24th Week of 2023
Coding⚑
Languages⚑
asyncio⚑
-
New: Basic concepts of concurrency.
Concurrency is best explained by an example stolen from Miguel Grinberg.
Chess master Judit Polgár hosts a chess exhibition in which she plays multiple amateur players. She has two ways of conducting the exhibition: synchronously and asynchronously.
Assumptions:
- 24 opponents
- Judit makes each chess move in 5 seconds
- Opponents each take 55 seconds to make a move
- Games average 30 pair-moves (60 moves total)
Synchronous version: Judit plays one game at a time, never two at the same time, until the game is complete. Each game takes (55 + 5) * 30 == 1800 seconds, or 30 minutes. The entire exhibition takes 24 * 30 == 720 minutes, or 12 hours.
Asynchronous version: Judit moves from table to table, making one move at each table. She leaves the table and lets the opponent make their next move during the wait time. One move on all 24 games takes Judit 24 * 5 == 120 seconds, or 2 minutes. The entire exhibition is now cut down to 120 * 30 == 3600 seconds, or just 1 hour.
Async IO takes long waiting periods in which functions would otherwise be blocking and allows other functions to run during that downtime. (A function that blocks effectively forbids others from running from the time that it starts until the time that it returns.)
-
New: Basic concepts.
aiohttp⚑
-
New: Introduce aiohttp.
aiohttp
is an asynchronous HTTP Client/Server for asyncio and Python. Think of it as therequests
for asyncio.
Configure Docker to host the application⚑
-
New: Remove the apt cache after installing a package.
RUN apt-get update && apt-get install -y \ python3 \ python3-pip \ && rm -rf /var/lib/apt/lists/*
-
New: Add the contents of a directory to the docker.
ADD ./path/to/directory /path/to/destination
DevOps⚑
Infrastructure as Code⚑
Ansible Snippets⚑
-
- name: Authorize the sender ssh key authorized_key: user: syncoid state: present key: "{{ syncoid_receive_ssh_key }}"
-
New: Create a user.
The following snippet creates a user with password login disabled.
- name: Create the syncoid user ansible.builtin.user: name: syncoid state: present password: ! shell: /usr/sbin/nologin
If you don't set a password any user can do
su your_user
to set a random password use the next snippet:- name: Create the syncoid user ansible.builtin.user: name: syncoid state: present password: "{{ lookup('password', '/dev/null', length=50, encrypt='sha512_crypt') }}" shell: /bin/bash
This won't pass the idempotence tests as it doesn't save the password anywhere (
/dev/null
) in the controler machine. -
New: Create an ssh key.
- name: Create .ssh directory become: true file: path: /root/.ssh state: directory mode: 700 - name: Create the SSH key to directory become: true openssh_keypair: path: /root/.ssh/id_ed25519 type: ed25519 register: ssh - name: Show public key debug: var: ssh.public_key
-
New: Skip ansible-lint for some tasks.
- name: Modify permissions command: > chmod -R g-w /home/user tags: - skip_ansible_lint sudo: yes
Chezmoi⚑
-
Correction: Give some tip to deal with big diffs.
Sometimes the
diff
is too big and you need to work with it chuck by chunk. For each change you can either:chezmoi add <target>
if you want to keep the changes you've manually made to the files that match the<target>
.chezmoi apply <target>
if you want to apply the changes that chezmoi proposes for the<target>
.
Here
<target>
is any directory or file listed in thediff
. -
New: Add systemd service for the actions runner.
[Unit] Description=Gitea Actions Runner After=network.target [Service] WorkingDirectory=/var/gitea/gitea/act_runner/main ExecStart=/var/gitea/gitea/act_runner/main/act_runner-main-linux-amd64 daemon [Install] WantedBy=default.target
-
The gitea runner uses the
node:16-bullseye
image by default, in that image thesetup-python
action doesn't work. You can tweak the docker image that the runner runs by editing the.runner
file that is in the directory where you registered the runner (probably close to theact_runner
executable).If you open that up, you’ll see that there is a section called labels, and it (most likely) looks like this:
"labels": [ "ubuntu-latest:docker://node:16-bullseye", "ubuntu-22.04:docker://node:16-bullseye", "ubuntu-20.04:docker://node:16-bullseye", "ubuntu-18.04:docker://node:16-buster" ]
You can specify any other docker image. Adding new labels doesn't work yet.
