The first step of the Chef Test Kitchen converge operation is to transfer the cookbooks to the instance. If any of the cookbooks contain large files, the operation can take minutes while the terminal displays the message
Transferring files to < … >
Docker Stack commands
List the Docker Stacks
docker stack lsNAME SERVICES ORCHESTRATOR
syslog-ng_splunk 3 Swarm
List all Docker services
docker service lsList the services of a stack
docker stack ps MY_STACK_NAMEList the services of a stack with the full error message, do not truncate the output
docker stack ps MY_STACK_NAME --no-truncTroubleshoot stopped containers
The stopped Docker containers are still available for troubleshooting. You can create an image of them and run them as new containers to inspect the log files and execute commands in them.
View the standard output of the failed container
docker logs MY_CONTAINER_IDRun a failing container with a Bash terminal
If a container exists with an error within a few seconds, it can be beneficial to start a terminal window in it to view the log files and execute commands. We will override the entry point of the container to start a Bash terminal.
Create an image of the stopped container
docker commit MY_STOPPED_CONTAINER_ID MY_NEW_IMAGE NAMERun the saved image as a new container and start a Bash terminal instead of the original entry point
docker run -it --entrypoint bash MY_NEW_IMAGE_NAMESplunk troubleshooting
Universal Forwarder
- SSH into the server running the Universal Forwarder
To verify if the forwarding is configured
source /opt/splunkforwarder/bin/setSplunkEnv
splunk list forward-server
Docker Swarm overview
Docker Swarm Hierarchy
- image in the registry
- container
- task ( container and the command to run in it )
- service ( one or multiple instances of the same task, like multiple copies of the same web API )
- stack ( one or multiple services that belong together, like a front end web application, middle tier, and database server launch scripted in a .yml file )
The difference between the service and the stack is like docker run vs. docker compose, but in a Docker Swarm cluster.
Docker Swarm Services
Global service
Global services will run on every available node once.
Replicated service
The Manager distributes the given number of tasks ( containers and commands to run ) of the replicated services on the nodes based on the desired scale number, that can be one. Once a task is assigned to a node it cannot be moved, it will run on that node until stops or fails.
Docker Swarm Networking
Host network
Uses the host’s network stack without any namespace separation, and sharing all of the host’s interfaces.
Bridge network
Docker-managed Linux bridge on the Docker host. By default, all containers created on the same bridge can talk to each other.
Overlay network
An overlay network that may span over multiple Docker hosts. Uses the gossip protocol to communicate between hosts.
None
The container’s own network stack and namespace, without any interfaces. It stays isolated from every other network, and even its own host’s network.
MACVLAN
Establishes connections between container interfaces and parent host interfaces. They can be used to assign IP addresses that are routable on physical networks to containers.
Docker Swarm Load Balancing
Internal load balancing
Internal load balancing is enabled by default. When a container contacts another container in the same Docker Swarm, the internal load balancer routes the request.
External ingress load balancing
To enable the external ingress load balancing, publish the port of the service with the –publish flag. Every node in the cluster starts to listen on the published port to answer incoming requests. If the service does not run a container on the node that received the request, the Routing Mesh will route the request to the node that runs the container on the Ingress Network.
Create a service with an image in a private registry
These instructions will pass the login token from your local client to the Docker Swarm nodes, so those are able to log into the registry and pull the image.
# Save the Docker Registry password in the PASSWORD environment variable
# Log into the Docker Registry
echo $PASSWORD | docker login -u [user] registry.my_registry.com --password-stdin
# Create the service
docker service create \
--with-registry-auth \
--name my_service \
registry.my_registry.com/my_namespace/my_image:latestInstall and configure Visual Studio Code
Install Visual Studio Code
See https://code.visualstudio.com/docs/setup/mac
Move Visual Studio Code to the Applications folder
The instructions above start Visual Studio Code in the Downloads folder. Move the file into the Applications folder.
Configure Visual Studio Code
Start Visual Studio Code from the command line
I think this is the most important setting. If anything, this should be enabled.
- Start Visual Studio Code
- Open the Command Palette
- On Mac
- press Shift, Command, P
- On Windows
- press Shift, Control, P
- On Mac
- Type shell command into the search box
- Select the Shell Command: Install ‘code’ command in PATH from the list
- Restart the terminal for the change to take effect
- Type code in the terminal to start Visual Studio Code
Customize Visual Studio Code
The Visual Studio Code configuration settings are stored in a JSON file on your workstation. You can edit the file and after restart the settings take effect, or you can set the values in the user interface one-by-one.
