~~stoggle_buttons~~
====== Links ======
* [[https://crontab.guru]]
* [[https://blog.kernelcare.com/live-patching-debian-10-linux-kernel-with-kpatch|Live kernel patching with kpatch]] -> Actualizar el kernel sin reiniciar
* [[https://itsfoss.com/linux-system-monitoring-tools/|Alternativas a top]]
* [[https://itsfoss.com/held-broken-packages-error/|Fxing Unable to correct problems, you have held broken packages]]
* [[https://dystroy.org/broot/|CLI File Browser]]
* [[https://github.com/fpereiro/backendlore/blob/master/readme.md|Backendlore]] Setup de backends de alguien con experiencia
* [[https://www.youtube.com/watch?v=W2Z7fbCLSTw|7 Database Paradigms]]
====== trucos ======
=== listar procesos que impiden que se desmonte ===
lsof | grep /path/to/mount/
fuser -ik -mv /path/to/mount/ # Lista cuáles son, e interactivamente pregunta si matarlos
=== borrado seguro en discos duros ===
* shred
=== tests de carga de una web ===
* [[https://github.com/rakyll/hey|hey]]
=== 9 things to do in your first minutes on a Linux server ===
https://opensource.com/article/20/12/linux-server
====== tmux ======
[[https://medium.com/hackernoon/a-gentle-introduction-to-tmux-8d784c404340]]
Crtl+B, % or " -> vertical (|) or horizontal(-) split
Crtl+B, [arrows] -> switch between panes
Ctrl+B, [ or PgUp -> scroll
tmux a -t [name of session], Crtl+B, D[eattach]
tmux new -s [name of session]
[[https://gist.github.com/MohamedAlaa/2961058]]
====== SSH Config ======
[[devops:ssh]]
====== wpa config ======
[[https://wiki.archlinux.org/index.php/Wpa_supplicant#Connecting_with_wpa_passphrase|wpa_passphrase]]
====== docker ======
[[devops:docker]]
====== vim ======
* [[https://dokuwiki.duckdns.org/dokuwiki/doku.php?id=informatica:editores#vim|vim]] (link interno)
====== gcloud ======
docker build -t app_name -f Dockerfile .
docker tag app_name eu.gcr.io//app_name:1.2.3
docker push eu.gcr.io//app_name:1.2.3
kubectl delete -f app.yaml
kubectl apply -f app.yaml
gcloud components install kubectl
kubectl create secret generic credentials \
--from-file=credentials.json=[KEY_FILE_PATH] # Credenciales json de cuenta de servicio
gcloud compute ssh --zone "europe-west1-b" "nombre-instancia" \
--project "dlinnovacion" --tunnel-through-iap
Copiar lo que pone en el visor de registros, estos filtros se aplican a
gcloud logging read 'timestamp >= "2020-04-20T19:00:00Z" AND timestamp <= "2020-04-21T09:00:00Z" AND
resource.labels.container_name=""' | grep 'textPayload' -A 2 | grep -v 'textPayload' | grep -v "\-\-"
* El AND no puede ir en minúscula
* [[https://gist.github.com/pydevops/cffbd3c694d599c6ca18342d3625af97|gcp gcloud cheatsheet]]
===== Añadir regla al firewall =====
gcloud compute instances add-tags compute-engine-instance-name --tags=compute-engine-instance-name[,another-tag]
gcloud compute firewall-rules create compute-engine-instance-name --target-tags compute-engine-instance-name --source-ranges=0.0.0.0/0 --allow=tcp:8989 --no-disabled
====== kubernetes ======
[[devops:kubernetes]]
kubectl create deployment
kubectl config set-context --current --namespace=NAMESPACE
kubectl delete -f app.yaml
kubectl apply -f app.yaml
kubectl logs
kubectl describe pods --namespace=mynamespace
kubectl create job --from=cronjobs/name name-manual-$(date +%s)
* [[https://kubernetes.io/docs/reference/kubectl/cheatsheet/]]
* [[https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands]]
* [[https://blog.papertrailapp.com/how-to-live-tail-kubernetes-logs/]]
* [[https://stackoverflow.com/questions/39893238/kubernetes-how-to-run-job-only-once|how to run job only once]] -> use pods
* [[https://learnk8s.io/troubleshooting-deployments|A visual guide on troubleshooting Kubernetes deployments]]
* [[https://kubernetesinpractice.com/]]
====== ansible ======
[[devops:ansible]]
====== DevOps Engineer In Six Months or Less ======
[[https://github.com/Tikam02/DevOps-Guide]]
- [[https://medium.com/@devfire/how-to-become-a-devops-engineer-in-six-months-or-less-366097df7737|Intro]]
- [[https://medium.com/@devfire/how-to-become-a-devops-engineer-in-six-months-or-less-part-2-configure-a2dfc11f6f7d|Configure]]
- [[https://medium.com/@devfire/how-to-become-a-devops-engineer-in-six-months-or-less-part-3-version-76034885a7ab|Version]]
