TLTR; If you use Emacs Org-Mode Tramp on Windows with Plink with SSH sesion. It creates strange outputs
Long Text:
I use Emacs Org-Mode. Which is a great tool. And i liked to use in a literate DevOps way. Which is also a great Idea, document your work while you are on it.
You will hate me, i have to use a Windows station #work. So i tested it with Putty plink:
#+NAME: harddisk_worker001.sh
#+BEGIN_SRC sh :dir /plink:worker001:/tmp
df --human-readable --local --exclude-type=tmpfs --exclude-type=overlay | awk '{print $5 "\t" $1}' | (read -r; printf "%s\n" "$REPLY"; sort --reverse)
#+END_SRC
#+RESULTS: harddisk_worker001.sh
| Use% | Filesystem |
| 73% | /dev/mapper/system-lvroot |
| 6% | /dev/mapper/system-lvopt |
| 6% | /dev/mapper/system-lvhome |
| 47% | /dev/sda1 |
| 2% | /dev/mapper/system-lvtmp |
| 27% | /dev/mapper/system-lvvar |
| 0% | devtmpfs |
The Result was great, but i liked to also the :session feature of it, to speed it up:
#+NAME: harddisk_worker001.sh
#+BEGIN_SRC sh :dir /plink:worker001:/tmp :session worker001
df --human-readable --local --exclude-type=tmpfs --exclude-type=overlay | awk '{print $5 "\t" $1}' | (read -r; printf "%s\n" "$REPLY"; sort --reverse)
#+END_SRC
#+RESULTS: harddisk_worker001.sh
| Filesystem |
| /dev/mapper/system-lvroot |
| /dev/mapper/system-lvopt |
| /dev/mapper/system-lvhome |
| /dev/sda1 |
| /dev/mapper/system-lvtmp |
| /dev/mapper/system-lvvar |
| devtmpfs |
Which was not the exspected result! Can you explain why the table differs? I am not able see the root cause of this. Except a bug in the tramp-plink implementation, but i am not sure about that.
Can you replay this?
I don't know too much about org, so I have debugged the resulting Tramp calls. Your first command results in org-babel--shell-command-on-region, which invokes a proper process-file call.
Your second example, with the :session argument, doesn't seem to call any Tramp operation related to processes. So I believe org is trying something internally, which I cannot debug further. Maybe a process invocation which isn't Tramp aware, who knows.
I recommend to write an org fault report.
Related
I'm using Cloud Code (extension for Visual Studio Code) and during the deploy, via UI, I'm trying to set the Environment Variables field like this:
KEY1:value1
KEY2:value2,value3
But I'm having this error:
Failed to deploy the app. Error: ERROR: (gcloud.run.deploy) argument --set-env-vars: Bad syntax for dict arg: [value3]. Please see gcloud topic flags-file or gcloud topic escaping for information on providing list or dictionary flag values with special characters. ,Usage: gcloud run deploy [[SERVICE] --namespace=NAMESPACE] [optional flags] optional flags may be --add-cloudsql-instances | --allow-unauthenticated | --args | --async | --binary-authorization | --breakglass | --clear-binary-authorization | --clear-cloudsql-instances | --clear-config-maps | --clear-env-vars | --clear-key | --clear-labels | --clear-post-key-revocation-action-type | --clear-secrets | --clear-vpc-connector | --cluster | --cluster-location | --command | --concurrency | --connectivity | --context | --cpu | --cpu-throttling | --env-vars-file | --help | --image | --ingress | --key | --kubeconfig | --labels | --max-instances | --memory | --min-instances | --namespace | --platform | --port | --post-key-revocation-action-type | --region | --remove-cloudsql-instances | --remove-config-maps | --remove-env-vars | --remove-labels | --remove-secrets | --revision-suffix | --service-account | --set-cloudsql-instances | --set-config-maps | --set-env-vars | --set-secrets | --source | --tag | --timeout | --no-traffic | --update-config-maps | --update-env-vars | --update-labels | --update-secrets | --use-http2 | --vpc-connector | --vpc-egress For detailed information on this command and its flags, run: gcloud run deploy --help
So it seems the comma needs to be escaped. How to do that via Cloud Code UI, please?
If you set the env-var like this: --set-env-var "A=B,C,D" to gcloud, it will treat the comma (,) character as another environment variable declaration and will try to split the value into multiple environment variables. This is explained here in detail.
However, to prevent splitting with commas, you need to specify a different custom delimiter that you’re sure won’t occur in your value string, such as ##:
--set-env-vars "^##^A=B,C,D"
You may also use a format like this as mentioned in the official docs:
--set-env-vars "^#^KEY1=value1,value2,value3#KEY2=..."