To customize Visual Studio Code by editing the settings file
Open the settings.json file. The double quotes are important, as both paths contain spaces.
On Mac: $HOME/Library/Application\ Support/Code/User/settings.json
On Windows: “%APPDATA%\Code\User\settings.json”
My current configuration settings file looks like this:
{
"editor.acceptSuggestionOnEnter": "off",
"workbench.colorTheme": "Visual Studio Dark",
"files.insertFinalNewline": true,
"workbench.startupEditor": "newUntitledFile",
"editor.renderWhitespace": "none",
"editor.wordSeparators": "`~!@#$%^&*()=+[{]}\\|;:'\",.<>/?",
"go.formatTool": "goimports",
"go.useLanguageServer": true,
"workbench.colorCustomizations" : {
"activityBar.activeBackground":"#95968888"
},
"editor.tabSize": 2,
"mssql.connections": [
{
"server": "{{put-server-name-here}}",
"database": "{{put-database-name-here}}",
"user": "{{put-username-here}}",
"password": ""
},
{
"authenticationType": "SqlLogin",
"connectTimeout": 30,
"applicationName": "vscode-mssql",
"profileName": "USRP UAT",
"server": "ay5j1ic62n.database.windows.net",
"trustServerCertificate": true,
"user": "laszlo@ay5j1ic62n",
"password": "",
"savePassword": true,
"database": "Royalties_uat",
"encrypt": "Optional"
},
{
"authenticationType": "SqlLogin",
"connectTimeout": 30,
"applicationName": "vscode-mssql",
"profileName": "Metronome Production",
"server": "USAWS19WVSQL015.global.umusic.net",
"trustServerCertificate": true,
"user": "Metronome_ReadOnly",
"password": "",
"savePassword": true,
"database": "Metronome",
"encrypt": "Optional"
}
],
"workbench.editorAssociations": {
"*.ipynb": "jupyter-notebook"
},
"notebook.cellToolbarLocation": {
"default": "right",
"jupyter-notebook": "left"
},
"redhat.telemetry.enabled": false,
"editor.minimap.enabled": false,
"go.toolsManagement.autoUpdate": true,
"search.exclude": {
"**/.terraform": true
},
"[yml]": {
"editor.insertSpaces": true,
"editor.tabSize": 2,
"editor.autoIndent": "advanced"
},
"[yaml]": {
"editor.insertSpaces": true,
"editor.tabSize": 2,
"editor.autoIndent": "advanced"
},
"git.openRepositoryInParentFolders": "always",
"[python]": {
"editor.formatOnType": true
},
"editor.inlineSuggest.enabled": true,
"application.shellEnvironmentResolutionTimeout": 60,
"[typescriptreact]": {
"editor.defaultFormatter": "vscode.typescript-language-features"
},
"aws.telemetry": false,
"aws.suppressPrompts": {
"codeWhispererNewWelcomeMessage": true
},
"[jsonc]": {
"editor.defaultFormatter": "vscode.json-language-features"
},
"terminal.integrated.experimentalInlineChat": true,
"prisma.showPrismaDataPlatformNotification": false,
"mssql.enableRichExperiences": true
},
"files.exclude": {
"**/*.js": { "when": "$(basename).ts" },
"**/**.js": { "when": "$(basename).tsx" }
}
}To customize Visual Studio Code using the UI
- Open the settings page with Command-, (comma)
or
- Start Visual Studio Code
- Open Preferences -> Settings
Only tab should accept the suggestion
To force Visual Studio Code to only insert the suggested word with the Tab key, and configure the Enter key to always insert a new line
- On the settings tab search for tab
- Set the Editor: Accept Suggestion On Enter to off
Adds “editor.acceptSuggestionOnEnter”: “off” to the setting.json file
Add trailing newline to every file
- On the settings tab search for insert final newline
- Check the Insert Final Newline checkbox
Adds “files.insertFinalNewline”: true, to the settings.json file
Select text with hyphen with double click
To select the entire text–with–hyphen with double click
- On the settings tab search for editor.wordSeparators
- Delete – (hyphen) from the separator characters
Adds “editor.wordSeparators”: “`~!@#$%^&*()=+[{]}\\|;:’\”,.<>/?” to the settings.json file.
