wiki/docs/sysop.md

83 lines
2.3 KiB
Markdown
Raw Normal View History

2020-11-04 22:35:10 +01:00
# Sysop
## Prometheus
### Reload config
:::shell
curl -X POST -u simon:$(pass sbruder.de/prometheus|head -n1) https://prometheus.sbruder.de/-/reload
### Remove certain time range from Prometheus
Requires [TSDB Admin APIs to be
enabled](https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis)
(`--web.enable-admin-api`)
:::shell
curl -u user:pass -X POST -g 'https://prometheus-endpoint/api/v1/admin/tsdb/delete_series?match[]=metric{label="foo"}&start=TIMESTAMP&end=TIMESTAMP
2021-04-02 17:43:22 +02:00
### Add synthetic alert to alertmanager
:::javascript
await fetch("/alertmanager/api/v1/alerts", {method: "POST", body: JSON.stringify([{ "labels": {"alertname": "testalert"}, "annotations": { "description": "manual test alert"}}])})
2020-11-04 22:35:10 +01:00
## OpenSSL
### Get certificate expiry date
:::shell
openssl s_client -connect hostname:443 2>& /dev/null <<< '' | openssl x509 -noout -dates
# starttls
openssl s_client -connect hostname:587 -starttls smtp 2>& /dev/null <<< '' | openssl x509 -noout -dates
## Docker
### List images by size
:::shell
docker image ls --format "table {{.Size}}\t{{.Repository}}:{{.Tag}}\t{{.ID}}"|sort -h
### Enable IPv6 NAT
Makes no sense on first and second thought, but after a while it seems like the
right thing.
`/etc/docker/daemon.json`:
:::json
{
"ipv6": true,
"fixed-cidr-v6": "fd00:d0ce:d0ce:d0ce::/64"
}
<!--
This is the right way, but since I did not get `netfilter-persistent` to work,
I have to use iptables.
:::shell
nft add table ip6 nat
nft add chain ip6 nat postrouting \{ type nat hook postrouting priority 100 \; \}
nft add rule ip6 nat postrouting ip6 saddr fd00:d0ce:d0ce:d0ce::/64 masquerade
-->
:::shell
ip6tables -t nat -A POSTROUTING -s fd00:d0ce:d0ce:d0ce::/64 -j MASQUERADE
ip6tables-save > /etc/iptables/rules.v6
Publishing a port will still use the userland proxy. If you do not want this,
have a look at <https://github.com/robbertkl/docker-ipv6nat>.
:::shell
docker run -d --restart=always -v /var/run/docker.sock:/var/run/docker.sock:ro --cap-drop=ALL --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_MODULE --net=host robbertkl/ipv6nat
## Misc
### Add swap file
:::shell
fallocate -l 1G /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile