Liejun Tao liejuntao001

## iptables.conf.template
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FILTERS - [0:0]
:DOCKER-USER - [0:0]

-F INPUT
-F DOCKER-USER
-F FILTERS

## dind_podtemplate.groovy
// Reference https://github.com/jenkinsci/kubernetes-plugin/blob/master/examples/dind.groovy

/*
“Docker-in-Docker”: runs a Docker-based build where the Docker daemon and client are both defined in the pod.
This allows you to control the exact version of Docker used.
(For example, try DOCKER_BUILDKIT=1 to access advanced Dockerfile syntaxes.)
There is no interaction with the container system used by Kubernetes:
docker.sock does not need to be mounted as in dood.groovy.
May or may not work depending on cluster policy: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
*/

## knockd cheetsheet
Server side

# /etc/knockd.conf
[options]
        UseSyslog

[openSSH]
        sequence    = 3000,4000,5000,6000
        seq_timeout = 15
        command     = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport 22 -j ACCEPT

## zfs in ubuntu 19.10
# References
https://docs.oracle.com/cd/E19253-01/819-5461/gayog/index.html

https://gist.github.com/satmandu/4da5e900c2c80c93da38c76537291507

# Commands to add a zfs volume
sudo zfs create -o mountpoint=/home/me/workspace rpool/USERDATA/me_workspace1_c7bzj1

sudo zfs create -o mountpoint=/home/me/VirtualBoxVMs rpool/USERDATA/me_virtualbox_c7bzj1

## fail2ban cheetsheet
# manually unban ip
fail2ban-client set apache-auth unbanip xx.xx.xx.xx

set <JAIL> unbanip <IP>

## diff lots of files
# this is to handle a case of comparing a volume of 90G against its backup
# there are some huge files inside it (3G, 20G)

# https://unix.stackexchange.com/questions/111251/compare-massive-directories-with-progress-report

# find out the total file count
find dir1 -type f | wc -l

# comapre and show progress. filecount is the number from above step
diff -rqs dir1 dir2 | pv -l -s filecount | tee logfile | grep -v "^Files .* identical$"

## restic cheetsheet
# create .restic.env with the values:
export RESTIC_REPOSITORY=
export RESTIC_PASSWORD=
# if using s3 as backend
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=

# test if the restic repository exist. if this gives error, create it
restic snapshots

## s3cmd cheetsheet
# list
s3cmd ls s3://os-test/

# put a file
s3cmd put commit-msg s3://os-test/

# put a file as public
s3cmd put commit-msg s3://os-test/ -P

# put as private

## borg cheetsheet
borg list artifact
borg list artifact::artifact-2019-11-28T03:30:09 home/scm
borg list artifact::artifact-2019-11-28T03:30:09 home/scm/bin/helper.sh
borg extract artifact::artifact-2019-11-28T03:30:09 home/scm/bin/helper.sh

## docker_build.yml
# this is a template to do docker build in Kubernetes
# Refer to my article https://medium.com/swlh/fast-docker-build-in-kubernetes-f52088854f45
apiVersion: v1
kind: Pod
metadata:
  name: docker-build
spec:
  volumes:
  - name: dind-storage
    emptyDir: {}
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD DROP [0:0]
	:OUTPUT ACCEPT [0:0]
	:FILTERS - [0:0]
	:DOCKER-USER - [0:0]

	-F INPUT
	-F DOCKER-USER
	-F FILTERS
	// Reference https://github.com/jenkinsci/kubernetes-plugin/blob/master/examples/dind.groovy

	/*
	“Docker-in-Docker”: runs a Docker-based build where the Docker daemon and client are both defined in the pod.
	This allows you to control the exact version of Docker used.
	(For example, try DOCKER_BUILDKIT=1 to access advanced Dockerfile syntaxes.)
	There is no interaction with the container system used by Kubernetes:
	docker.sock does not need to be mounted as in dood.groovy.
	May or may not work depending on cluster policy: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
	*/
	Server side

	# /etc/knockd.conf
	[options]
	UseSyslog

	[openSSH]
	sequence = 3000,4000,5000,6000
	seq_timeout = 15
	command = /sbin/iptables -I INPUT 1 -s %IP% -p tcp --dport 22 -j ACCEPT
	# References
	https://docs.oracle.com/cd/E19253-01/819-5461/gayog/index.html

	https://gist.github.com/satmandu/4da5e900c2c80c93da38c76537291507

	# Commands to add a zfs volume
	sudo zfs create -o mountpoint=/home/me/workspace rpool/USERDATA/me_workspace1_c7bzj1

	sudo zfs create -o mountpoint=/home/me/VirtualBoxVMs rpool/USERDATA/me_virtualbox_c7bzj1
	# manually unban ip
	fail2ban-client set apache-auth unbanip xx.xx.xx.xx

	set <JAIL> unbanip <IP>
	# this is to handle a case of comparing a volume of 90G against its backup
	# there are some huge files inside it (3G, 20G)

	# https://unix.stackexchange.com/questions/111251/compare-massive-directories-with-progress-report

	# find out the total file count
	find dir1 -type f \| wc -l

	# comapre and show progress. filecount is the number from above step
	diff -rqs dir1 dir2 \| pv -l -s filecount \| tee logfile \| grep -v "^Files .* identical$"
	# create .restic.env with the values:
	export RESTIC_REPOSITORY=
	export RESTIC_PASSWORD=
	# if using s3 as backend
	export AWS_ACCESS_KEY_ID=
	export AWS_SECRET_ACCESS_KEY=

	# test if the restic repository exist. if this gives error, create it
	restic snapshots
	# list
	s3cmd ls s3://os-test/

	# put a file
	s3cmd put commit-msg s3://os-test/

	# put a file as public
	s3cmd put commit-msg s3://os-test/ -P

	# put as private
	borg list artifact
	borg list artifact::artifact-2019-11-28T03:30:09 home/scm
	borg list artifact::artifact-2019-11-28T03:30:09 home/scm/bin/helper.sh
	borg extract artifact::artifact-2019-11-28T03:30:09 home/scm/bin/helper.sh
	# this is a template to do docker build in Kubernetes
	# Refer to my article https://medium.com/swlh/fast-docker-build-in-kubernetes-f52088854f45
	apiVersion: v1
	kind: Pod
	metadata:
	name: docker-build
	spec:
	volumes:
	- name: dind-storage
	emptyDir: {}