Compare commits
5 Commits
c56cf3fe91
...
b07249f7ae
Author | SHA1 | Date |
---|---|---|
Jake Howard | b07249f7ae | |
Jake Howard | 4227e6da2f | |
Jake Howard | 65e681742d | |
Jake Howard | 24fc330e64 | |
Jake Howard | 74ef7d9232 |
|
@ -12,4 +12,4 @@ Things I've learned, and need to remember - so future me has a chance of using t
|
|||
!!! warning
|
||||
These notes are mine, collected over time. Just because I've said it here, doesn't mean it's the absolute best practice. It worked for me, it might work for you.
|
||||
|
||||
If you're interested, there's an [RSS feed](/feed_rss_created.xml).
|
||||
If you're interested, there are RSS feeds for [updated](/feed_rss_updated.xml) and [created](/feed_rss_created.xml) notes.
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
title: Find and kill long running queries
|
||||
tags:
|
||||
- PostgreSQL
|
||||
link: https://medium.com/little-programming-joys/finding-and-killing-long-running-queries-on-postgres-7c4f0449e86d
|
||||
sources:
|
||||
- https://medium.com/little-programming-joys/finding-and-killing-long-running-queries-on-postgres-7c4f0449e86d
|
||||
---
|
||||
|
||||
# Running queries
|
||||
|
|
|
@ -2,11 +2,9 @@
|
|||
title: Monitor redis commands
|
||||
tags:
|
||||
- Redis
|
||||
emoji: 👀
|
||||
link: https://redis.io/commands/monitor/
|
||||
---
|
||||
|
||||
It's often useful to view what Redis is working on.
|
||||
|
||||
1. Connect to redis
|
||||
2. `MONITOR`
|
||||
2. [`MONITOR`](https://redis.io/commands/monitor/)
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
title: Monitor running queries
|
||||
tags:
|
||||
- PostgreSQL
|
||||
link: https://techmango.org/2017/11/04/monitor-running-queries-postgresql/
|
||||
sources:
|
||||
- https://techmango.org/2017/11/04/monitor-running-queries-postgresql/
|
||||
---
|
||||
|
||||
View a list of running queries:
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
title: Truncate a database from the inside
|
||||
tags:
|
||||
- PostgreSQL
|
||||
emoji: 🐘
|
||||
---
|
||||
|
||||
How to delete database from the inside, with only access to that database.
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
title: Example note
|
||||
emoji: 👋
|
||||
modified: 2022-09-09
|
||||
---
|
||||
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
title: Get credentials for an assumed role
|
||||
tags:
|
||||
- AWS
|
||||
link: https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
|
||||
emoji: 🔑
|
||||
sources:
|
||||
- https://aws.amazon.com/premiumsupport/knowledge-center/iam-assume-role-cli/
|
||||
---
|
||||
|
||||
It's often useful to get regular access keys as if you were assumed into another role. This is possible:
|
||||
|
|
|
@ -1,47 +0,0 @@
|
|||
---
|
||||
title: Cross-account data transfer
|
||||
tags:
|
||||
- AWS
|
||||
link: https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
|
||||
emoji: 🪣
|
||||
---
|
||||
|
||||
To copy bucket contents from bucket in account A to bucket in account B:
|
||||
|
||||
1. Create new S3 bucket in account B
|
||||
2. Create IAM role / user in account B, with access to destination bucket
|
||||
3. Add IAM inline policy to user:
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "s3:*",
|
||||
"Resource": [
|
||||
"arn:aws:s3:::<source_bucket>/*",
|
||||
"arn:aws:s3:::<source_bucket>"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
4. Add policy to source bucket
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": "arn:aws:iam::<account_id>:user/<user>"
|
||||
},
|
||||
"Action": "s3:*",
|
||||
"Resource": ["arn:aws:s3:::<source_bucket>/*", "arn:aws:s3:::<source_bucket>"]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
|
@ -0,0 +1,62 @@
|
|||
---
|
||||
title: Cross-account data transfer in S3
|
||||
tags:
|
||||
- AWS
|
||||
sources:
|
||||
- https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/
|
||||
- https://stackoverflow.com/a/63804619
|
||||
---
|
||||
|
||||
To copy bucket contents from a bucket in account A to a bucket in account B:
|
||||
|
||||
1. Create new S3 bucket in account B
|
||||
2. Create IAM role / user in account B, with access to destination bucket
|
||||
3. Add IAM inline policy to the newly-created user:
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "s3:*",
|
||||
"Resource": [
|
||||
"arn:aws:s3:::<source_bucket>/*",
|
||||
"arn:aws:s3:::<source_bucket>"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
4. Add policy to source bucket
|
||||
|
||||
```json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": "arn:aws:iam::<account_id>:user/<user>"
|
||||
},
|
||||
"Action": "s3:*",
|
||||
"Resource": ["arn:aws:s3:::<source_bucket>/*", "arn:aws:s3:::<source_bucket>"]
|
||||
}
|
||||
]
|
||||
}
|
||||
```
|
||||
|
||||
Now, you can run `aws s3 sync` as the account in account B, and access both buckets.