I don't think there is a work around here.
We are working to fix this through https://github.com/GoogleCloudPlatform/cloud-code-vscode/issues/560.
For now I could solve that by making "Environment Variables" UI field empty and using a Dockerfile to set the variables, where this syntax works:
ENV KEY1='value1'
ENV KEY2='value2,value3'
Having an issue in production and would really appreciate some help.
We have a manual database vacuum job running starting on Saturday 23:00 (vacuum verbose analyze) in the database is the command used. This morning, checked and it appears the command is still running when looking at pg_stat_activity. The job usually takes 20 mins to complete against this database.
datid | datname | pid | usesysid | usename | application_name | client_addr | client_hostname | client_port | backend_start | xact_start | query_start | state_change | wait_event_type | wait_event | state | backend_xid | backend_xmin | query
-------+----------+-------+----------+------------+------------------+---------------+-----------------+-------------+-------------------------------+-------------------------------+-------------------------------+-------------------------------+-----------------+------------+--------+-------------+--------------+------------------------
16394 | crpsprd | 22525 | 16388 | crpsadmin1 | psql | 154.18.122.76 | | 40480 | 2020-07-18 23:58:02.532968-04 | 2020-07-18 23:58:02.707266-04 | 2020-07-18 23:58:02.707266-04 | 2020-07-18 23:58:02.707268-04 | BufferPin | BufferPin | active | | 146277960 | vacuum verbose analyze
(1 row)
I see below explanation for bufferpin. How can I find out what is blocking this vacuum from accessing the data buffer?
'BufferPin: The server process is waiting to access to a data buffer during a period when no other process can be examining that buffer. Buffer pin waits can be protracted if another process holds an open cursor which last read data from the buffer in question.'
Any advise on this bufferpin wait status. Can I kill this process or will there be any corruption or any other adverse impact?
Long story short
Where should I commit the Dockerfile? In the project codebase or in the devops codebase?
Reasoning details:
Without docker and without CI
In the ancient times, when developing a complex application with multiple code-bases, one normally wanted to have one repo per project and have all the passwords, credentials and dev/test/pre/prod configurations separated from the code.
+-----------------------------------------------------------------------+
| |
| +---------+ +---------+ +---------+ +---------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +---------+ +---------+ +---------+ +---------+ |
| |
| +----+ |
| | |\ |
| | +-+ |
| | conf | |
| | files| |
| +------+ |
| |
+-----------------------------------------------------------------------+
In the old-ancient times one sysadmin installed the software in the server and then later copied the config files. Back in the 90's usually the sysop had those files in a directory of his own, shared only with the boss.
With CI but still without docker
Later we improved the cycle: in Continuos development/integration environments, "the system" itself needs to be able to clone all those repos and be able to "build" the applications and configure them to be ready to be run. Then copy the build into the servers and configure them accordingly.
This enables all the developers to trigger deploys at production, still not compromising the secret keys.
Before containers, typically the companies had an extra "devops" (AKA CI repo) where we had all those config files organized and know by an script. The CI server (pre-docker) knows all the source-code repos, knows the destination-network-topology, has the passwords to the cloud, and copies/builds/deploys everything in its destination and also configures it, making unnecessary the human intervention provided the servers are up and running.
+-----------------------------------------------------------------------+
| |
| +---------+ +---------+ +---------+ +---------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +---------+ +---------+ +---------+ +---------+ |
| |
| +----------------+ |
| | devops | |
| +----------------+ |
| | config-1-devel | |
| | config-1-pre | |
| | config-1-prod | |
| | config-2-devel | |
| | [...] | |
| | config-4-prod | |
| +----------------+ |
| |
+-----------------------------------------------------------------------+
CI with Docker
When it comes to make docker play a role in the equation, I wonder if the correct place to have the Dockerfile is inside the application CVS repository or in the devops repository.
Will the Dockerfile go into the app code-base?
Unless we do an open-source code that needs to run in many platforms, usually the companies establish a target platform and the coders "know" the target system will be an Ubuntu, or a CentOs or so beforehand.
On the other hand it is now that the coders themselves touch the Dockerfile as one moe source-code file. This pushes us to think that the Dockerfile fits in each code-base as the app and the system it runs in will be -probably- coupled by needing certain requirements.
