Milan – Milan's blog

Azure API Management: Chicken or the egg dilemma.

Sometimes in your IaC, you may need to get the API definitions from the backend AppService. At the same time, you may need to restrict access to the AppService based on the source IP address:

Create two modules:[code_snippet_source id=1 line_numbers=true]

module “apimanagementapi-0000” {
….

data “http” “swagger” {
url = “${var.service_url}/swagger/v1/swagger.json”
request_headers = {
Accept = “application/json”
}
}
…

resource “azurerm_api_management_api” “api” {

import{

content_format = “openapi+json”

content_value = data.http.swagger.body

}
…

How to account for traffic in GCP

The following may be used as a custom metric to weight scale decisions.

SELECT TIMESTAMP_TRUNC(TIMESTAMP, MINUTE) AS ts,
sum(CAST (jsonPayload.bytes_sent AS INT64)) AS sent, jsonPayload.dest_instance.zone AS dst_zone, jsonPayload.dest_instance.vm_name
FROM delasport-prod.NetFlow.compute_googleapis_com_vpc_flows_*
WHERE _TABLE_SUFFIX IN (
FORMAT_DATE("%Y%m%d",CURRENT_DATE),
FORMAT_DATE("%Y%m%d", DATE_SUB(CURRENT_DATE, INTERVAL 1 DAY)))
AND TIMESTAMP_DIFF(TIMESTAMP_SUB(CURRENT_TIMESTAMP, INTERVAL 60 MINUTE),TIMESTAMP,MINUTE) < 60
AND jsonPayload.src_instance.zone IS NOT NULL
AND jsonPayload.dest_instance.zone IS NOT NULL
AND jsonPayload.src_instance.zone != jsonPayload.dest_instance.zone
AND jsonPayload.bytes_sent != "0" group by ts,jsonPayload.dest_instance.zone, jsonPayload.dest_instance.vm_name

SELECT
count(*) as cnt, _TABLE_SUFFIX as table_name
FROM
[$Project].[$dataset].*
Where _TABLE_SUFFIX like '%20201116%'
Group by table_name
Order by cnt DESC

How to log sudoers

vi /root/.bashrc

myname=`who am i | awk '{print $1}'`
PROMPT_COMMAND='history -a >(logger -p local2.info -t "$myname $USER[$PWD] $SSH_CONNECTION")'

1 2	myname=`who am i \| awk '{print $1}'` PROMPT_COMMAND='history -a >(logger -p local2.info -t "$myname $USER[$PWD] $SSH_CONNECTION")'

vi /etc/rsyslog.conf

$umask 0000 <br />$FileCreateMode 0666 <br />local2.info /var/log/usercommands<br />$umask 0077

1	$umask 0000 <br />$FileCreateMode 0666 <br />local2.info /var/log/usercommands<br />$umask 0077

GiGl first alpha version available

GiGl (Glycemic index/Glycemic load) is an app that I developed for personal usage. It is a fast way to check the expected response of your body to most of the commonly available foods. Key points:

No tracking. No adds. The app doesn’t require network permissions.
Insulin index (II where scientific study available).
Open-source.

Continue reading “GiGl first alpha version available”

CI/CD Symfony 4 with GitLab

In my latest project (API endpoint based on Symfony and api-platform), I have the task to optimize and automate CI/CD processes. As a result: here is super-simplified version of the resulting GitLab pipiline:
Continue reading “CI/CD Symfony 4 with GitLab”

Fighting SPAM with postfix and fail2ban

After detecting spammers with an RBL list you can block them for a predefined period of time with the help of fail2ban. How does it work:
– fail2ban parses mail.log
– when a spammer IP is found it is added to a temporary list
– future requests from the spammer’s IP is blocked Continue reading “Fighting SPAM with postfix and fail2ban”

Copy data from bloomberg sft with winscp cmd

It is a little bit tricky to run winscp command. Here is a working example:

connect and authenticate with pre shared key
synchronize all except bin,etc
exit with correct exit code
eventually run powershell script

@echo off
"C:\Path\WinSCP.com" ^
  /log="C:\Path\WinSCP.log" /ini=nul ^
  /command ^
    "open sftp://username@sftp.bloomberg.com/ -hostkey=""ssh-rsa 2048 AA:BB:CC:DD:EE:FF:AA:BB:CC:DD:EE:FF:00:00:00:00"" -privatekey=""C:\Path\bloomberg.ppk""" ^
    "synchronize -filemask=""|/bin/;/etc/""  local ""SFTP"""^
    "exit"

set WINSCP_RESULT=%ERRORLEVEL%
if %WINSCP_RESULT% equ 0 (
  echo Success
) else (
  echo Error
)

powershell -file sync2r.ps1
exit /b %WINSCP_RESULT%

@echo off

"C:\Path\WinSCP.com" ^

/log="C:\Path\WinSCP.log" /ini=nul ^

/command ^

"open sftp://username@sftp.bloomberg.com/ -hostkey=""ssh-rsa 2048 AA:BB:CC:DD:EE:FF:AA:BB:CC:DD:EE:FF:00:00:00:00"" -privatekey=""C:\Path\bloomberg.ppk""" ^

"synchronize -filemask=""|/bin/;/etc/"" local ""SFTP"""^

"exit"

set WINSCP_RESULT=%ERRORLEVEL%

if %WINSCP_RESULT% equ 0 (

echo Success

) else (

echo Error

)

powershell -file sync2r.ps1

exit /b %WINSCP_RESULT%

Running screen with su

/etc/rc.local

screen -d -m /home/mdt/project1/scripts/run_workers.sh

1	screen -d -m /home/mdt/project1/scripts/run_workers.sh

/home/mdt/project1/scripts/run_workers.sh

su mdt -c '/home/mdt/project1/app/console supertag:gearman:run-worker --env=prod 2>&1 | while read line; do echo `/bin/date` "$line" >> /home/mdt/project1/app/logs/worker.log; done'

1	su mdt -c '/home/mdt/project1/app/console supertag:gearman:run-worker --env=prod 2>&1 \| while read line; do echo `/bin/date` "$line" >> /home/mdt/project1/app/logs/worker.log; done'

Testing IO performance with variable block size on NTFS and REFS

Basic command:

diskspd.exe -b64K -d60 -h -L -o2 -t4 -r -w50 -c512M z:\io2.dat

1	diskspd.exe -b64K -d60 -h -L -o2 -t4 -r -w50 -c512M z:\io2.dat

raw data: Continue reading “Testing IO performance with variable block size on NTFS and REFS”

Control Webasto Parkin Heater with Meitrack GPS

Here is a schematic diagram of connecting Meitrack GPS to control Webasto parking heater.
You can turn it on/off with the following SMS:

0000,C01,20,22221

1	0000,C01,20,22221

0000,C01,20,22220

1	0000,C01,20,22220

Or use some web app…
Continue reading “Control Webasto Parkin Heater with Meitrack GPS”