- all process run in /proc
ls /proc- We can see what command is used to run the process
cat /proc/<process_id>/cmdline- process std std error log can be found in
cat /proc/<process_id>/fd/1
cat /proc/<process_id>/fd/2read std logs of process with pid
- Get process id
ps -ef | grep process_name- Go to process root direcotry
#stdout
tail -f /proc/<process_id>/fd/1
#stderror
tail -f /proc/<process_id>/fd/2Remove weak Ciphers SSL – nginx
GCM is preferred over CBC
- Verify with cipher is being used?
nmap --script ssl-enum-ciphers -p 443 example.com- update nginx.conf
ssl_ciphers HIGH:!aNULL:!MD5!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;Implement HTTPOnly and Secure Cookie
- Added header in nginx.conf
add_header Set-Cookie "Path=/; HttpOnly; Secure";
- How to verify?
Developer tool > Application > Storage > Cookies
Backup and Restore etcd snapshot for Kubernetes
- Create a deployment to verify the restore in the end
k create deploy nginx-test --image=nginx2. Update the cert path as per /etc/kubernetes/mainifest/etcd.yaml
ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
--cacert=<trusted-ca-file> \
--cert=<cert-file> --key=<key-file> \
snapshot save /tmp/etcd.backup2. Stop kubelet
systemctl stop kubelet3. Stop kube-api and etcd
mv /etc/kubernetes/manifests/kube-apiserver.yaml /root/
mv /etc/kubernetes/manifests/etcd.yaml /root/4. Restore the etcd.backup
ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 snapshot restore etcd.backupIt will create “default.etcd” directory in current directory
[root@lp-k8control-1 etcd]# ls default.etcd/
member5. Look at /etc/kubernetes/manifests/etcd.yaml etcd-data (/var/lib/etcd) directory path
[root@lp-k8control-1 default.etcd]# ls /var/lib/etcd
member6. Copy member directory content from default.etcd to /var/lib/etcd
7. Start kube-api and etcd
mv /root/kube-apiserver.yaml /etc/kubernetes/manifests/kube-apiserver.yaml
mv /root/etcd.yaml /etc/kubernetes/manifests/etcd.yaml8. Restart kubelet service
systemctl restart kubelet9. Verify if nginx deployment we created in step 1 is restored
k get deploySwitch relay with Raspberry pi + Arduino Uno
The 5V Relay switch require that i have require around 52mA current to work properly.
- Raspberry pi max GPIO current with 5v Relay = ?
- Arduino pin 13 current with 5v Relay = 38.5mA
- Arduino pin 13 + 12 current with 5v Relay = 45 mA
- Arduino pin 13 + 12 + 2 current with 5v Relay = 47.3 mA ( This worked )
So Now i can use Arduino as a switch on/off. Also I needed this switching to be based on some external events. So I used Aurdino Pin 2 as INPUT pin and added one 2.7K ohm resistor to from pin2 to Ground.
int status = 0;
void setup() {
pinMode(13, OUTPUT);
pinMode(12, OUTPUT);
pinMode(2, INPUT);
}
void loop() {
status = digitalRead(2);
if (status == HIGH) {
digitalWrite(13, HIGH);
digitalWrite(12, HIGH);
digitalWrite(8, HIGH);
}
else {
digitalWrite(13, LOW);
digitalWrite(12, L0W);
digitalWrite(8, LOW);
}
}Switch ON = 7PM
Switch OFF = 12AM
- added Cronjob on Raspberry Pi 4
0 19 * * * /usr/bin/python3.8 /opt/led.py on
0 0 * * * /usr/bin/python3.8 /opt/led.py onled.py
import RPi.GPIO as GPIO
from time import sleep
import sys
GPIO.setwarnings(False)
GPIO.setmode(GPIO.BCM)
GPIO.setup(21, GPIO.OUT, initial=GPIO.LOW)
if sys.argv[1] == "on":
GPIO.output(21, GPIO.HIGH)
#print("on")
exit()
elif sys.argv[1] == "off":
GPIO.output(21, GPIO.LOW)
#print("off")
exit()
Raspberry Pi Max current with GPIO for LED
Note: withdrawing more current(~15mA) from GPIO can affect the Rpi
https://raspberrypi.stackexchange.com/questions/9298/what-is-the-maximum-current-the-gpio-pins-can-output
- Use 5V Pin (2,4)
- Use GPIO as Negative volt
- Max current withdrawn was 23mA for my use case
import RPi.GPIO as GPIO
from time import sleep
import sys
GPIO.setwarnings(False)
GPIO.setmode(GPIO.BCM)
GPIO.setup(21, GPIO.OUT, initial=GPIO.HIGH)
if sys.argv[1] == "on":
GPIO.output(21, GPIO.LOW)
#print("on")
exit()
Fore More brightness:
- Add multiple GPIO as GROUND
- After adding GPIO20 as ground it was taking ~18mA from GPIO20
- And Overall of ~36mA from both GPIO 20 and 21
TP-link ER605 vlan and port
- How we can assign different ip subnet for ports
Push multi-arch docker image
#ARM64
arm64_image_digest=$(docker manifest inspect nginx | jq '.manifests[] | select(.platform.architecture == "arm64")' | jq '.digest'| sed 's/"//g')
#AMD64
amd64_image_digest=$(docker manifest inspect nginx | jq '.manifests[] | select(.platform.architecture == "arm64")' | jq '.digest'| sed 's/"//g')
docker tag nginx your-username/nginx:amd64
docker tag nginx your-username/nginx:arm64
docker push your-username/nginx:amd64
docker push your-username/nginx:arm64
docker manifest create \
your-username/nginx:latest \
--amend your-username/nginx:amd64 \
--amend your-username/nginx:arm64
docker manifest push your-username/nginx:latesthttps://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
export DOCKER_BUILDKIT=1
docker buildx create --use
docker buildx build --push --platform linux/arm64,linux/amd64 -t httpd-custom .
docker buildx stop
docker buildx rm
##10 0.064 .buildkit_qemu_emulator: /bin/sh: Invalid ELF image for this architecture
docker run --rm --privileged multiarch/qemu-user-static:register --reset
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
docker buildx rm builder
docker buildx create --name builder --driver docker-container --use
docker buildx inspect --bootstrapset and unset in debug bash script
set-x = print actual shell command
set -f = disable filename expansion [ ls *.yml ]
errexit = fails all script if any exit code arrives
pipefail = Failes multi Pipe statement if any false statement
set -x -f -o errexit -o pipefailset +x +f +ehttps://stackoverflow.com/questions/68465355/what-is-the-meaning-of-set-o-pipefail-in-bash-script
https://www.newline.co/courses/newline-guide-to-bash-scripting/errexit
https://unix.stackexchange.com/questions/333867/what-does-set-f-in-korn-shell-do