Posts

It’s sometimes useful to quickly connect to JMX console, to checkout what’s going on in your application, but the whole thing get’s tricky if you’re running your app in a container. I need it from time to time and I keep myself few times searching for set of params below: ~/2021/02/how-to-run-jmx-monitoring-in-docker-image/ java \ ... -Dcom.sun.management.jmxremote \ -Dcom.sun.management.jmxremote.rmi.port=${PORT1} \ -Dcom.sun.management.jmxremote.port=${PORT1} \ -Dcom.sun.management.jmxremote.local.only=false \ -Dcom.sun.management.jmxremote.authenticate=false \ -Dcom.sun.management.jmxremote.ssl=false \ -Djava.rmi.server.hostname=${HOST} The whole magic here is that PORT1 in container is app’s second port....

We’re all divided with recent decision to focus on CentOS Stream  external link , which essentially means that stable, professional distro will turn into rolling release now. Also CentOS board members don’t gave us more confidence for the future  external link . I don’t want to be totally sceptic, I would like to test it on my own and only then, decide if it’s stable enough. But I work mostly with Docker containers and there are no official Docker images with Stream variant....

Info I published recently more up to date article. Check here  external link . TL;DR CentOS base images sucks! They’re old, not updated for months! As a professional DevOps I concern about a lot of things… but security is always close to the top of the list. With Docker build environments and deployments became much more stable, which often is a result of just being stale ;/ I’ve been talking about this for long time but it’s still hard for people to believe it....

I started my blog on custom (written by my) engine, but as I didn’t had enough time to enhance it I switched to Wordpress. I’ve been using Wordpress as an engine of my blog for past 8~9 years. I have small VPS with PHP + Nginx and you can find a lot of configuration examples from my config on this site 😄 There was a time, when I was really satisfied by what it provides....

Few years ago I moved from Linux desktop to MacOS for my business, day to day work. There were 2 main reasons for that: Corporations don’t like Linux - they can’t manage it, they can’t support it, so they blocked it with “Security policy”, ISO20001, or other nonsense. Actually they’re partially right but in different place - many business collaboration applications don’t work well on LInux (or they don’t work at all) Skype for Business - there’s open source alternative but to get full support you have to pay for additional codecs (as far as I remember) - it’s not working stable even in paid version Outlook and calendar support - I love Thunderbird and I use it for years, but calendar invitations didn’t work nice (honestly, they didn’t work nice even between different Outlook versions…) Corporate VPN apps - Christ, I always was able to get it working eventually, but… why bother I’m older, maybe lazier, maybe smarter - I don’t like to spend my time resolving problems that don’t give me any value....

I had stragne statistics on one memcached servers. I had to look what it’s doing there. I found such commands that may be used to sniff, extract and make statistics from running memcached server. Debug GET commands tcpflow -c dst port 11211 | cut -b46- | grep ^get cut command will remove 46 bytes at beginning of every string (src, dst, port). You may need to adjust numeric parameter for cut to leave commands only....

It happen to me all the time that one of developers notifies me about some kind of problem that I can’t confirm from my account. Sometimes it was because of bad ssh keys configuration, other times file permissions, mostly such stuff. It’s sometimes convenient to “enter into someone’s shoes” to see what’s going on there. If you’re root on machine you may do that like this: su developer - Easy one but that’s not enough for all cases....

Virtualenvs in python are cheap but from time to time you will install something with pip on your system and when time comes removing all this crap could be difficult. I found this bash snippet1 that will uninstall package with all dependencies: Recursive pip uninstall for dep in $(pip show python-neutronclient | grep Requires | sed 's/Requires: //g; s/,//g') ; do pip uninstall -y $dep ; done pip uninstall -y python-neutronclient Depending how you installed it, you might need to use sudo....

I’ve been using standard MySQL dumps as backup technique on my VPS for few years. It works fine and backups were usable few times when I needed them. But in other places I’m using xtrabackup. It’s faster when crating backups and a lot faster when restoring them - they’re binary so there is no need to reevaluate all SQL create tables/inserts/etc. Backups also include my.cnf config file so restoring on other machine should be easy....

When you deploy your application in cloud you don’t need and don’t want your hosts exposed via SSH to the world. Malware scans whole network for easy SSH access and when find something will try some brute force attacks, overloading such machines. It’s easier to have one exposed, but secured host, that doesn’t host anything and is used as proxy/gateway to access our infrastructure- it’s called bastion host  external link ....