-
New: Introduce molecule.
Molecule is a testing tool for ansible roles.
-
New: CI configuration.
Since gitea supports github actions you can use the
setup-molecule
andsetup-lint
actions. For example:--- name: Molecule "on": pull_request: env: PY_COLORS: "1" ANSIBLE_FORCE_COLOR: "1" jobs: lint: name: Lint runs-on: ubuntu-latest steps: - name: Checkout the codebase uses: actions/checkout@v3 - name: Setup Lint uses: bec-galaxy/setup-lint@{Version} - name: Run Lint tests run: ansible-lint molecule: name: Molecule runs-on: ubuntu-latest needs: lint steps: - name: Checkout the codebase uses: actions/checkout@v3 - name: Setup Molecule uses: bec-galaxy/setup-molecule@{Version} - name: Run Molecule tests run: molecule test
That action installs the latest version of the packages, if you need to check a specific version of the packages you may want to create your own step or your own action.
-
New: Upgrade to v5.0.0.
They've removed the
lint
command, the reason behind is that there are two different testing methods which are expected to be run in very different ways. Linting should be run per entire repository. Molecule executions are per scenario and one project can have even >100 scenarios. Running lint on each of them would not only slowdown but also increase the maintenance burden on linter configuration and the way is called.They recommend users to run
ansible-lint
usingpre-commit
with or without `tox. That gives much better control over how/when it is updated.You can see an example on how to do this in the CI configuration section.
Infrastructure Solutions⚑
AWS Snippets⚑
-
New: Get EC2 metadata from within the instance.
The quickest way to fetch or retrieve EC2 instance metadata from within a running EC2 instance is to log in and run the command:
Fetch metadata from IPv4:
curl -s http://169.254.169.254/latest/dynamic/instance-identity/document
You can also download the
ec2-metadata
tool to get the info:wget http://s3.amazonaws.com/ec2metadata/ec2-metadata chmod +x ec2-metadata ./ec2-metadata --all
Storage⚑
Sanoid⚑
-
Correction: Use the recursive flag.
recursive
is not set by default, so the dataset's children won't be backed up unless you set this option.[main/backup] use_template = daily recursive = yes
Monitoring⚑
AlertManager⚑
-
New: Alertmanager routes.
A route block defines a node in a routing tree and its children. Its optional configuration parameters are inherited from its parent node if not set.
Every alert enters the routing tree at the configured top-level route, which must match all alerts (i.e. not have any configured matchers). It then traverses the child nodes. If continue is set to false, it stops after the first matching child. If continue is true on a matching node, the alert will continue matching against subsequent siblings. If an alert does not match any children of a node (no matching child nodes, or none exist), the alert is handled based on the configuration parameters of the current node.
A basic configuration would be:
route: group_by: [job, alertname, severity] group_wait: 30s group_interval: 5m repeat_interval: 12h receiver: 'email' routes: - match: alertname: Watchdog receiver: 'null'
Operating Systems⚑
Linux⚑
Gancio⚑
-
New: Introduce Gancio.
Gancio is a shared agenda for local communities.
Other⚑
-
New: UPGRADE FAILED: another operation (install/upgrade/rollback) is in progress.
This error can happen for few reasons, but it most commonly occurs when there is an interruption during the upgrade/install process as you already mentioned.
To fix this one may need to, first rollback to another version, then reinstall or helm upgrade again.
Try below command to list the available charts:
helm ls --namespace <namespace>
You may note that when running that command ,it may not show any columns with information. If that's the case try to check the history of the previous deployment
helm history <release> --namespace <namespace>
This provides with information mostly like the original installation was never completed successfully and is pending state something like STATUS:
pending-upgrade
state.To escape from this state, use the rollback command:
helm rollback <release> <revision> --namespace <namespace>
revision
is optional, but you should try to provide it.You may then try to issue your original command again to upgrade or reinstall.