Kai Hendry's other blog archives

Vhost docker container
23:19 <hendry> biggest feature missing for me is dockers lack of vhosting support. hosting off a random port is a bit silly, no?
23:20 <dstufft> hendry: you can't generically do vhosting
23:24 <hendry> dstufft: not quite sure why vhosting is SUCH a hard feature
23:24 <niloc132> hendry: for a start, its http-specific
23:26 <dstufft> and even for the protocols that do support a vhost feature, there isn't a standard protocol agnostic way of getting that information
23:26 <exarkun> You can set up your own vhosting in a container.  Docker doesn't /have/ to support it.  So it's probably better if Docker doesn't, given the lack of a single, obvious, complete (ie, supporing all protocols) solution.
23:26 <exarkun> And you can find lots of http vhosting images out there now because people do want to do this and have already solved the problem.
23:27 <hendry> i don't want to solve it in the container. I guess I need to study some nginx reverse proxy thing
23:27 <dstufft> nginx can do it
23:27 <dstufft> or haproxy
23:27 <dstufft> or any number of things
23:28 <dstufft> I like haproxy for it, it's a pretty good tool
23:28 <exarkun> Do you have a reason that you don't want to solve it in a container?  The way you state it, it sounds like an arbitrary constraint.
23:28 <hendry> dstufft: why haproxy over nginx?
23:28 <hendry> exarkun: because i would be building more complexity in my container that i want to keep dead simple? or is the functionality running in another seperate container?
23:29 <dstufft> hendry: haproxy isn't HTTP specific, so if you find yourself wanting to do more you don't need to drop in another thing to handle it
23:29 <dstufft> it would be running in another seperate container
23:29 <hendry> dstufft: everything i do is HTTP.... (though does Websockets run over port 80/443?)
23:29 <exarkun> hendry: As dstufft said, *not* in your container.
23:30 <exarkun> That's the point.  Independent, composeable units.  Containers.
23:30 <hendry> exarkun: can you point to such a solution for a container to dispatch vhosts IIUC to another container ?
23:30 <exarkun> You can find one with two minutes of Googleing, I think.
23:31 <hendry> "vhost docker container" not looking good
23:33 <hendry> https://registry.hub.docker.com/search?q=vhost not looking great either
23:33 <hendry> exarkun: i give up
23:35 <exarkun> To your credit, you did spend three minutes.
23:35 <exarkun> I don't know what more effort anyone could be asked to expend than that.
23:36 <exarkun> (I'm certainly not going to!)
23:37  * hendry sighs
Posted
'invalid value for project' google compute engine

Google wasted my time by having a distinction between PROJECT NAME & PROJECT ID.

The SDK will ask you to set gcloud config set project NAME

NAME is the PROJECT ID

When things go wrong:

ERROR: (gcloud.compute.instances.create) Some requests did not succeed:
 - Invalid value for project: localkuvat

When things go right:

$ gcloud config set project numeric-rig-758
$ gcloud compute instances create outyet \
    --image container-vm-v20140925 \
    --image-project google-containers \
    --metadata-from-file google-container-manifest=containers.yaml \
    --tags http-server \
    --zone us-central1-a \
    --machine-type f1-micro
Created [https://www.googleapis.com/compute/v1/projects/numeric-rig-758/zones/us-central1-a/instances/lk].
NAME ZONE          MACHINE_TYPE INTERNAL_IP   EXTERNAL_IP    STATUS
lk   us-central1-a f1-micro     10.240.89.159 146.148.60.109 RUNNING

Hat tip: https://blog.golang.org/docker

Posted

Latest tips

Finding the rotation of a iPhone video

Using ffprobe which should be included in a ?ffmpeg(https://twitter.com/FFmpeg) distribution:

for m in *.MOV
do
        r=$(ffprobe $m 2>&1 | grep -i rotate | awk '{print $3}')
        case $r in
                90)
                        echo Needs to be $m 90 degrees
                        ;;
                180)
                        echo Needs to be $m 180 degrees
                        ;;
                270)
                        echo Needs to be $m 270 degrees
                        ;;
                *)
                        echo No rotating required $m
        esac
done
Posted
Working with a directories of unknown files

Using http://mywiki.wooledge.org/BashFAQ/020 as a starting point, you could:

find /tmp -type f -print0 | while IFS= read -r -d '' file
do
   echo properly escaped "$file" for doing stuff
done

However that's a bit ugly. And note that -d '' only works in bash. So none of this is "POSIX".

