CoreOS/Flatcar tips

Switching release channels

cat /etc/flatcar/update.conf
cat /usr/share/flatcar/update.conf
sudo sed -i -r '/^GROUP/c GROUP=stable' /etc/flatcar/update.conf
sudo systemctl restart update-engine

# debugging
sudo update_engine_client --status
sudo journalctl -f -u update-engine
cat /usr/share/flatcar/os-release
cat /usr/share/flatcar/update.conf

see https://docs.flatcar-linux.org/os/switching-channels/

Update OEM partition `/usr/share/oem`, vmtoolsd.service

see https://gist.github.com/kyokuheki/3c0f3f773aa24b8364ef02d93c557d1f

journalctl exclude unit

sudo journalctl -f -o json | jq -cMr 'select(._SYSTEMD_UNIT != "XXXXXXX.service") | ._SYSTEMD_UNIT,.MESSAGE'

user definde authorized_keys

cat <<_EOT_ > ~/.ssh/authorized_keys.d/key_name
ssh-ed25519 AAAAxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx comment
ssh-ed25519 AAAAyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy comment
ssh-ed25519 AAAAzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz comment
_EOT_
update-ssh-keys -l

Dockerfile tips

Dockerfile reference is one of the most useful documents. See it.

Best practices for writing Dockerfiles are also helpful.

Replace matching line using `sed`

sed -e '/regexp/c replacement' /path/to/file

# e.g.
sed -e '/^maillog_file/c maillog_file = \/dev\/stdout' /etc/postfix/main.cf

Insert a line before match using `sed`

sed -e '/regexp/i replacement' /path/to/file

# e.g.
sed -e '/^localityName/i localityName_default = Yokosuka' /etc/ssl/openssl.cnf

Insert a line after match using `sed`

sed -e '/regexp/a replacement' /path/to/file

# e.g.
sed -e '/^localityName/a localityName_default = Yokosuka' /etc/ssl/openssl.cnf

Delete matching line using `sed`

sed -e '/regexp/d' /path/to/file

# e.g.
sed -e '/^maillog_file/d' /etc/postfix/main.cf

Debian/Ubuntu Dockerfile

ENV LANG=C.UTF-8 \
    LC_ALL=C.UTF-8 \
    DEBIAN_FRONTEND=noninteractive

RUN set -x \
 && apt-get update && apt-get install -y --no-install-recommends \
    foo-package \
    bar-package \
 && apt-get clean \
 && rm -rf /var/lib/apt/lists/*

replase archive.ubuntu.com with jp mirror (jp.archive.ubuntu.com)

sudo sed -i.orig -re "s@http://archive\.ubuntu\.com@http://jp\.archive\.ubuntu\.com@g" /etc/apt/sources.list

Alpine Dockerfile

RUN set -x \
 && apk add --no-cache -X https://dl-cdn.alpinelinux.org/alpine/edge/testing \
    pure-ftpd

sed -i -e '$ a @testing https://dl-cdn.alpinelinux.org/alpine/edge/testing' /etc/apk/repositories
apk add --no-cache pure-ftpd@testing

list package sizes

for p in `apk info -q`; 
do
  apk info $p -s -q | sed -zr -e 's/ installed size:\n/\t/g' -re 's/ ([TGMK])iB\n/\1/g'; 
done | 
  sort -k2 -h | column -t

# list reverse dependencies
apk info -r perl

Do `chmod` whenever you use COPY/ADD

--chmod flag is WIP.

Environment variable in CMD

use shell form. exec form does not environment variable expansion. see https://docs.docker.com/engine/reference/builder/#cmd

CMD /usr/bin/foo $FOO $BAR

cron in Apline Docker container

run cron in foreground

crond -l 2 -f

run cron in background

crond -l 2 -b

crontab

write a crontab file and store it in /etc/crontabs.

# cat /etc/crontabs/root
# do daily/weekly/monthly maintenance
# min   hour    day     month   weekday command
*/15    *       *       *       *       run-parts /etc/periodic/15min
0       *       *       *       *       run-parts /etc/periodic/hourly
0       2       *       *       *       run-parts /etc/periodic/daily
0       3       *       *       6       run-parts /etc/periodic/weekly
0       5       1       *       *       run-parts /etc/periodic/monthly

/var/spool/cron/crontabs is symbolic link of /etc/crontabs.

# ls -al /var/spool/cron/crontabs
lrwxrwxrwx    1 root     root            13 Jan 16 21:52 /var/spool/cron/crontabs -> /etc/crontabs

15min/hourly/daily/weekly/monthly cron job

write a job script file and store it in /etc/periodic/{15min,hourly,daily,weekly,monthly}.

kyokuheki/coreos.md