Home / user-9113

joshperry's questions

Martin Hope
joshperry
Asked: 2018-04-20 15:57:49 +0800 CST
  • 2

We have a rather extensive set of yaml configuration files that we use to define the deployments, stateful sets, namespaces, services, etc. resources that should be created in the kubernetes API on a cluster.

We have experimented with a few tools like terraform and ansible for deploying the underlying compute and k8s cluster, and they work fine for applying configuration management at that level.

What I haven't found is a good way to intelligently automate the deployment and updating of these resources. We use source control to manage changes to these resource definitions and feed those changes into the test and production clusters with kubectl apply -f.

Often the change is something simple like updating the image tag of for a pod in a deployment. In this case a simple patch of the proper image property on the deployment is all that is needed.

For some of the cannonical resources I've played a bit with kubernetes terraform provider. It's rather cool as it is property aware and can do things like decide between an entity teardown/rebuild and a simple patch.

It falls down, however, in it's speed of development. It is hard to do anything beyond vanilla release k8s. This makes the tool useless for custom resources like used with operators. There are similar providers that will apply your k8s yaml definitions by shelling out to kubectl, but they are not property-aware.

Any pointers on solutions would be appreciated before I start applying some bash-fu.

kubernetes
Martin Hope
joshperry
Asked: 2013-08-06 10:45:33 +0800 CST
  • 1

Is there a way to have the mod_rewrite rules in my .htaccess file take effect before PHP behind fcgi sees the request?

I have an email validation link that I want to redirect from root to the login page before PHP marks it in the database as confirmed.

These are the rules I have in my .htaccess, and they work, but PHP sees the request before the rewrite rule takes effect.

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} activation_key=
    RewriteRule ^$ /login [R,L]
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>

When PHP sees a request that contains the activation_key query string, it marks the user as activated. If the user is already activated, the page will show an "Unknown validation link" error.

With these rewrite rules the request redirects to the /login page and displays the error, indicating - I assume - that PHP had already seen the request.

This is the mod_fastcgi config:

<IfModule mod_fastcgi.c>
    DirectoryIndex index.html index.shtml index.cgi index.php
    AddHandler php5-fcgi .php
    Action php5-fcgi /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
</IfModule>
apache-2.2
Martin Hope
joshperry
Asked: 2010-09-14 11:44:48 +0800 CST
  • 0

We have a server named slc-app-01 and an ASP.NET application in the default website configured as printflow. I set up a CNAME in DNS for printflow to point at slc-app-01 so the application could be accessed via http://printflow/printflow.

The problem is that when the application is accessed via http://printflow/printflow it returns:

403.1 Forbidden: Execute access is denied.

But when accessed via http://slc-app-01/printflow it works fine.

This has worked fine for over a year. The only thing I can think that we recently changed was installing .NET 4.0 and registering ASP.NET 4.0 with IIS. The application however is still configured for .NET 2.0 and we created a separate AppPool for the 4.0 application.

Thanks for any help.

iis-6 http-status-code-403
Martin Hope
joshperry
Asked: 2010-04-14 13:41:33 +0800 CST
  • 1

I'm assuming that squid keeps a list of internal ip:port that a request is made on and the matching external ip:port that the request is fulfilled with.

In the case of a long transfer, such as a file download, it would be nice to be able to see which internal ip:port is downloading the file.

I am able to see the traffic and get the external ip:port that squid is using easily with tcpdump or iptraf but I can't find a way to map this back to an internal ip:port.

squid
Martin Hope
joshperry
Asked: 2009-12-22 15:46:44 +0800 CST
  • 11

I have some ACLs defined on a directory as so:

# owner: root
# group: root
user::rwx
group::r--
mask::r-x
other::r--
default:user::r--
default:group::r--
default:mask::r-x
default:other::r--

I would like any new files created in that folder to be u:apache:r-- and any new directories to be u:apache:r-x. How do I specify that intent using ACLs?

I've tried the -dm u:apache:rX and it doesn't seem to do anything different compared to just rx

overt htdocs # getfacl .
# file: .
# owner: root
# group: root
user::rwx
user:apache:r--
group::r--
mask::r-x
other::r--
default:user::r--
default:user:apache:r--
default:group::r--
default:mask::r--
default:other::r--

overt htdocs # setfacl -dm u:apache:rx .
overt htdocs # touch blah.txt
overt htdocs # getfacl blah.txt
# file: blah.txt
# owner: root
# group: root
user::r--
user:apache:r-x                 #effective:r--
group::r--
mask::r--
other::r--

overt htdocs # rm blah.txt
overt htdocs # setfacl -dm u:apache:rX .
overt htdocs # touch blah.txt
overt htdocs # getfacl blah.txt
# file: blah.txt
# owner: root
# group: root
user::r--
user:apache:r-x                 #effective:r--
group::r--
mask::r--
other::r--

The capital X permission only seems to be useful for setting current permissions, not for setting default permissions:

overt htdocs # setfacl -x u:apache blah.txt
overt htdocs # getfacl blah.txt
# file: blah.txt
# owner: root
# group: root
user::r--
group::r--
mask::r--
other::r--

overt htdocs # setfacl -m u:apache:rX blah.txt
overt htdocs # getfacl blah.txt
# file: blah.txt
# owner: root
# group: root
user::r--
user:apache:r--
group::r--
mask::r--
other::r--
linux