penguinwan

#!/bin/bash -eu

# Generate key
openssl genrsa -out master.key 4096
openssl rsa -in master.key -outform PEM -pubout -out master.pub.pem

# Convert to raw format
cat master.pub.pem | sed -z 's/-*BEGIN PUBLIC KEY-*//g;s/-*END PUBLIC KEY-*//g;s/\n//g' > master.pub.raw

penguinwan

#!/bin/bash -eu

# If you have reverse proxy (eg: envoy) and you want to generate certificate and put in the reverse proxy,
# this script will generate certificate for domain name, eg: mysite.example.com
# To execute, run ./script.sh "<domain_name>" domain_name=example.com

DOMAIN_NAME=$1
SUBJECT="/ST=CA/O=MyOrg/CN=$DOMAIN_NAME"
EXTFILE="subjectAltName=$DOMAIN_NAME"

penguinwan

#!/bin/bash -eu

SUBJECT="/ST=CA/O=MyOrg/CN=test"
# or SUBJECT="/C=DE/ST=NRW/L=Berlin/O=My Inc/OU=DevOps/CN=www.example.com/emailAddress=dev@www.example.com"

openssl req  -nodes \
-new -x509  -keyout root-ca.key \
-sha256 -days 365 -out root-ca.crt \
-subj "$SUBJECT" 

penguinwan

Infrastructure Test

Infrastructure test is difficult, to both write and run. Infrastructure test dealing with 2 most difficult notions, consumer and side effect.

Consumer

As written in previous post, programming is about 2 things, producer/consumer of action/data, infrastructure test is difficult in result assertion, the test at the surface will be easier(DNS), but getting more difficult when it goes to deeper(subnet). For example the infrastructure must spawn instance in private subnet, result verification should assert that a request cannot penetrate to the instance, how can it be sure that when a request is blocked, it is actually blocked by subnet.

Side effect

Infrastructure creates side effects, it is difficult to test because it is not repeatable, or expensive(resource or time) to repeat.

penguinwan

"Steps to an ecology of mind - Gregory Bateson" mentioned the breakthrough from apes to human is at the point where apes start understanding and processing signal. Signal is meta-information, can come from emotion, gesture, context, culture, etc. For example when a person folds hand and frowns, meta-information human received is, angry. When that is a woman, and a man stand next to her, meta-meta-information human received is they are quarreling. When the man is facing the woman while the woman is facing away, meta-meta-meta-information human received is, the man is subjugated.

The difference between human and primitive animal, according to the book, is that primitive animal communication is iconic. Primitive animal can only tell you things that exist, and they don't have the ability to process meta-information. For example a dog could probably know you are not happy, but no more than that, it does not know why, it does not know how. Or, a dog could probably tell you that it is hungry by bring you a bowl, b

penguinwan

About Tests

• TDD - Where did it all go wrong is a video talking about common fallacies of writing tests. It is lengthy but insightful. Why do tests break all the time? I have tests, I still didn’t come to the promised land of automated testing, why? I spend most of my time on maintaining the test suite not the application, why? These questions are answered in this video.
• Styles of Unit Testing is an article codifies unit test verification, knowing different styles of verification.
• Generally, programming is about action on data, whether it is data or actions, it always has 2 ends, the producer and consumer. When it is data, the producer makes data that the consumer can take, When it is action, the producer carries out actions that affect the consumer. When writing test, there are 2 approaches:
• Contract verification - the test verify producer and consumer separately, make sure they ad

penguinwan

Introduction

There are several ways to run selenium test on JMeter:

1. using jmeter webdriver plugin (chrome, firefox, htmlunit, IE driver come directly from jmeter plugin manager)
2. using jmeter script plugin and run groovy script (chrome, or respective driver need to be downloaded separately) No:1 is good for running headful selenium test, however, I had no luck using it to run headless test. I ended up using No.2 to run headless test, which is what described below. If you are interested, you can refer to here to setup headful test.

Steps

1. Download JMeter from here, and unzip/untar it. I am using version 5.4.
2. Download Chrome driver from here. and unzip/untar it. I am using version 88.0.4324.96
3. Download selenium webdriver, and put it to jmeter classpath:

penguinwan

Docker and CGroup

Docker use cgroup for different purposes, one of it is to control memory consumption, read here

When you run a container, and then go into the container, you will see cgroup named by the container ID, are being created and controllers are attached to it(pids, net_cls, blkio, etc).

$ cat /proc/self/cgroup
14:name=systemd:/docker/12e2909abeccab712516c404f2f545a1271c43c30e2509f5946114b600ac9969
13:rdma:/
12:pids:/docker/12e2909abeccab712516c404f2f545a1271c43c30e2509f5946114b600ac9969
11:hugetlb:/docker/12e2909abeccab712516c404f2f545a1271c43c30e2509f5946114b600ac9969

penguinwan

Getting Started with Metrics

Are you confused about different terminologies of metrics? statsd, prometheus, openmetrics, datadog, grafana, gauge, histogram, blah blah blah

The Concept

Monitoring tool

You have an application, you want to monitor its performance.

 -----------                        ---------------
[application] ------------------- [monitoring tool]

penguinwan

Install Docker Pipeline plugin

1. Manage Jenkins >> Manage Plugins >> Available >> Docker Pipeline >> Install without restart
2. Document is here
3. Plugin page here

Configure certificate for Jenkin's docker client to talk to docker host

1. You can create your own certificate via openssl, or if you are lazy like me, reuse the one created by docker machine (i configured my docker machine to talk to remote host)
2. Go to Jenkins >> Credentials >> Add Credentials
3. Kind: X.509 Certificate
4. Scope: Global