cloudposse / geodesic Goto Github PK
View Code? Open in Web Editor NEW๐ Geodesic is a DevOps Linux Toolbox in Docker
Home Page: https://cloudposse.com/accelerate
License: Apache License 2.0
๐ Geodesic is a DevOps Linux Toolbox in Docker
Home Page: https://cloudposse.com/accelerate
License: Apache License 2.0
reating
should be reading
detailedInstanceMonitoring: {{ getenv "KOPS_CLOUDWATCH_DETAILED_MONITORING" "true" }}
shellcheck
to lint all bash scriptsbuild-harness
- etcdMembers:
{{- range (getenv "KOPS_AVAILABILITY_ZONES" | strings.Split ",") }}
- encryptedVolume: true
...
{{- end }}
geodesic/rootfs/conf/kops/helmfile.yaml
Lines 445 to 481 in b6e46f4
bash -l
is run (e.g. by multiple concurrent sessions in the same container), then a new syslog-ng
daemon is spawnedPID USER TIME COMMAND
1 root 0:00 /bin/bash -l
7 root 0:00 aws-vault server
28 root 0:00 ssh-agent
31 root 0:00 {syslog-ng} supervising syslog-ng
32 root 0:00 syslog-ng -f /etc/syslog-ng/syslog-ng.conf
37 root 0:00 aws-vault exec --assume-role-ttl=1h --server cpco-testing-admin -- bash -l
46 root 0:00 bash -l
65 root 0:00 {syslog-ng} supervising syslog-ng
66 root 0:00 syslog-ng -f /etc/syslog-ng/syslog-ng.conf
796 root 0:01 kops rolling-update cluster --yes
812 root 0:00 bash -l
839 root 0:00 {syslog-ng} supervising syslog-ng
840 root 0:00 syslog-ng -f /etc/syslog-ng/syslog-ng.conf
870 root 0:00 ps uxaww
/etc/profile.d/syslog-ng.sh
doesn't check for already running instanceaws-vault: error: Server failed: exit status 2
aws-vault server
should only be run once globally across all shell because it binds to 169.254.169.254
pidof: unrecognized option: x
BusyBox v1.28.4 (2018-05-30 10:45:57 UTC) multi-call binary.
Usage: pidof [OPTIONS] [NAME]...
List PIDs of all processes with names that match NAMEs
-s Show only one PID
-o PID Omit given pid
Use %PPID to omit pid of pidof's parent
pidof
on busybox/musl supports different argumentsshfmt
to format all shell scriptsbuild-harness
.aws/config
from run-time environment settingsTF_VAR_*
envs to use these#!/usr/bin/env bash
AWS_SOURCE_PROFILE="cpco"
AWS_PROFILE="cpco-root-admin"
AWS_REGION="us-west-2"
AWS_IAM_ROLE_ARN="arn:aws:iam::847230548837:role/${AWS_PROFILE}"
AWS_IAM_MFA_SERIAL="arn:aws:iam::847230548837:mfa/[email protected]"
function configure() {
# When creating a new/non-existent profile, the `aws configure` command gets confused if `AWS_PROFILE` or `AWS_DEFAULT_PROFILE`
# are set to something which does not yet exist. Running it in `env` lets us sanify the environment.
echo "[$AWS_PROFILE] $1=$2"
env -u AWS_PROFILE -u AWS_DEFAULT_PROFILE aws configure set "profile.${AWS_PROFILE}.$1" "$2"
}
configure "region" "$AWS_REGION"
configure "role_arn" "$AWS_IAM_ROLE_ARN"
configure "mfa_serial" "$AWS_IAM_MFA_SERIAL"
configure "source_profile" "$AWS_SOURCE_PROFILE"
maybe we should also call this command if source profile not yet defined:
aws-vault add ${AWS_SOURCE_PROFILE}
# Allow the manifest to be extended via a datasource
{{if (datasourceExists "extensions")}}
{{include "extensions"}}
{{end}}
Add custom instance pools.
e.g.
---
apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
labels:
kops.k8s.io/cluster: {{getenv "KOPS_CLUSTER_NAME"}}
name: example-nodes
spec:
detailedInstanceMonitoring: {{ getenv "KOPS_CLOUDWATCH_DETAILED_MONITORING" "true" }}
{{- if getenv "NODE_IG_SG_IDS" }}
additionalSecurityGroups:
{{- range (getenv "NODE_IG_SG_IDS" | strings.Split ",") }}
- {{.}}
{{- end }}
{{- end}}
associatePublicIp: false
cloudLabels:
Role: k8s-vortex-node
image: {{ getenv "KOPS_BASE_IMAGE" }}
machineType: {{getenv "EXAMPLE_MACHINE_TYPE"}}
maxSize: {{getenv "EXAMPLE_MAX_SIZE"}}
minSize: {{getenv "EXAMPLE_MIN_SIZE"}}
nodeLabels:
dedicated: {{getenv "EXAMPLE_LABEL" | default "example" }}
role: Node
subnets:
- {{getenv "AWS_REGION"}}a
taints:
- dedicated={{getenv "EXAMPLE_LABEL" | default "example" }}:NoSchedule
helm-s3
pluginhelmfile.yaml
sets ingress.tls[0].secretName
and ingress.tls[0].hosts[0]
for the chartmuseum releasesgeodesic
# Mounting /home/goruha into container
# Attaching to existing geodesic session
Available commands:
leave-role Leave the current role; run this to release your session
assume-role Assume a new role; run this to renew your session
setup-role Setup a new role; run this to configure your AWS profile
use-profile Use a preconfigured profile; run this to use an AWS profile without assumed roles
Error connecting to agent: Connection refused
Error connecting to agent: Connection refused
Makefile:145: recipe for target 'add-ssh-key' failed
make: *** [add-ssh-key] Error 2
When I run this (in geodesic or the Dockerfile)
s3 fstab TF_BUCKET /dev /secrets/tf/
The fstab contains:
s3fs#TF_BUCKET:/dev /secrets/tf/ fuse _netdev,allow_other,rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions 0 0
mount -a
should not produce error
s3fs script should check if filesystem is already mounted
Concerning version 0.12.6. Also reproduced in 0.11.0.