+-----------------------------------------------------------------------+
| |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| |Dockerfile-1 | |Dockerfile-2 | |Dockerfile-3 | |Dockerfile-4 | |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| |
| +----------------+ |
| | devops | |
| +----------------+ |
| | config-1-devel | |
| | config-1-pre | |
| | config-1-prod | |
| | config-2-devel | |
| | [...] | |
| | config-4-prod | |
| +----------------+ |
| |
+-----------------------------------------------------------------------+
Or will the Dockerfile go into the devops code-base (AKA the CI server code-base)?
But also it seems the programmer should do the very same lines of code, for example if he is coding a web application, despite it is run under an apache, an nginx or a caddy server... so the "decission" of the runtime seems it should be coded into the devops code-base:
+-----------------------------------------------------------------------+
| |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| | app-1 | | app-2 | | app-3 | | app-4 | |
| +-------------+ +-------------+ +-------------+ +-------------+ |
| |
| +----------------+ |
| | devops | |
| +----------------+ |
| | Dockerfile-1 | |
| | Dockerfile-2 | |
| | Dockerfile-3 | |
| | Dockerfile-4 | |
| +----------------+ |
| | config-1-devel | |
| | config-1-pre | |
| | config-1-prod | |
| | config-2-devel | |
| | [...] | |
| | config-4-prod | |
| +----------------+ |
| |
+-----------------------------------------------------------------------+
In the team we can't clarify the proper way and I've searched but I am unable to find documentation that demonstrates if the different Dockerfiles should be committed into the app repos or in the devops repo (AKA CI repo).
Where should I commit them?
I would suggest to keep it with your application as it should evolve whith the code base.
IMHO best practice is to keep CI code and config with your app, not in separate repo, so you don't have to manage dependencies between app code version and configurations.
Dockerfile into the app code-base
Maybe if the organization have a few and not standardized applications or there are multiple languages with different strategies in the same company, the Dockerfile should be at repository level to allow direct modifications
But what happen if we are talking about dozens/hundreds of microservices?
In that case, the developer should not modify the Dockerfile because it was developed previously by the architect, technical lead or senior developer
Let's imagine a Dockerfile, entrypoint.sh and other required files that are the base for dozens of applications with same nature like java microservices in the same organization. Here some issues to consider if the Dockerfile is into the code-base:
If you need to change something in this Dockerfile, you will have to change in every git repository.
You must put an extra effort to validate developers don't break this Dockerfile, because is the same for all the others microservices. Can we imagine dozens of microservices, with different Dockerfiles, I mean each of those with its own architecture?
If all microservices needs a common file for docker build, you must put this file in every git repository! Example : ssh-key, tokens, scripts, artifact download keys, etc
Dockerfile into the devops code-base
My advice, based on my dozens of applications, is just what you mentioned. Here some advantages:
Just one Dockerfile for all my microsevices (for example).
If I need to upgrade or fix something, just I need to change one Dockerfile and nothing else.
Developers could see and understand this Dockerfile, but never break it.
C.I Platform
If you choose to put Dockerfile into the devops code-base instead into every git repository in your organization, you must need to develop a flow something like this:
Developer pushes code to git repository
C.I Platform receive the notification
C.I Platform clones the app git repository
C.I Platform clones the devops code base, which contains all of Dockerfile of your organization
C.I Platform determine the nature of app, to select the correct Dockerfile and other files like entry-point.sh, etc
C.I Platform copy the Dockerfile into the app source code root folder.
C.I Platform performs a docker build ...
C.I Platform performs a docker push ... if you have a private docker registry (recommended)
Finally, C.I Platform performs an instantiation (docker run) of the docker image in any of remote server (with docker previously installed)
I could recommend you Jenkins, due to its ease of use
Config Files
I advice you, if possible, do not use complex files at build stage of your applications. Open source technologies are good to do that, but if you are using some proprietary language, you're toast :S
Anyway, if you need config files at build stage, you could use:
https://zookeeper.apache.org to store the plain files as node text for every application
https://github.com/jrichardsz-software-architect-tools/configurator if you just need to centralize configuration variables of your applications
Here some information related to externalization of applications configurations: https://stackoverflow.com/a/51268633/3957754
I found the following very useful command on this site:
find -type f -name '*.bz2' -execdir bzgrep "pattern" {} \;
But I don't understand what the {} \; means, can anyone explain?
Thanks
Placeholders in find.
{} denotes 'whatever you found'.
; means end of statement. The \ lets find see it, without the shell interpolating it.
It's often considered sensible to use '{}' (e.g. with single quotes) because the shell will interpolate {}.
{} is the filename find found ant to substituted in the exec(dir) command.
\; is end of command given after execdir. You need the backslash, since it is not used to show the end of the complete unix command (find).
