INT 21h

Hi, I am Vladimir Smagin, SysAdmin, DevOps and barely good guy. Telegram Email / GIT / Микроблог / Thingiverse / GPG

WordPress operator for Kubernetes

№ 10224 В разделах: Администрирование Программирование от August 18th, 2019,

Run multiple WordPress instances in your Kubernetes cluster. Use internal or external database. Internal database means a single pod with MariaDB without any replication or clusterization, my WordPress operator is NOT MySQL operator. If you need database high availability use MySQL operator to create cluster.

Нет комментариев »

Starting MSSQL in Amazon RDS with Terraform

№ 10191 В разделе "Администрирование" от August 9th, 2019,

resource "aws_db_instance" "default_mssql" {
  identifier = "test-mssql"
  final_snapshot_identifier = "test-mssql"
  license_model             = "license-included"
  instance_class = "db.m4.large"
  storage_type              = "gp2"
  engine                    = "sqlserver-se"
  engine_version = "12.00.4422.0.v1"
  vpc_security_group_ids = ["${}"]
  username         = "master_chief"
  password         = "MueQuopdsdSDFG%45esdfgsdf"
  allocated_storage = 50 // not less than 50 Gb
  publicly_accessible = true // if you want to connect remotely
  storage_encrypted = true 
  skip_final_snapshot = true

resource "aws_security_group" "mssql_security_group" {
  name        = "test_mssql_group"
  description = "Allow all inbound traffic"

  ingress {
    from_port   = 1433
    to_port     = 1433
    protocol    = "tcp"
    cidr_blocks = [""]

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = [""]


// Identifier of the mssql DB instance.
output "mssql_id" {
  value = "${}"

// Address of the mssql DB instance.
output "mssql_address" {
  value = "${aws_db_instance.default_mssql.address}"

Нет комментариев »

Require SSL connection to MSSQL in FreeTDS

№ 10185 В разделе "Администрирование" от August 9th, 2019,

MSSQL port 1433 can accept both SSL and non-SSL connections. But how to be ensure? You set host, ca file and encryption options and you see in Wireshark plain text instead of encrypted TLS. I just removed ca file option and it working now. Bug? May be.

Edit freetds.conf:

        host =
        encryption = require

Start capturing in Wireshark again, reconnect to server and now you can see TLS packets

Нет комментариев »

Zabbix calculated item and abschange (change)

№ 10168 В разделе "Администрирование" от August 9th, 2019,

Last time I wrote to you how monitor your Nginx instance with Zabbix. Now I tell you how to calculate rates from counters.

You looking at something like that in your template

Now create new Item handled

Ok, see at field with formula, it linked with created earlier Item “Nginx Handled”. As said in official documentation abschange shows you a difference between last and current values. Now set Interval to 60 seconds and you have “Handled per minute” value.

Of course, you want to create some Graphics. All people loves graphics!

Нет комментариев »

Splash: how to change user-agent with Lua in Bash

№ 10157 В разделах: Администрирование Программирование от August 3rd, 2019,

Before start install jq application, required to work with JSON, used to prepare lua script for sending to Splash API.

Create file named splash.lua

function main(splash, args)
  splash:set_user_agent('Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5H11 Safari/525.20')
  splash:set_viewport_size(800, 600)
  return splash:png()

Create bash script


JSON="{\"lua_source\":$(jq -Rs . < script.lua)}"

curl -s -X POST -H "Content-Type: application/json" -d "${JSON}" \
   "" -o out.png

Check result image

Нет комментариев »

Микроблог перейти

# 2019-08-09 09:51:44

Штука, которая в инит контейнере может получить из Vault креды и передать их в контейнер с софтом. Надо будет расковырять ее подробнее на выходных.

# 2019-08-07 20:04:59

Оказывается Canonical начали предлагать Kubernetes

# 2019-08-06 17:41:08

hetzner-kube поможет быстро задеплоить Kubernetes кластер на облака Hetzner. Балансировать можно или отдельными виртуалками с nginx, или через DNS

© Vladimir Smagin, 2005-2019. Копирование материалов без разрешения запрещено. GPG DA4CD0F5E222EA727D6A40C413BCE12E5618F071 *

Fortune cookie: Today's spam: .End pre.mature ej.aculation, and being la.beled the "m.inut.e man".