README.md

Snippets

Testing

Useful services for testing online

• jq ployground https://jqplay.org/
• another jq ployground https://jqterm.com/?query=.
• go template https://repeatit.io/
• go https://goplay.space/
• k8s YAML generator https://k8syaml.com/

Upload from CLI

• https://bashupload.com/
• https://0x0.st/
• https://transfer.sh/
• https://hastebin.com/about.md

CLI

Bash

Redirect

# Redirect stderr to stdout
cmd 2>&1
# Redirect stdout to stderr
cmd 1>&2
## stderr and stdout to file
cmd 1>combined.log 2>&1

Show unix time 2 months ago

date +%s -d '2 months ago'

Show time in format YYYY-MM-DD-hh-mm-ss

date "+%F-%H-%M-%s"

find files accessed 5 min ago

find . -cmin -5

find logs for 2 days and tar it

find logs/ -mtime -2 -type f | xargs -d "\n" tar cvfz $(date "+%F-%H-%M-%S")-logs.tar.gz

find Revision: field in all y(a)ml files

find . -name '*.yml' -o -name '*.yaml' -print0 | xargs -0 grep 'Revision:' | grep -v depricated

find all catalogs with helm charts and lint them

find apps/ -mindepth 1 -maxdepth 1  -type d | xargs -I %HELMCHART% bash -c "helm dependency build %HELMCHART% && helm lint --with-subcharts --debug %HELMCHART%"

find | grep and check

find . -name '*.yml' -o -name '*.yaml' -print0 | xargs -0 grep -E '(R|r)evision: .+' | grep -vE '(depricated|HEAD)' || EXIT_CODE=$?

find and delete

find / -name .terraform -exec rm -rf {} \;
find . -name ".terraform" -print0 | xargs -I {} -0 rm -rf "{}"

loop over array vars with suffix

declare -A HTTP_CHECK_1=([addr]=google.com [port]=443)
declare -A HTTP_CHECK_2=([addr]=example.com [port]=383)

declare -A SIP_CHECK_1=([addr]=1.1.1.1 [port]=5060)
declare -A SIP_CHECK_2=([addr]=2.2.2.2  [port]=5060)

for _CHECK in $(compgen -v | grep -xE '(HTTP|SIP)_CHECK_.*'); do
   declare -n p="$_CHECK"
   echo "${p[addr]}"
done

read template into the var

read -r -d '' VAULT_CONF <<EOF
{ "cluster_name":
  {
    "config":
      {
        "token_reviewer_jwt": "${JWT_TOKEN}",
        "kubernetes_host": "https://${ENDPOINTS}",
        "kubernetes_ca_cert": "${K8S_CA}"
      }
  }
}
EOF

echo ${VAULT_CONF} | jq

logging to syslog

exec > >(tee >(logger  -p local0.notice -t $(basename "$0")))
exec 2> >(tee >&2 >(logger  -p local0.error -t $(basename "$0")))

wait for changes and do something (POST for example)

while true; do
   inotifywait "$(readlink -f $1)"
   echo "[$(date +%s)] Trigger refresh"
   curl -sSL -X POST "$2" > /dev/null
done

read ssh keys from variables starting from 'SSHKEY_'

for key in "${!SSHKEY_@}"; do
    ssh-add <(echo "${!key}")
done

heredoc to var

read -r -d '' CONFIG <<EOF
{ "cluster_name":
  {
    "config":
      {
        "p1": "${VAR1}",
        "p2": "${VAR2}",
      }
  }
}
EOF

sort by semver

printf "1.0\n2.0\n2.12\n2.10\n1.2\n1.10" | sort -t "." -k1,1n -k2,2n -k3,3n

trap a signal

#!/bin/bash

trap "echo 'Terminating';exit" INT TERM

echo "PID: $$"
while true
do
    echo "$(date +'%H:%M')"
    sleep 10
done

trap a signal v2

trap _term SIGINT SIGTERM

_term() {
  echo 'Terminating'
  exit
}

random number in range

shuf -i 10-70 -n 1

fill up 90% memory

stress-ng --vm-bytes $(awk '/MemFree/{printf "%d\n", $2 * 0.9;}' < /proc/meminfo)k --vm-keep -m 1

set default editor

export EDITOR='subl -w'
ansible-vault edit ...

get script working dir

SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

script execution time

start=$(date +%s)
sleep 10
end=$(date +%s)
diffSeconds="$(($end-$start))"
diffTime=$(date -d @${diffSeconds} +"%H:%M:%S" -u)
echo "Diff in seconds: ${diffSeconds}."
echo "Diff time(H:M:S): ${diffTime}."

passing parameters to bash when executing a script fetched by curl

curl http://example.com/script.sh | bash -s -- arg1 arg2

Ecnryption

Encrypt/decrypt file with AES

echo "secret" | openssl enc -aes-256-cbc -a -e -iter 1000 -k "password"

echo "U2FsdGVkX19qISwjfyH5M9eNCFnEh5XfUHBBA7yfNkQ=" | openssl enc -aes-256-cbc -a -d -iter 1000 -k "password"

system

journalctl get docker logs

journalctl -u docker -o json | jq -cMr 'select(has("CONTAINER_ID") | not) | .MESSAGE'

boot

journalctl --list-boots
journalctl -b -1 #last boot

priority

journalctl -b -1  -p "emerg".."crit" # output all messages with priority between emergency and critical from last boot
journalctl -b -1  -p 0..2 the same
journalctl -p 4 # from error level error

time

journalctl -n 50 --since "1 hour ago" # last 50 messages logged within the last hour
journalctl --since "2015-06-26 23:15:00" --until "2015-06-26 23:20:00" # system time spec: https://www.freedesktop.org/software/systemd/man/systemd.time.html

