RunC vs Kata containers performance

Basically, Docker uses RunC to provide lightweight and isolated environment for your software.

Since whole Docker nowadays consists of extensible Moby project, one could implement their own environment and run "containers" with other technologies, for example, pure exec or qemu. In last case you porbably mean Kata Containers project, same …

more ...

Simulate packet loss and delays

It was neccessary to test failover script which should switch uplink in case of main ISP outage.

First thing is to just plug the cable out. But how to simulate high RTT and packet losses?

Here comes traffic control (tc) utility with it's queuing disciplines (qdisc). Long story short, it …

more ...

Alertmanager, create silence via API

Sometimes your CI jobs execute heavy tasks which could lead to firing off some alerts. In this case it may be smart to automatically create short-lived silences to prevent such false-positive triggering.

It's possible to use default Prometheus Alertmanager's UI, but in this case we would like to automate, so …

more ...

AWS EC2 instance screenshot

Sometimes you would like to know what happens with your EC2. Especially when it's unreachable and failed to start logging daemon. Despite absence of IP-KVM, you still may access your instance screen with aws CLI tool:

aws ec2 get-console-screenshot --instance-id i-0e434bded75493e2d | jq -cr '.ImageData' | base64 --decode > tmp.jpg

This command …

more ...

Limit backup disk usage rate

Sometimes you don't want to utilize disk too heavy.

My case was not to alert monitoring on disk i/o trigger (and yes, this is a workaround, in common case you'd probably like to modify alert setting instead). I tried nice, ionice and even systemd-run -p "IOWriteBandwidthMax=/dev/sdX 10M …

more ...


Wireguard, a kernel-space VPN

WireGuard is a VPN toolkit. It's written in C, faster than OpenVPN/IPsec and much simpler to use.

Instead of reading number of pages of "How to generate keys" tutorial and then heading to "How to install and configure daemon" when dealing with OpenVPN, you could just set thing up …

more ...

Ansible for Vscale

Today I would like to show you couple of useful scripts which let one manage vscale.io resources with Ansible.

Dynamic Inventory - this tool let you forget about definitive inventory files. You just use this script which act as some kind of Ansible-to-provider-API proxy. Each time you run ansible, script …

more ...

SSH host behind NAT

Today I solved task of establishing persistent SSH tunnel from NAT-ted host to local machine.

The problem is that Host B is supplied with dynamic IP, so you can't just connect to it.

[A] -X-> [B]
me       target

I decided to reverse the process and force Host B to contact …

more ...

10 console utilities challenge

I was asked to name 10 linux console commands/utils consist of 3 symbols. To be honest, I ended up about 7-8 of those.

After couple of minutes at home I managed to beat this challenge, here's my list:

cat/tac
top
tar/dar/zip
git
vim
ldd
sed/awk …
more ...

Regular expression for validating IP addresses

Let's say, we would like to determine if particular symbols are valid public IPv4 address.

# valid octet, 0-255
octet = '1?[0-9][0-9]?|2([0-4][0-9]|5[0-5])'

# 4 valid octets separated with dots
octet_with_dot = octet + '\.'

# IPv4-address
ip_regex = '^({a}){3}{b}$'.format(a=octet_with_dot, b=octet)

But does it belong to …

more ...

Strip Docker container

Today we would get rid of all unnecessary stuff in our Docker images.

To be honest, this task is not really useful in real life due to layered filesystem Docker uses. So even in case of huge images, you store base only once. Then it's all about relatively small deltas …

more ...

tail --follow in python

When writing a bot to detect CV visits and notify me via Telegram, I was implementing tail --follow in python to evade usage of system's tail utility.

Here is how this generator could be used as separate program:

#!/usr/bin/env python

import sys
import time

def tailf(fname):
    try …
more ...

Linux boot stages

How does linux boots up, from power button to running services.

Power button

When you pressed power button, current runs through circuits over the motherboard and boot process starts.

It also could be magic packet sent via network or some other remote start method. Let's say, command sent from IPMI …

more ...

CAP-теорема и распределенные системы

Начну издалека, пару месяцев назад я проходил собеседование на одну позицию удаленного админа в иностранной компании. Общение кончилось хорошо, хотя по ряду моментов вакансия перестала быть интересной. Но важно не это.

В процессе разговора собеседник обмолвился про CAP-теорему. Мол, есть такое правило, которое в работе с распределенными системами имеет место …

more ...