Monday, 28 February 2022

Weirdness with the IBM Cloud CLI tool

A friend of mine was having some interesting fun and games with the IBM Cloud CLI tool: -

ic plugin install vpc-infrastructure

Looking up 'vpc-infrastructure' from repository 'IBM Cloud'...

FAILED

Unable to fetch plug-ins from repository 'IBM Cloud':

invalid character '<' looking for beginning of value

and: -

ic plugin repo-plugins -r "IBM Cloud"

Getting plug-ins from repository 'IBM Cloud'...

FAILED

Unable to fetch plug-ins from repository 'IBM Cloud':

invalid character '<' looking for beginning of value

When we checked, she was on a back-level version: -

ic version

ibmcloud version 1.2.3+3577aee-2020-09-25T14:55:44+00:00

so we tried to get it updated: -

ic update

Checking for updates...

FAILED

An error occurred when fetching latest CLI info:

invalid character '<' looking for beginning of value

We even tried enabling debug: -

export IBMCLOUD_TRACE=true

as, under the covers, the CLI tool is making a LARGE number of REST API calls, but still saw: -

invalid character '<' looking for beginning of value

**AND** a bunch of HTML

This implied that the old back-level CLI was getting some HTML from the IBM Cloud CLI endpoint, which wasn't ( obviously ) valid JSON, and was thus choking the CLI.

The mitigation was to install a new fresh up-to-date copy: -

curl -fsSL https://clis.cloud.ibm.com/install/osx | sh

and then we were off to the races: -

ic version

/usr/local/bin/ibmcloud version 2.5.0+3bf759b-2022-02-24T21:48:22+00:00

Wednesday, 23 February 2022

TIL - Logging into IBM Cloud with fewer keystrokes

So, back in the day i.e. earlier today, this is how I'd log into IBM Cloud: -

ic login --apikey $(cat ~/keyfile_staging_payg.json | jq -r .apikey) -r us-south -a 

where I'm using cat and jq to parse a JSON document containing my API key: -

cat ~/keyfile_staging_payg.json | jq -r .apikey

Well, today I learned that I can do it in fewer keystrokes ...

ic login --apikey @keyfile_staging_payg.json -r us-south -a https://test.cloud.ibm.com

In other words, I'm using @ rather than a combination of cat and jq.

Now, personally, I use aliases to make life even easier e.g.

testlogin='ic login --apikey @~/keyfile_staging_payg.json -c 19f41865a1cf430c918334d89f6b09b9 -r us-south -a https://test.cloud.ibm.com'

where said aliases are defined in ~/.bash_profile or ~/.zshenv.

All of which is nice!


Monday, 21 February 2022

Yet more fun with jq, this time it's gosh-darned hyphens

I'm working with Kubernetes atm, and was trying / failing to retrieve a specific Secret

This was what I was running: -

kubectl get secret bootstrap-token-abcdef --namespace kube-system --output JSON | jq .data.token-secret    

but jq was borking with: -

jq: error: secret/0 is not defined at <top-level>, line 1:

.data.token-secret            

jq: 1 compile error

whereas other similar keys were being retrieved just fine: -

kubectl get secret bootstrap-token-abcdef --namespace kube-system --output JSON | jq .data.description 

This occurred whether I was using Zsh or Bash as my Mac's shell

Note the difference ?

Yes, the working key does NOT have a hyphen ( - ) whereas the failing key surely does ...

This helped: -


namely: -

You can use ."" syntax, like jq '."app-code"'

Hmm, I thought, and tried that: -

kubectl get secret bootstrap-token-abcdef --namespace kube-system --output JSON | jq '.data."token-secret"'

Yay!

I also wanted the output in raw format, so added in a -r switch: -

kubectl get secret bootstrap-token-abcdef --namespace kube-system --output JSON | jq -r '.data."token-secret"'

Good to know

Wednesday, 16 February 2022

IBM Cloud Object Storage - where's my GUID

Before we start, GUID is an abbreviation for Globally Unique Identifier. It's a relatively widely used acronym, but I'd hate to assume that it's commonly known.

So, whilst doing some work with IBM Cloud, I needed to locate the GUID for my IBM Cloud Object Storage (COS) instance.

Whilst this IS available from the web UI, it's not totally easy to find ...

For me, it's available via the Resources page https://cloud.ibm.com/resources under the Storage twistie: -



If I then click on either the Group ( Default ) or the Location ( Global ) or
the Product Cloud Object Storage ), a slide-in appears on the right-hand side of the page, with details of the instance including the GUID: -



The key thing is to NOT click on the actual instance name e.g. Cloud Object Storage-dp ( in my case ), as that's a hyperlink that takes one INTO the actual instance.

As an alternative, and perhaps better for scripting and automation, the GUID is available "programmatically" : -

ic resource service-instance "Cloud Object Storage-dp" --output JSON | jq -r .[].guid

6c961dec-5c14-425a-cf47-e64661ba96a1

which is much better ....


Tuesday, 15 February 2022

Podman ate my hard disk ....

Well, not quite

docker build -t hello-world:latest -f Dockerfile .

STEP 1/9: FROM nginx:mainline-alpine

Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf.d/999-podman-machine.conf)

Trying to pull docker.io/library/nginx:mainline-alpine...