reverse

journalctl -u docker -r # list in reverse order

git

git diff to folder

git -C some/code/app diff --relative HEAD~   # relative path in patch file
git -C some/code/app diff  HEAD~ > app.patch # full path
git apply app.patch

using oath2 token instead of password

git config --global url."https://oauth2:${TOKEN}@gitlab.com/".insteadOf https://gitlab.com/

create MR on gitlab

git push \
    -o merge_request.create \
    -o merge_request.target=master \
    -o merge_request.title="switch to ${CI_COMMIT_TAG}" \
    -o merge_request.description="${DESCRIPTION//$'\n'/<br />}" \
    "https://oauth2:${TOKEN}@gitlab.com/${DEST_GROUP}/${DEST_REPO}.git" \
    "${NEW_BRANCH}"

delete tag localy and remotely

git tag -d v1.0.0
git push origin :refs/tags/v1.0.0

delete tag localy and remotely v2

git push --delete origin v1.0.0
git tag -d v1.0.0

networking

ssh ignore known hosts for vagrant

ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i .vagrant/machines/test00/virtualbox/private_key [email protected]

scan ssh keys

ssh-keyscan -p 2222 gitlab.example.ru

open remote server port on local machine

ssh <remote_host> -N -f -L <local_port>:127.0.0.1:<repote_port>

check port verbosely

nc -vzw 2 server.example.com 8500

get ssl certificate from web

echo | openssl s_client -showcerts -servername 10.3.0.17 -connect 10.3.0.17:443 2>/dev/null | openssl x509 -inform pem -noout -text

curl via ip

curl https://example.com --resolve 'example.com:443:192.0.2.17'

curl and untar

sudo bash -c "curl -L https://github.com/cilium/cilium-cli/releases/download/v0.12.4/cilium-linux-amd64.tar.gz | tar -xz -C /usr/local/bin/"

send email with curl

curl --ssl-reqd \
  --url 'smtps://smtp.gmail.com:465' \
  --user '[email protected]:password' \
  --mail-from '[email protected]' \
  --mail-rcpt '[email protected]' \
  --upload-file /dev/null

get all TCP-packets with RST flag https://serverfault.com/questions/217605/how-to-capture-ack-or-syn-packets-by-tcpdump

tcpdump "tcp[tcpflags] & (tcp-rst) != 0"
tcpdump "(net 10.1.2.0/24 or 10.2.2.0/24) and tcp[tcpflags] & (tcp-rst) != 0"

find pattern in network traffic

ngrep -iq "/ping.*user-agent" "port 80" -W byline

docker

remove all older than

docker system prune --filter 'until=168h' --all -f

docker image format

docker images --format "{{ .ID}} {{.Repository }}:{{ .Tag}}"

k8s

git images

kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c

k8s delete ns with finalizers

NAMESPACE=argocd-system
kubectl proxy &
kubectl get namespace $NAMESPACE -o json |jq '.spec = {"finalizers":[]}' >temp.json
curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize

wait for some res

kubectl wait --for condition=ready -l node-role.kubernetes.io/control-plane node
kubectl wait --for condition=ready -l node-role.kubernetes.io/master node
kubectl wait --for condition=ready node --all --timeout=10s
kubectl wait --for=condition=ready pod -l app=someapp
kubectl wait --for=condition=complete --timeout=30s  job/some-job

exec to some shell

kubectl exec -i -t -n default pt-test-pod -c test-pod "--" sh -c "clear; (bash || ash || sh)"

limits requests

kubectl get pods -o=custom-columns=NAME:spec.containers[*].name,MEMREQ:spec.containers[*].resources.requests.memory,MEMLIM:spec.containers[*].resources.limits.memory,CPUREQ:spec.containers[*].resources.requests.cpu,CPULIM:spec.containers[*].resources.limits.cpu

get cadvisor metrics

kubectl proxy --port 8888 & curl -s http://localhost:8888/api/v1/nodes/${NODE_NAME}/proxy/metrics/cadvisor

heredoc apply

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Pod
metadata:
  name: httpbin
  namespace: demo-service
  labels:
    app: httpbin
spec:
  containers:
  - name: httpbin
    image: kennethreitz/httpbin
    ports:
      - containerPort: 80
EOF

yc

remove all yc profile by mask

yc config profile list | grep "${PROFILE_NAME}" | xargs -L 1 yc config profile delete

get cloud-id

yc --profile="${PROFILE_NAME}" config get cloud-id

get k8s cluster id

yc --profile="${PROFILE_NAME}" managed-kubernetes cluster list --format json | jq '.[].id' -r

get instances ids for yc k8s node group

yc managed-kubernetes node-group list-nodes "group-1a" --profile="${PROFILE_NAME}" --format json | jq '.[].kubernetes_status.id'

tf

edit terraform state

terraform state pull > tf.state
vi tf.state # (don't forget increase serial)
terraform state push tf.state

Jq

select records with .level is "info|error|warn" and .msg is not contain "deprecated"

jq '. | select(.level | test("info|error|warn")) | select(.msg | test(".+deprecated.+") | not )

select records with worker label exist and have addr type InternalIP

jq '.items[] | select(.metadata.labels."node-role.kubernetes.io/worker"!=null) | .status.addresses | .[] | select (.type=="InternalIP") | .address' -r

using args

jq --arg name "istiod-v1x13" '.items[] | .metadata | select( .name | test($name)) | .name' -r
jq --arg revision v1x13 '.items[] | select( .spec.revision == $revision ) | .metadata.name' -r