版
- http://www.neko.ne.jp/~freewing/hardware/sata_ssd_dram_cache_buffer_less_ssd/
Arlo Proスマートホームワイヤレスネットワーク
- https://www.netgear.jp/products/details/VMS4430.html
BPF Performance Tools
- https://go-vargo.hatenablog.com/entry/2020/03/29/210304
crudini
- iniファイルの操作とか
yq - YAMLのCLI処理に超便利
gron - JSONをgrep出来て超便利
https://github.com/EbookFoundation/free-programming-books/blob/master/free-programming-books-ja.md
怠惰な Linux: 管理者に必須の 10 の秘訣 https://www.ibm.com/developerworks/jp/linux/library/l-10sysadtips/index.html
Consul setup https://computingforgeeks.com/how-to-setup-consul-cluster-on-centos-rhel/
なんでリソースIDにUUIDを使うの？
- 分散システムで使っても衝突可能性が限りなく低いから。非分散システムを作る場合は1～連番の数字で良いんじゃないかな
keepalivedのstate確認
- busctlを使った方法もあるらしい。これは使ったことないので気になります。 https://serverfault.com/a/871783
What are the Differences between HAProxy and Ngnix in reverse proxy mode?
OpenSCAP: https://www.open-scap.org/tools/openscap-base/
生活総研未来年表: https://seikatsusoken.jp/futuretimeline/
チームビルディング
- Google re:Work
https://github.com/Atarity/deploy-your-own-saas
https://github.com/EbookFoundation/free-programming-books/
別のブランチをgit pullしたいとき（git checkout前に最新版にしておきたいとき）: git pull origin main:main

PV headerが古い¶

...
Setting up grub-pc (2.04-1ubuntu26.11) ...
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
  WARNING: PV /dev/sda5 in VG kaede-vg is using an old PV header, modify the VG to update.
  WARNING: PV /dev/sda5 in VG kaede-vg is using an old PV header, modify the VG to update.
...

$ sudo vgck --updatemetadata kaede-vg
[sudo] password for yuki: 
  WARNING: PV /dev/sda5 in VG kaede-vg is using an old PV header, modify the VG to update.
  WARNING: updating PV header on /dev/sda5 for VG kaede-vg.

コンテナからしか行けないネットワークに繋ぐ¶

container

$ docker run --rm -p 60022:22 -it centos:7 bash
# yum install -y openssh-server
# echo 'password' | passwd --stdin root
# /usr/sbin/sshd

host

$ ssh -A -oProxyCommand='ssh -W %h:%p root@127.0.0.1 -p 20022' 192.168.122.74 sudo tcpdump -l -eni eth0

同じことを `/.ssh/config に書けば ssh 192.168.122.74 sudo tcpdump -l -eni eth0 で済む。

Host 192.168.122.74
    ProxyCommand ssh -W %h:%p root@127.0.0.1 -p 20022
    ForwardAgent yes

Note

tcpdumpを使う時は、ラインバッファに変えておくと出力が行単位になるのでローカルで動かすときと直感的に近い動きになる。

fabricのProxyJumpを使う事も出来る。Connectionオブジェクトをネスト出来るの強い。

>>> from fabric import Connection
>>> ct = Connection("127.0.0.1", port=60022, user='root', connect_kwargs={'password': "password"})
>>> ct.run("ps ax")
    PID TTY      STAT   TIME COMMAND
      1 pts/0    Ss+    0:00 bash
    234 ?        Ss     0:00 /usr/sbin/sshd
    249 ?        Ss     0:00 sshd: root@notty
    251 ?        Rs     0:00 ps ax
<Result cmd='ps ax' exited=0>
>>> sv = Connection("192.168.122.74", gateway=ct)
>>> sv.run("ip addr")
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 8a:fc:4e:0d:a5:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.74/24 brd 192.168.122.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2400:406f:1d6e:fb00:88fc:4eff:fe0d:a5f2/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 2591921sec preferred_lft 604721sec
    inet6 2400:406f:1d6e:fb00::74/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::88fc:4eff:fe0d:a5f2/64 scope link 
       valid_lft forever preferred_lft forever
<Result cmd='ip addr' exited=0>