-execdir bzgrep "pattern" {} \;
^ ^ ^ ^ ^^
| | | | ||
| | | | |end of the execdir flag
| | | | |
| | | | shell escape
| | | |
| | | 2. argument to bzgrep
| | | {} is substituted with the current filename
| | 1. argument to bzgrep
| |
| the command to run
execute a command
i.e. for each file that find finds, it runs bzgrep where {} is substituted with the file name.
The ; is needed to end the -execdir, so you can e.g. have other flags to the find command after it. the \ is used to escape the ;, since a ; on the shell would otherwise be interpreted as a command separator (as in e.g. the oneline cd /etc ; ls -l). Single quoting the ; would also work, ';' instead of \; - at least in bash.
Or as the manpage sayes:
-exec command ;
Execute command; All following arguments to find are taken to
be arguments to the command
until an argument consisting of ‘;’ is encountered. The string
‘{}’ is replaced by the current file name being processed
Unfortunatly psql -l uses linewraps
example
see output and regard the "access" column
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-------------------------+------------+----------+-------------+-------------+-----------------------
firstdb | postgres | UTF8 | de_DE.UTF-8 | de_DE.UTF-8 |
secnddb | scnduser | UTF8 | de_DE.UTF-8 | de_DE.UTF-8 |
thrddb | scnduser | UTF8 | de_DE.UTF-8 | de_DE.UTF-8 |
postgres | postgres | UTF8 | de_DE.UTF-8 | de_DE.UTF-8 |
template0 | postgres | UTF8 | de_DE.UTF-8 | de_DE.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | de_DE.UTF-8 | de_DE.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
(6 rows)
hint even with some option, I can't get that gone:
$ psql -Atlqn
firstdb|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|
secnddb|scnduser|UTF8|de_DE.UTF-8|de_DE.UTF-8|
thrddb|scnduser|UTF8|de_DE.UTF-8|de_DE.UTF-8|
postgres|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|
template0|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|=c/postgres
postgres=CTc/postgres
template1|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|=c/postgres
postgres=CTc/postgres
Question Is there another way to get the list of databases in the same way \list prints it so I can use it in scripts for parsing with e.g. awk?
Interesting issue. You're being bitten by hard linewraps in ACL entries. Those aren't the only place they can appear btw, just the most common.
Use a null-byte recordsep
Rather than trying to avoid the newlines, why not use a different record separator? A null byte (\0) can be good; that's what the -0 option is for. It's only useful if your client can deal with null bytes, though; good for xargs -0, not good for lots of other stuff. The handy thing about a null byte is that it won't appear in psql's output otherwise so there's no risk of conflict. gawk does support null-separated records, though it's woefully underdocumented.
Try, e.g:
psql -Atlqn -0 | gawk -vRS=$'\0' '{ gsub("\n", " "); print }
which replaces newlines in database names (yes, they can appear there!), ACL entries, etc with a space.
Use a different recordsep
Alternately, use -R, e.g. -R '!' or -R '--SEPARATOR--' or whatever is easy for you to parse and not likely to appear in the output.
Query the catalogs yourself, escaping strings
Depending on the information you need, you can instead query the catalogs or information_schema directly, too. You'll still have to deal with funny chars, so you may want a regexp to escape any funny business.
Newlines and shell metacharacters
Beware that you still have to deal with unexpected newlines; consider what happens when some ##$# does this:
CREATE DATABASE "my
database";
Yes, that's a legal database name. So are both of:
CREATE DATABASE "$(rm -rf /gladthisisnotroot);";
CREATE DATABASE "$(createuser -l -s my_haxxor -W top_secret)"
Yes, both are legal database names. Yes, that's really, really bad if you don't escape your shell metacharacters properly, you made the mistake of running your shell scripts as root or the postgres user, and they're not feeling nice.
All relevant data is in pg_database and pg_user
see http://www.postgresql.org/docs/current/static/catalog-pg-database.html
select pg_database.datname,pg_user.usename,pg_encoding_to_char(pg_database.encoding),pg_database.datcollate,pg_database.datctype,pg_database.datacl from pg_database,pg_user WHERE pg_database.datdba = pg_user.usesysid;
on shell, wrapped in psql command:
psql -AStnq -c "select [...]"
returns correct formatted
template1|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|{=c/postgres,postgres=CTc/postgres}
template0|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|{=c/postgres,postgres=CTc/postgres}
postgres|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|
firstdb|postgres|UTF8|de_DE.UTF-8|de_DE.UTF-8|
secnddb|scnduser|UTF8|de_DE.UTF-8|de_DE.UTF-8|
thrddb|scnduser|UTF8|de_DE.UTF-8|de_DE.UTF-8|