At their core, containers are just Linux processes that are namespaced. This means in practice, many containers still run as processes on the same host machine. While namespacing processes using cgroups creates very good boundaries between processes, the isolation is still not perfect.
Read the rest of this entry »A user of the Tanuki Service Wrapper reminded me that Tanuki released version 3.5.37 of the Java Service Wrapper some time ago. So in this post, I can provide version 3.5.37 of the Java Service Wrapper for Windows x64.
As always, I don’t guarantee anything, so please note:
Read the rest of this entry »For a few years now I have been using the pass password manager. It is a wonderfully simple way to manage passwords using PGP to encrypt passwords in text files. The same files can then be placed in a git repository, which makes replicating passwords easy.
For different reasons I am now migrating to gopass, a Go implementation of pass with a few additional features. I am using Homebrew to install gopass on my machine: brew install gopass. Theoretically, gopass should work out-of-the-box and is compatible with the old pass utility. So I was quite surprised to see an error message like this:
$ gopass github
Entry 'github' not found. Starting search...
Found exact match in 'github.com/simonkrenger'
gpg: decryption failed: No secret key
Error: failed to retrieve secret 'github.com/simonkrenger': Failed to decrypt
Strange. But decrypting the password file directly using PGP works fine:
$ gpg -d ~/.password-store/github.com/simonkrenger.gpg
[..]
If the above command using gpg does not work, check your keys using gpg --list-keys and gpg --list-secret-keys. Especially when migrating to GPG2, sometimes keys do not get imported into the new keyrings. In case you need to import the old keyring into the new format like so:
$ gpg --import ~/.gnupg/pubring.gpg
$ gpg --import ~/.gnupg/secring.gpg
But even after importing the keys, I still received gpg: decryption failed: No secret key. So after searching around I found that I need to set the GPG_TTY variable:
$ export GPG_TTY=$(tty)It seems that not setting the GPG_TTY environment variable leads to the error above. Which is quite misleading. After setting this environment variable (and adding it to the .bash_profile), gopass works as expected.
A user of the Tanuki Service Wrapper reminded me that Tanuki released version 3.5.36 of the Java Service Wrapper some time ago. So in this post, I can provide version 3.5.36 of the Java Service Wrapper for Windows x64.
If you have worked with remote Linux servers before, I am guessing you already encountered machines that just don’t want to reboot. This is typically due screwed-up network mounts or stuck processes, so the server will hang during shutdown. But it turns out that there are other ways to reboot a server.
One of these is the “Magic SysRq key“. To reboot a server using the SysRq trigger in the kernel, use the following two commands. First, enable the trigger:
echo 1 > /proc/sys/kernel/sysrqThen, reboot the server the magic way by typing
echo b > /proc/sysrq-triggerNote that this will reboot the server without unmounting or syncing the filesystems! There are also other options available via the SysRq trigger, some of them are listed in the Wikipedia article above.
So I started working with GitLab (self-hosted and gitlab.com), which led me to the CI/CD features of GitLab. When using GitLab, one can define a custom CI pipeline just by placing a .gitlab-ci.yml file in your project (just like the .travis.yml for GitHub). After each commit to the defined git branch, the pipeline is then executed.
Since I also work with Ansible playbooks a lot, I wanted to use ansible-lint to check my playbooks after each commit. In addition to that, I also added a syntax check using ansible-playbook [..] --syntax-check, as ansible-lint will not pick up all syntax errors.
So here is my .gitlab-ci.yml:
A user of the Tanuki Service Wrapper reminded me that Tanuki released version 3.5.35 of the Java Service Wrapper some time ago. So in this post, I can provide version 3.5.35 of the Java Service Wrapper for Windows x64.
So when working with a lot of different namespaces in Kubernetes and you only know the “oc project” command from OpenShift, you start to miss an easy way to change namespaces in Kubernetes.
The official documentation to switch namespaces proposes something like this:
$ kubectl config set-context $(kubectl config current-context) --namespace=<insert-namespace-name-here>Not something that I want to type regularly. First I tried to create a BASH alias or something, which did not work. So I looked around for BASH functions. I found that Jon Whitcraft proposed a nice BASH function in a GitHub issue. I lightly modified this and placed this in my own .bashrc file:
function kubectlns() {
ctx=`kubectl config current-context`
ns=$1
# verify that the namespace exists
ns=`kubectl get namespace $1 --no-headers --output=go-template={{.metadata.name}} 2>/dev/null`
if [ -z "${ns}" ]; then
echo "Namespace (${1}) not found, using default"
ns="default"
fi
kubectl config set-context ${ctx} --namespace="${ns}"
}So to change your namespace, use something like this:
$ kubectlns simon
Context "kubernetes-admin@kubernetes" modified.Nice and short.
So after completing the AWS Certified Solutions Architect – Associate certificate back in October, I thought that this would be a good idea to also pursue the Solutions Architect certificate. So just before Christmas, I succeeded in getting the second AWS certification:
On the 28th of November, me and my colleagues from SBB had the honor of speaking at the Open Source Workshop at Deutsche Bahn in Frankfurt.
Deutsche Bahn (the German counterpart to SBB, where I currently work) is looking to invest more in Open Source technology and also container platforms. This is why they are holding a yearly Open Source Workshop. Me and my colleagues from SBB are big supporters of Open Source software (SBB has lots of stuff on GitHub) and we also participate in the OpenShift Container Platform Community Switzerland (also on GitHub).
So in our presentation, we mainly talked about operating OpenShift at scale, our Open Source tools and why we participate in Open Source software. You can find more information on Twitter. We had a lot of fun and are looking forward to joining Deutsche Bahn again next year – if we are invited ;).