Exclude libraries from search
When we search the source code it can take along time for Visual Studio Code to search through the libraries that only support our application. Exclude the known library folders. Most of them are already included, add the .terraform folder to the list.
- On the settings tab search for search.exclude and click the Add Pattern button
- Enter **/.terraform into the field and click the OK button
Adds
"search.exclude": {
"**/.terraform": true
}to the settings.json file.
Ignore compiled .js files during search when a .ts file exists with the same name
Add this to the settings.json file
"files.exclude": {
"**/*.js": { "when": "$(basename).ts" },
"**/**.js": { "when": "$(basename).tsx" }
}Insert 2 spaces into the .yml and .yaml files when we press the tab key, use tabs in Makefile
- Open the extensions page with Shift-Command-X
- Install the EditorConfig for VS Code plugin
- Save this .editorconfig file in the root of your project files above all projects ( for example in the ~/Git directory)
[Makefile]
indent_style = tab
[*.yml]
indent_style = space
indent_size = 2- Restart Visual Studio Code
Another setting for yml files, (maybe not necessary if the EditorConfig plugin is installed)
- Start Visual Studio Code
- Open the Settings page with Command-,
- Enter yml into the search field and press enter, and click the Edit settings for yaml link
- Enter into the settings.json file
,
"[yml]": {
"editor.insertSpaces": true,
"editor.tabSize": 2,
"editor.autoIndent": false
},
"[yaml]": {
"editor.insertSpaces": true,
"editor.tabSize": 2,
"editor.autoIndent": false
}
Upgrade Bash on macOS
To be able to debug Bash scripts in Visual Studio Code on macOS, we need to upgrade Bash to at least version 4.0. Even the most modern macOS installs, a more than 15 year old, Bash version 3.2.57 from 2007!!!
bash –version
GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin18)
Copyright (C) 2007 Free Software Foundation, Inc.
To upgrade Bash to the latest version follow the instructions by Daniel Weibel at https://itnext.io/upgrading-bash-on-macos-7138bd1066ba
IMPORTANT!!!
If you use iTerm (zshell) keep /bin/zsh as the last item in the /etc/shells file to make it the default shell when you open iTerm.
... /usr/local/bin/bash /bin/zsh
Useful extensions
- EditorConfig for VS Code
- GitLens — Git supercharged
- Go ms-vscode.go
- Terraform mauve.terraform
- Bash Debug rogalmic.bash-debug
You must specify a region. You can also configure your region by running “aws configure”.
When we execute an AWS CLI command, we need to supply the AWS Region. If it is not specified, we get the error message:
You must specify a region. You can also configure your region by running “
configure”. aws
We can add the region with the –region command line argument, or store it in the ~/.
The format of the ~/.
[default]
aws_access_key_id = …
aws_secret_access_key = …
[my-account]
aws_access_key_id = …
aws_secret_access_key = …
The format of the ~/.aws/config file is the following. Make sure to add the word “profile” within the square brackets for every profile you specified in the credentials file, except for the “default” one!!!
[default]
region = us-east-1
output = json
[profile my-account]
region = us-east-1
output = json
Docker commands
Display the Software Bill Of Materials ( the content of the image in table format )
docker sbom MY_IMAGE_NAMEExample: docker sbom nginx
To delete all containers, execute
docker rm -f $(docker ps -a -q)
To delete all images, execute
docker rmi -f $(docker images -q)
Supported Golang GOOS and GOARCH combinations
To get the list of supported GOOS (operating system) and GOARCH (architecture) combinations execute
go tool dist list
To specify the GOOS and GOARCH attributes in the Bash command line, build the Golang application with
GOOS=linux GOARCH=amd64 go build -v -o MY_APP cmd/MY_APP/*.go
x509: certificate signed by unknown authority
I have built a Docker container with a Go application that used the Go AWS SDK. When my program tried to access an S3 bucket I got the error message
RequestError: send request failed
caused by: Get https://MY_BUCKET_NAME.s3.amazonaws.com: x509:certificate signed by unknown authority
To solve the problem I had to add the following line to the Dockerfile
On Ubuntu
RUN apt ca-certificates && rm -rf /var/cache/apk/*
On Alpine
RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*