Editing historical command lines using emacs keys is broken in certain circumstances. My guess is that it has to do with a divergence between the actual length of the prompt when output versus the length of the prompt when queried by the command line editor.
Reproducing this bug is a little tricky. This seems to work for me, but you might have to try some variations.
echo top level this is a long command
Expected: cursor hovers over "e" in echo.
Observed: cursor hovers over "c" in echo.
Not only does this cause difficulty in editing historical command lines, it results in a dangerous situation where the command visible on the command line is not exactly what will be submitted when you hit return.
$HOME
to /localhost
is not working on WSL (Windows Shell for Linux)This works:
docker run -it --rm -v /C/Users/sebas_000/AppData/Local/lxss/home/martaver:/test alpine sh
This does not:
docker run -it --rm -v /home/martaver:/test alpine sh
Maybe we should do something like in the wrapper script if we detect WSL:
mount --bind /mnt/c /c
or
mount --bind /C/Users/sebas_000/AppData/Local/lxss/home/martaver /home/martaver
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeTags",
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup"
],
"Resource": "*"
}
]
}
โง geodesic
โ (none) ~ โค l /etc/bash_completion.d/
total 372
lrwxrwxrwx 1 root root 37 Jun 7 18:18 aws.sh -> /usr/local/aws/bin/aws_bash_completer
but it is now at:
โ (none) ~ โค which aws_bash_completer
/usr/bin/aws_bash_completer
My environment:
OS:
sw_vers
ProductName: Mac OS X
ProductVersion: 10.12.6
BuildVersion: 16G29
ls -lah ~/.aws/
total 16
drwxr-xr-x 5 sweetops staff 170B Sep 12 22:50 .
drwxr-xr-x+ 77 sweetops staff 2.6K Sep 20 14:09 ..
drwxr-xr-x 3 sweetops staff 102B Sep 12 22:50 cli
-rw------- 1 sweetops staff 444B Sep 13 18:58 config
-rw------- 1 sweetops staff 341B Sep 13 19:30 credentials
Steps for reproduce:
docker run --rm -it test.com > ./geodesic
chmod 755 geodesic
./geodesic use --name=test.com --dev
cloudposse/packages
for optional inclusion~/.geodesic/env
file and pass it as --env-file
, if foundmake build
- Build geodesic module from geodesic:0.16.1make install
- Install geodesic module$CLUSTER_NAME
- run into shellgoruha@goruha-laptop ~/projects/cloudposse/example.com (feature-collect-logsโโ)$ example.com [ruby-2.5.1p57]
# Mounting /home/goruha into container
# Starting new example.com session from r.cfcr.io/example.com:latest
# Exposing port 39257
Ctlr+D
I gotgoruha@goruha-laptop ~/projects/cloudposse/example.com (feature-collect-logsโโ)$ example.com [ruby-2.5.1p57]
# Mounting /home/goruha into container
# Starting new example.com session from r.cfcr.io/example.com:latest
# Exposing port 39257
^C04da1f47d29c:~#
I got it working very easily.
Here's what I did (manually):
DOCKER_DNS
stuff that points to 8.8.8.8
in the wrapper script as it breaks DFM DNS resolution of docker.for.mac.localhost
/localhost/.kube/config
to use FQHN for Docker host docker.for.mac.localhost
export KUBECONFIG=/localhost/.kube/config
sed -i 's,https://localhost:6443,https://docker.for.mac.localhost:6443,g' /localhost/.kube/config
I'd like us to simplify this process so it basically works out-of-the-box.
bash4
zsh
as well.brew
)PROMPT_STYLE
environment variable that alters the behavior of the shell prompthelm-push
plugin (e.g. helm plugin install https://github.com/chartmuseum/helm-push
)[2018-08-01T23:13:04.271134] WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.13 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file.;
We recently upgraded to alpine:3.8
which bumped the syslog-ng version.
I was hoping to watch your demo but after 2 minutes of waiting and staring at rotating backslash I gave up.
Why don't you use asciinema for this kind of thing. It can cut long pauses or provides a slide to skip certain parts of a video.
requirements.txt
FROM python:3.6-alpine as base
FROM base as builder
RUN mkdir /install
WORKDIR /install
COPY requirements.txt /requirements.txt
RUN pip install --install-option="--prefix=/install" -r /requirements.txt
FROM base
COPY --from=builder /install /usr/local
bats-core
Update documentation for for helmfile.d
If you start a new project following the Quick Start guide, would the expectation be that the example.foo.bar website matches root.cloudposse.co Dockerfile?
This isn't a bug-report per-se but a new-user feedback list and items that would be needed to complete the documentation:
docker run --rm -it $IMAGE | tr -d "\r" > $TMP && bash $TMP 0.9.17
--privileged
? If it's a must, then this complicates using aws-vault in both geodesic and native (geodesic will create vault keys as root in your home directory)aws configure
does not respect AWS_DATA_PATH
or AWS_CONFIG_FILE
aws configure
it always writes to ~/.aws
regardless of the official ENVs.sed
hack to use fastly upstream CDNkube2iam
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.