`-it` 無しでdocker execしたコンテナ内プロセスのkill¶

docker apiを介してコンテナ上で動作しているPIDを一意に特定する。

(terminal-1)$ docker inspect ct01 | jq -r '.[0].ExecIDs'
null
(terminal-1)$ docker exec ct01 iperf -s
(terminal-2)$ ps ax | grep [i]perf
 8465 pts/12   S+     0:00 sudo docker exec ct01 iperf -s
 8466 pts/12   Sl+    0:00 docker exec ct01 iperf -s
 8488 ?        Ssl    0:00 iperf -s
(terminal-2)$ sudo docker exec ct01 ps ax
  PID TTY      STAT   TIME COMMAND
    1 pts/0    Ss     0:00 /bin/bash /etc/rc.local
    9 pts/0    S+     0:00 /bin/bash
  310 ?        Ssl    0:00 iperf -s
  318 ?        Rs     0:00 ps ax
(terminal-2)$ sudo docker inspect ct01 | jq -r '.[0].ExecIDs'
[
  "21a9d86ab2637e55a6c184a8376eefc82be61ff3a433039b4daf079e4a669e2a"
]
(terminal-2)$ curl -s --unix-socket /var/run/docker.sock http://localhost/exec/21a9d86ab2637e55a6c184a8376eefc82be61ff3a433039b4daf079e4a669e2a/json | jq
{
  "ID": "21a9d86ab2637e55a6c184a8376eefc82be61ff3a433039b4daf079e4a669e2a",
  "Running": true,
  "ExitCode": null,
  "ProcessConfig": {
    "tty": false,
    "entrypoint": "iperf",
    "arguments": [
      "-s"
    ],
    "privileged": false
  },
  "OpenStdin": false,
  "OpenStderr": true,
  "OpenStdout": true,
  "CanRemove": false,
  "ContainerID": "9efd3065028566a8cfe2a01b83dc7b69f51102d13cd13cc786d95cc51ae45e32",
  "DetachKeys": "",
  "Pid": 8488
}
(terminal-2)$ grep pid /proc/8488/status
NSpid:  8488    310
(terminal-2)$ sudo docker exec ct01 kill 310
(terminal-2)$ ps ax | grep [i]perf
(terminal-2)$ sudo docker inspect ct01 | jq -r '.[0].ExecIDs'
null

複数コマンド実行時は ExecIDs が複数登録される。

$ sudo docker inspect ct01 | jq -r '.[0].ExecIDs'
[
  "c758a7cad9f4077fbe72940c693aadabf1d2d1644bae2ae772319a707dd1cd4f",
  "7ceee1f6504a93a1c523e1180caef6690768b1065238f9db8fcb050ce2071dae"
]

Cloudflare Zero Trust¶

https://www.cloudflare.com/ja-jp/products/zero-trust/access/

アカウントが無くても、cloudflaredを入れると、内部からCLoudflareにトンネルを張りに行って一時的にインターネットからアクセスできるようになる。
アカウントを作れば固定URLとかアクセス制御もできそうだ。

$ curl -LO https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb
$ sudo dpkg -i cloudflared-linux-amd64.deb
$ cloudflared tunnel --url localhost:8000
2022-04-29T04:23:28Z INF Thank you for trying Cloudflare Tunnel. Doing so, without a Cloudflare account, is a quick way to experiment and try it out. However, be aware that these account-less Tunnels have no uptime guarantee. If you intend to use Tunnels in production you should use a pre-created named tunnel by following: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
2022-04-29T04:23:28Z INF Requesting new quick Tunnel on trycloudflare.com...
2022-04-29T04:23:29Z INF +--------------------------------------------------------------------------------------------+
2022-04-29T04:23:29Z INF |  Your quick Tunnel has been created! Visit it at (it may take some time to be reachable):  |
2022-04-29T04:23:29Z INF |  https://disabled-wanting-flour-enable.trycloudflare.com                                   |
2022-04-29T04:23:29Z INF +--------------------------------------------------------------------------------------------+
2022-04-29T04:23:29Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp /etc/cloudflared /usr/local/etc/cloudflared]
2022-04-29T04:23:29Z INF Version 2022.4.1
2022-04-29T04:23:29Z INF GOOS: linux, GOVersion: go1.17.5, GoArch: amd64
2022-04-29T04:23:29Z INF Settings: map[protocol:quic url:localhost:8000]
2022-04-29T04:23:29Z INF cloudflared will not automatically update if installed by a package manager.
2022-04-29T04:23:29Z INF Generated Connector ID: 1dc2b28a-ddd9-44d7-a6c3-6a3582b61190
2022-04-29T04:23:29Z INF Initial protocol quic
2022-04-29T04:23:29Z INF Starting metrics server on 127.0.0.1:39645/metrics
2022-04-29T04:23:30Z INF Retrying connection in up to 2s seconds connIndex=0
2022-04-29T04:23:31Z INF Retrying connection in up to 4s seconds connIndex=0
2022-04-29T04:23:34Z INF Connection aef1af07-fe52-467d-86a3-4084c19442a7 registered connIndex=0 location=KIX
2022-04-29T04:23:35Z INF Connection 0ddcfa6e-bc58-47a4-bb17-22762a1ff389 registered connIndex=1 location=NRT
2022-04-29T04:23:36Z INF Connection fba9cd26-c4b6-4666-8e50-2a92c8fd506a registered connIndex=2 location=KIX
2022-04-29T04:23:37Z INF Connection cc819a50-e6ee-49a3-9aa5-8064ab4cbfbd registered connIndex=3 location=NRT

wishpy¶

Ubuntu 20.04

$ python3 -m venv --copies ~/.virtualenvs/wishpy/
$ ln -s ~/.virtualenvs/wishpy/bin/activate
(wishpy)$ . activate
(wishpy)$ pip install -U cython
(wishpy)$ sudo apt-get install libglib2.0-dev build-essential python3-dev wireshark libwireshark-dev libpcap-dev
(wishpy)$ pip install wishpy

最終更新日: 2022-10-27 15:53:38