Getting image source signatures

Copying blob sha256:f2303c6c88653b9a6739d50f611c170b9d97d161c6432409c680f6b46a5f112f

Copying blob sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3

Copying blob sha256:8d6ba530f6489d12676d7f61628427d067243ba4a3a512c3e28813b977cb3b0e

Copying blob sha256:5288d7ad7a7f84bdd19c1e8f0abb8684b5338f3da86fe9ae1d7f0e9bc2de6595

Copying blob sha256:39e51c61c033442d00c40a30b2a9ed01f40205875fbd8664c50b4dc3e99ad5cf

Copying blob sha256:ee6f71c6f4a82b2afd01f92bdf6be0079364d03020e8a2c569062e1c06d3822b

Copying blob sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3

Copying blob sha256:f2303c6c88653b9a6739d50f611c170b9d97d161c6432409c680f6b46a5f112f

Copying blob sha256:5288d7ad7a7f84bdd19c1e8f0abb8684b5338f3da86fe9ae1d7f0e9bc2de6595

Copying blob sha256:39e51c61c033442d00c40a30b2a9ed01f40205875fbd8664c50b4dc3e99ad5cf

Copying blob sha256:8d6ba530f6489d12676d7f61628427d067243ba4a3a512c3e28813b977cb3b0e

Copying blob sha256:ee6f71c6f4a82b2afd01f92bdf6be0079364d03020e8a2c569062e1c06d3822b

Error: error creating build container: writing blob: storing blob to file "/var/tmp/storage979763649/1": write /var/tmp/storage979763649/1: no space left on device

GitHub to the rescue: -

Hitting "Error committing the finished image" "no space left on device" due to nonoptimized use of disk #3846

and easy to resolve - nuke the Podman machine (VM): -

podman machine rm

The following files will be deleted:


/Users/hayd/.ssh/podman-machine-default

/Users/hayd/.ssh/podman-machine-default.pub

/Users/hayd/.config/containers/podman/machine/qemu/podman-machine-default.ign

/Users/hayd/.local/share/containers/podman/machine/qemu/podman-machine-default_fedora-coreos-34.20210919.2.0-qemu.x86_64.qcow2

/Users/hayd/.config/containers/podman/machine/qemu/podman-machine-default.json



Are you sure you want to continue? [y/N] y

and create a new one: -

podman machine init

and start it: -

podman machine start

and now we're golden: -

docker build -t hello-world:latest -f Dockerfile .

STEP 1/9: FROM nginx:mainline-alpine

Resolving "nginx" using unqualified-search registries (/etc/containers/registries.conf.d/999-podman-machine.conf)

Trying to pull docker.io/library/nginx:mainline-alpine...

Getting image source signatures

Copying blob sha256:f2303c6c88653b9a6739d50f611c170b9d97d161c6432409c680f6b46a5f112f

Copying blob sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3

Copying blob sha256:8d6ba530f6489d12676d7f61628427d067243ba4a3a512c3e28813b977cb3b0e

Copying blob sha256:5288d7ad7a7f84bdd19c1e8f0abb8684b5338f3da86fe9ae1d7f0e9bc2de6595

Copying blob sha256:39e51c61c033442d00c40a30b2a9ed01f40205875fbd8664c50b4dc3e99ad5cf

Copying blob sha256:ee6f71c6f4a82b2afd01f92bdf6be0079364d03020e8a2c569062e1c06d3822b

Copying config sha256:bef258acf10dc257d641c47c3a600c92f87be4b4ce4a5e4752b3eade7533dcd9

Writing manifest to image destination

Storing signatures

STEP 2/9: RUN apk -U upgrade

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz

(1/5) Upgrading busybox (1.34.1-r3 -> 1.34.1-r4)

Executing busybox-1.34.1-r4.post-upgrade

(2/5) Upgrading ca-certificates-bundle (20191127-r7 -> 20211220-r0)

(3/5) Upgrading libcrypto1.1 (1.1.1l-r7 -> 1.1.1l-r8)

(4/5) Upgrading libssl1.1 (1.1.1l-r7 -> 1.1.1l-r8)

(5/5) Upgrading ssl_client (1.34.1-r3 -> 1.34.1-r4)

Executing busybox-1.34.1-r4.trigger

Executing ca-certificates-20211220-r0.trigger

OK: 26 MiB in 42 packages

--> 068ffaec855

STEP 3/9: RUN apk --no-cache upgrade apk-tools

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz

OK: 26 MiB in 42 packages

--> b5be6306f16

STEP 4/9: RUN apk update && apk upgrade && apk --no-cache add openssl

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz

v3.15.0-282-g323523f173 [https://dl-cdn.alpinelinux.org/alpine/v3.15/main]

v3.15.0-283-g26a4fc70a6 [https://dl-cdn.alpinelinux.org/alpine/v3.15/community]

OK: 15857 distinct packages available

OK: 26 MiB in 42 packages

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/main/x86_64/APKINDEX.tar.gz

fetch https://dl-cdn.alpinelinux.org/alpine/v3.15/community/x86_64/APKINDEX.tar.gz

(1/1) Installing openssl (1.1.1l-r8)

Executing busybox-1.34.1-r4.trigger

OK: 26 MiB in 43 packages

--> ebf24d56671

STEP 5/9: RUN rm /etc/nginx/conf.d/*

--> 495424849fd

STEP 6/9: RUN openssl req -subj '/C=GB/O=IBM/CN=david_hay.uk.ibm.com' -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /etc/nginx/nginx.crt -keyout /etc/nginx/nginx.key

Generating a RSA private key

......................................++++

.........++++

writing new private key to '/etc/nginx/nginx.key'

-----

--> 5ce7989df6c

STEP 7/9: ADD nginx.conf /etc/nginx/

--> facfc3c7d2d

STEP 8/9: ADD hello.html /usr/share/nginx/html/index.html

--> 65560b925f2

STEP 9/9: EXPOSE 443

COMMIT hello-world:latest

--> e8c50868858

Successfully tagged localhost/hello-world:latest

e8c508688581ab7c21289d270e821caaa34ed4a7e5e5a1242909ef826005b567

TIL - read-only variables in Linux

 A co-worker was seeing an exception: -  line 8: TMOUT: readonly variable when trying to SCP a file from a remote Linux box. I did some digg...