- [[https://medium.com/@devfire/how-to-become-a-devops-engineer-in-six-months-or-less-part-4-package-47677ca2f058|Package]]
- [[https://medium.com/@devfire/how-to-become-a-devops-engineer-in-six-months-or-less-part-4-package-47677ca2f058|Deploy]]
- [[https://medium.com/@devfire/how-to-become-a-devops-engineer-in-six-months-or-less-part-6-run-214e78c6dfcf|Run]]
====== DevOps Lessons from the Ski Industry ======
[[https://medium.com/@nedmcclain/devops-lessons-from-the-ski-industry-e90cd4ae3633]]
===== Engage Your Users =====
- Ski patrol spends every morning marking and re-marking trail boundaries, difficulties, trees, stumps, cliffs and more("Unmarked Obstacles Exist" signs). **Solid documentation is essential for successful IT operations and breaking down DevOps silos**
- Ski with a buddy: **Where does cross-training and pairing rank on your team's priority list?**
- You can’t force your users to act wisely, but you can certainly help push them in the right direction -> a variety of seasonal and year-round safety awareness programs. **When’s the last time your organization has had a meaningful security education campaign for ops, developers, or end-users?**
===== Incidents Happen =====
- Communications: Equipped with two-way radios, the Lift Operations team was able to notify Ski Patrol within moments of the incident. **Does your incident escalation system (Slack/PagerDuty/email/etc.) allow you to get the right stakeholders involved, immediately? Do you truly communicate honestly with end-users during an incident?**
- Life Safety Skills: Ski Patrol are all trained EMTs, and most have decades of emergency medical, avalanche, and mountaineering experience. **Does your on-call team have the training and access to production they truly need to mitigate real-time issues?**
- Lift Evacuation: If a tree falls in the woods, on a lift cable, can you hear it? No matter why the lift is disabled, Ski Patrol has several methods to get guests to the ground safely. In the Teller incident, **Does your team know how to handle rollbacks? What about dealing with data corruption?**
- Today’s lift systems are loaded with sensors that can automatically stop the lift in case of critical component failure or tower derailment. Newer lifts have four independent braking systems and hundreds of safety sensors and controls. **What unexpected single points of failure exist in your critical environment? DNS, TLS Certificates, and even “HA” databases are often a surprise.**
===== Like it or not, you’re Testing In Production! =====
- **Do you have the observability necessary to know when things start to go wrong in production before it impacts your users? Is time spent on non-production environments impacting what gets done in production? Does your team understand the risk that various production experiments pose?**
====== Consejos ======
* Lo importante es tener un entorno primero con todos los datos bien (no perfectos) y luego subir esos datos al resto de entornos, en vez de querer juntar de manera complicada datos de muchos entornos
* La metaprogramación (código que genera código) es mejor evitarla cuando vas a hacer un cambio importante. Puedes generar el código y ejecutar eso en vez de ejecutar el código que ejecuta el código y te quitas pasos intermedios
====== Newtork routing ======
* [[https://wiki.nftables.org/wiki-nftables/index.php/Main_Page|nftables]]
* ''iptables-translate'' convierte de iptables a nftables
* [[https://man7.org/linux/man-pages/man8/tc.8.html|tc]] traffic control, limit bandwitdh, simulate delays, stress test with poor conectivity
[[https://serverfault.com/questions/453254/routing-between-two-networks-on-linux]]
# Edit /etc/sysctl.conf or $ echo 1 >> /proc/sys/net/ipv4/ip_forward
net.ipv4.ip_forward=1
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# We allow traffic from the LAN side
iptables -A INPUT -i eth0 -j ACCEPT
######################################################################
#
# ROUTING
#
######################################################################
# eth0 is LAN
# eth1 is WAN
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# fowarding
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT