I'd originally posted this on stackoverflow a while back but I'm putting it in a gist here
When balancing placement groups you must take into account:
- pgs per osd
- pgs per pool
Running wsgi with nginx for dummies | |
This was written while trying to get ceph-dash monitoring flask api to work with nginx, I'm sure some of the concepts here could be applied to | |
just about any app you're trying to serve through nginx. | |
So ever wanted to know how to fix all the problems? | |
FIX FOR 500 RESPONSE CODE | |
Nginx is NOT starting any wsgi processes for you, I had to start this server manually. In order to get this to work from uwsgi the full path MUST be given to .wsgi file. |
Working as of 18.0.0 and 19.0.0.
get code
gh repo clone ansible/awx-operator
set env, ensure pyenv and pyenv-virtualenvs are installed
pyenv virtualenv awx-operator
pyenv activate awx-operator
age is prefered over pgp. The keydir is different depending on os. for macos:
KEYDIR=${HOME}/Library/Application\ Support/sops/age/
mkdir -p ${KEYDIR}
# note this can be set with SOPS_AGE_KEY_FILE= to a different location if required
# note this has to be keys.txt not key.txt
age-keygen -o ${KEYDIR}/keys.txt
cat keys.txt
# created: 2021-04-13T10:41:17+01:00
the docker and kubectl binaries have a filter switch built in. This is fairly basic on docker but good for piping output around for some more complex operations. Like if you have a lot of containers and forgot to add --rm
to one of them.
docker ps -aq --filter name=yolo | xargs docker container rm
Things get a little better with kubectl but not by much. template
is nice if you need to get a secret and you're not using encryption.
kubectl get secrets <secret-name> -o template --template='{{ .data.password }}' | base64 -d | pbcopy
If you want something more complex, like identifying a subset of a resource that need to have some action performed on them and then performing that action you usually need a script. This can be done with a one-liner though. The draw back to template
is that
I want to create a list of items from a string that would be useful in yaml json or python, so ["1","2"]
from 1 2
(and back again). First understand you have to match a pattern before you can manipulate it. Second understand exactly what that pattern is.
My pattern is a list of yum packages I'd like to quickly move to a yaml list for ansible. Here I have alphanumeric words with 1 sometimes 2 dashes. I have a word with no dashes and one with a dot .
.
python2-mock python-zope-interface pytz pyOpenSSL.x86_64
The answer is, or at least my answer is
[
{
I isolate dependencies using python virtual environments. The base system's os python version can be leaverage inside of these environments when tools clash. Like for certbot or ansible password files where the base configurations doesn't change.
But not to muddy the waters here's exactly what I mean. The azure.azcollection for ansible has a requirements.txt file. They requirements are only necessary for one of our ansible repos. There are clashing dependencies between this collection and our ansible vault_pass
file.
So how do you have the vault_pass
file called by ansible from within a virtual environment utilise a different version of ansible. The answer is not as simple as you might think, or at least not as simple as I first thought.
If I setup a virtual environment the calling interpreter of ansible (the interpreter of my environment) will call the /usr/bin/az
command, which is fine, if it has the dependencies in PATH to run it, which it doesn't.
# ansible.cfg
vault_password_file =
Remove the difference between 2 lists.
- name: Get a file list of deployed post-hooks
command: ls /etc/letsencrypt/renewal-hooks/post/
register: st
- name: Strip file extensions from file list
set_fact:
deployed_post_hooks: "{{ st.stdout_lines|map('regex_replace', '(.sh)', '')|list }}"
If you're using letsencrypt with a third party public dns provider who don't support a mature api you'll have to ensure that the nameservers have propagated the newly created txt record before exiting your manual-auth scripts, returning control back to LE. LE will issue a challenge expecting the record to exist. Depending on the method used by the provider this challenge can fail, actually it likely will if it takes minutes or even 20 to 30 seconds.
This is part of a larger script which will ensure that your dns record is propagated before returning control to LE. The way that I construct text records in this script (not shown here) is done in such a way that something.something.something...example.com
can be chained for as long a domain name is as allowed but here I'm manually setting the _acme-challenge.
prefix which always comes at the start regardless of the length.
Also note that I'm using 8.8.8.8 to gather a list of public provider NS servers for doamin example.com. This is an api problem solved i