Another way of writing this, which works from bash 4 is using dotglob/globstar:

shopt -s dotglob  # find .FILES
shopt -s globstar # make ** recurse
for f in /tmp/**
do
    if <span class="createlink"><a href="/ikiwiki.cgi?page=_-f___36__f___38____38_____33___-L___36__f_&amp;from=e%2F13042&amp;do=create" rel="nofollow">?</a> -f &#36;f &#38;&#38; &#33; -L &#36;f </span>
    then
        echo properly escaped "$f" for doing stuff
    fi
done

Another perhaps more POSIX way is

foo () { for i in "$@"; do echo $i; done };export -f foo;find /tmp -type f -exec bash -c 'foo "$@"' - {} + | wc -l

I.e. export a script function to be executed by the -exec parameter of find, or just use a seperate script file.

Posted
Ensure www-data is always able to write

Ensure your fs is mounted with acl.

 mount | grep acl
/dev/root on / type ext3 (rw,noatime,errors=remount-ro,acl,barrier=0,data=writeback)

And to ensure www-data always has free reign:

setfacl -R -m default:group:www-data:rwx /srv/www
Posted
Xorgs version
12:04 <hendry> i'm using wheezy Xorg packages  1:7.7+3~deb7u1 and http://ix.io/d2p says X.Org X Server 1.12.4
12:04 <hendry> Release Date: 2012-08-27
12:04 <hendry> Is that right?
12:05 <jcristau> probably
12:11 <hendry> wondering why there is a mis-match with versions
12:11 <hendry> is there a newer Xorg available for wheezy? something to eek out performance with intel cards
12:12 <jcristau> there isn't a mismatch
12:12 <jcristau> and no
12:12 <hendry> 1:7.7+3~deb7u1 & 1.12.4 doesn't make sense to me ... :}
12:13 <jcristau> you can't understand that different things can have different versions?
12:20 <hendry> so what does 7.7+3~deb7u1 refer to ?
12:22 <pochu> 7.7 is the upstream version, +3 is the debian revision, and deb7u1 is the first update to Debian 7 (wheezy)
12:22 <psychon> http://www.x.org/wiki/Releases/7.7/
12:28 <jcristau> 7.7 is the base version of X.Org's X11 distribution
12:28 <jcristau> 1.12.4 is the version of the X server

http://www.x.org/wiki/Releases/7.7/

Posted
Setting a read S3 policy from the command line

Easier than logging into https://console.aws.amazon.com/s3/ since I need to get out my MFA device out everytime.

x220:/tmp$ bash allow-read.sh b3-webc
s3://b3-webc/: Policy updated

allow-read.sh is just a script to help write the policy:

x220:/tmp$ cat allow-read.sh
#!/bin/bash
test "$1" || exit
s3_bucket=$1
tmp=$(mktemp)
s3cmd ls > $tmp
if ! grep -q $s3_bucket $tmp
then
        echo Could not find bucket s3://${s3_bucket}
        cat $tmp
        exit
fi
cat <<END > $tmp
{
  "Version":"2008-10-17",
  "Statement":[{
    "Sid":"AllowPublicRead",
        "Effect":"Allow",
      "Principal": {
            "AWS": "*"
         },
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::${s3_bucket}/*"
      ]
    }
  ]
}
END
s3cmd setpolicy $tmp s3://${s3_bucket}
Posted
Feedback

Powered by Vanilla PHP feedback form