|
||||
|
||||
## ACLs
|
||||
|
||||
Whilst it might seem counter-intuitive, a **pull**-based transfer is significantly simpler than a **push**-based transfer. Notably, it avoids [issues](https://stackoverflow.com/a/63804619) with ownership issues and ACLs. Bucket policies don't seem to apply if the object is owned by a different account, which is the case when ACLs are enabled and the object is written by a user not in the organisation (hence pull-based being best).
|
||||
|
||||
These can be solved by overwriting the file's ACLs to enforce the bucket owner owns the file:
|
||||
|
||||
```
|
||||
aws s3 cp --recursive 's3://<destination_bucket>` 's3://<destination_bucket>` --acl bucket-owner-full-control --metadata-directive REPLACE
|
||||
```
|
||||
|
||||
It's then good practice to make sure the ACLs are as you expect (eg [`./manage.py fix_document_acls`](https://github.com/torchbox/wagtail-storages?tab=readme-ov-file#django-admin-fix_document_acls)).
|
|
@ -2,9 +2,10 @@
|
|||
title: Simple reverse proxy
|
||||
tags:
|
||||
- Networking
|
||||
link: https://docs.mitmproxy.org/stable
|
||||
---
|
||||
|
||||
This uses [`mitmproxy`](https://docs.mitmproxy.org/stable), which can proxy both HTTP and HTTPS.
|
||||
|
||||
```
|
||||
mitmproxy --mode reverse:http://localhost:8000
|
||||
```
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
title: Rebase commits done on the wrong branch
|
||||
tags:
|
||||
- Git
|
||||
link: https://git-scm.com/book/en/v2/Git-Branching-Rebasing#_more_interesting_rebases
|
||||
---
|
||||
|
||||
```sh
|
||||
|
@ -10,3 +9,5 @@ git rebase --onto master server client
|
|||
```
|
||||
|
||||
> Take the `client` branch, figure out the patches since it diverged from the `server` branch, and replay these patches in the client branch as if it was based directly off the `master` branch instead.
|
||||
|
||||
See also ["more interesting rebases"](https://git-scm.com/book/en/v2/Git-Branching-Rebasing#_more_interesting_rebases)
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
title: Downmixing audio channels
|
||||
tags:
|
||||
- Media
|
||||
emoji: 🎵
|
||||
link: https://trac.ffmpeg.org/wiki/AudioChannelManipulation
|
||||
sources:
|
||||
- https://trac.ffmpeg.org/wiki/AudioChannelManipulation
|
||||
---
|
||||
|
||||
```bash
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
title: Strip audio / subtitle stream with ffmpeg
|
||||
tags:
|
||||
- Media
|
||||
emoji: 🎵
|
||||
link: https://stackoverflow.com/a/38162168
|
||||
sources:
|
||||
- https://stackoverflow.com/a/38162168
|
||||
---
|
||||
|
||||
```bash
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
---
|
||||
title: Stop saving bash history
|
||||
emoji: 🤔
|
||||
tags:
|
||||
- Shell
|
||||
modified: 2022-11-02
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
import jinja2
|
||||
from mkdocs.structure.nav import Navigation
|
||||
from urllib.parse import urlparse
|
||||
|
||||
@jinja2.pass_context
|
||||
def get_page(context, slug):
|
||||
|
@ -25,8 +26,11 @@ def get_notes(context):
|
|||
|
||||
return sorted(notes, key=lambda p: p.meta["git_creation_date_localized_raw_iso_date"], reverse=True)
|
||||
|
||||
def get_domain(url):
|
||||
return urlparse(url).netloc
|
||||
|
||||
def on_env(env, config, files):
|
||||
env.tests["startswith"] = str.startswith
|
||||
env.globals["get_page"] = get_page
|
||||
env.globals["get_notes"] = get_notes
|
||||
env.filters["domain"] = get_domain
|
||||
|
|
|
@ -15,7 +15,7 @@ extra:
|
|||
- icon: fontawesome/brands/github
|
||||
link: https://github.com/RealOrangeOne
|
||||
- icon: fontawesome/solid/rss
|
||||
link: /feed_rss_created.xml
|
||||
link: /feed_rss_updated.xml
|
||||
analytics:
|
||||
provider: plausible
|
||||
domain: notes.theorangeone.net
|
||||
|
|
|
@ -30,3 +30,11 @@
|
|||
<strong>GitHub</strong>
|
||||
</a>.
|
||||
{% endblock %}
|
||||
|
||||
{% block content %}
|
||||
{{ super() }}
|
||||
|
||||
{% if page.meta.sources %}
|
||||
<small>Sources: {% for source in page.meta.sources %}<a href="{{ source }}">{{ source|domain }}</a>{% endfor %}</small>
|
||||
{% endif %}
|
||||
{% endblock %}
|
||||
|
|
Loading…
Reference in New Issue