Skip to main content

· 7 min read
Spark light

remember word

  • taint cordon/uncordon

containerd arch layout

kubernates port useage

portmoduledesc
10250kubeletkubelet api
10248kubelethealth check:healthz
10255kubeletkubelet readonly info api,can use without auth
4194cAdvisor

kubernates extends

kubernates system oper

  • check ## memory section in NotesLinux.md
  • container images list: kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{range .status.images[*]}{"\t"}{.names[0]}{"\n"}{end}{end}'
  • check system memory: cat /proc/meminfo | grep '^(MemFree:|Cached:|Shmem:|Buffers:|SReclaimable|Slab:)'
  • root cgroup check: cat /sys/fs/cgroup/memory.stat| grep '^(cache |rss |inactive_file |active_file |SReclaimable|Slab:)'
  • cgroup memory check
  • alias cgcheck='function cgcheck_fn() (cd /sys/fs/cgroup/$(cat /proc/$(pgrep ${1})/cgroup | sed "s@^[^/]*/@@") && echo pid:$(pgrep ${1}) && pwd && echo "can:cat memory.stat,exit,ls,..." && bash ); cgcheck_fn'
  • cgcreate and use by docker
  • cgcreate -g memory:test-docker-memory
  • docker run --cgroup-parent=/test-docker-memory --net=none -v /root/test_mem:/test -idt --name test --privileged csighub.tencentyun.com/admin/tlinux2.2-bridge-tcloud-underlay:latest
  • systemd sysemd
    • systemctl == systemctl list-units
    • systemctl -t slice
    • systemctl -t service,masked
    • systemctl list-unit-files
    • systemd-cgls
    • systemd-cgtop

  • control-plane-node-communication

    • kubeadm缺省安装的已经设置好了 kubelet_node 通过证书信任 apiserver的client, 也就是这个文档中所的需要配置的地方 #只是新版本部署的anonymous-auth=false,client-ca-file这些配置都按照推荐都放到/var/lib/kubelet/config.yaml文件中了
    • 如下配置让apiserver通过证书信任kubelet节点
    • 生成统一的/etc/kubernetes/pki/kubelet-ca.{crt,key}
    • apiserver --kubelet-certificate-authority /etc/kubernetes/pki/kubelet-ca.crt #
    • 所有的node上的原有的selfsign(/var/lib/kubelet/pki/kubelet.{crt,key})替换为由 /etc/kubernetes/pki/kubelet-ca.{crt,key}签发的新crt,key

  • memory free > echo 3 > /proc/sys/vm/drop_caches && swapoff -a && swapon -a && printf ‘\n%s\n’ ‘Ram-cache and Swap Cleared’

certificate how to

kubeadm certs check-expiration kubeadm certs renew all #verify cert chain openssl verify -CAfile /etc/kubernetes/pki/etcd/{ca.crt,ca.crt,healthcheck-client.crt,peer.crt,server.crt} #etcd-ca openssl verify -CAfile /etc/kubernetes/pki/{front-proxy-ca.crt,front-proxy-ca.crt,front-proxy-client.crt} #front-proxy-ca openssl verify -CAfile /etc/kubernetes/pki/{ca.crt,ca.crt,apiserver.crt,apiserver-kubelet-client.crt} openssl verify -CAfile /var/lib/kubelet/pki/kubelet.crt{,}

control pane certiciate(ca.{crt,key} etcd-ca.{crt,key} front-proxy-ca.{crt,key} sa.key sa.pub)

  • upload to kube secret "kubeadm-certs"
  • upload is temp, will expire in 2 hour. this is use for add more control pane
  • kubeadm init phase upload-certs --upload-certs --certificate-key $(kubeadm certs certificate-key)
  • kubeadm init phase upload-certs --upload-certs #Upload control plane certificates to the kubeadm-certs Secret, and print out certificate-key
  • --certificate-key #define key by user option the encrypt key for uploaded cert. if not define. will auto generate new one and print out
  • can check it by: kubectl -n kube-system get secret kubeadm-certs -o yaml

#regenerate apiserver.crt with new certSANs item #mv /etc/kubernetes/pki/apiserver.{crt,key} /tmp/ kubeadm init phase certs apiserver #this ok for most case kubeadm init phase certs apiserver --config <(kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}'| sed 's@^apiServer:@&\n certSANs:\n - "ctrlpe.local"@')

#check certSAN for apiserver.crt openssl x509 -in=/etc/kubernetes/pki/apiserver.crt -text | grep -A 1 "Subject Alternative Name"

kube-apiserver url acess kubelet
  • kube-apiserver --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
  • --kubelet-certificate-authority=
  • why kubelet serve cert need a certSANs(host list)

openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem echo subjectAltName = IP:worker_node_ip >? hostSANs_file.cnf openssl x509 -req -days 365 -in server.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem -extfile hostSANs_file.cnf

kubernetes debug utils

  • journalctl -xe --unit kubelet
  • kubectl describe nodes
  • kubectl get nodes
  • kubectl -n kube-public get cm cluster-info -o yaml
  • kubectl -n kube-system get cm kubeadm-config -o yaml
  • kubectl cluster-info dump
  • find ip define in kubernetes> grep -r '.[0-9]{1,3}\/[0-9]{1,2}' /var/lib/kubelet/ /etc/kubernetes/ kubectl logs podName | tail -f /var/log/pods/kube-system_coredns-5dd5756b68-5wp4j_456bf805-a764-4874-b168-3c832d21241b/coredns/161.log

install k8s deps

  • systemd service file ref: github:kubespray: *.service.j2
  • let control-pane can get pod task(action like work pane): kubectl taint nodes nodeName1 node-role.kubernetes.io/control-plane:NoSchedule-

install k8s

install k8s network plan

  • pod ip range need be diff form service ip range
    • --pod-network-cidr @ kubeadm init --help
      • podSubnet @/etc/kubernetes/kubeadm-config.yaml
      • cluster-cidr: @/etc/kubernetes/kubeadm-config.yaml
      • clusterCIDR @/etc/kubernetes/kubeadm-config.yaml
    • --service-cidr @ kubeadm init --help #(default "10.96.0.0/12")
      • serviceSubnet @/etc/kubernetes/kubeadm-config.yaml
      • serviceSubnet @kubectl -n kube-system get cm kubeadm-config -o yaml
      • --service-cluster-ip-range @/etc/kubernetes/manifests/kube-apiserver.yaml

mkdir -p -m 755 /etc/apt/keyrings sudo apt-get update sudo apt-get install -y apt-transport-https ca-certificates curl curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl sudo apt-mark hold kubelet kubeadm kubectl systemctl stop kubelet

config file list(ls /var/lib/kubelet/ /etc/kubernetes/manifests/ /etc/kubernetes /etc/cni/net.d/)

/etc/kubernetes:
admin.conf  calico-crb.yml  controller-manager.conf  kubeadm-config.yaml  manifests
calico-ipamconfig.yml  kubeadm-images.yaml  kubelet.env  node-crb.yml  ssl
calico-config.yml  calico-node-sa.yml  k8s-cluster-critical-pc.yml  kubelet-config.yaml  kubernetes-services-endpoint.yml  pki  tmp
calico-cr.yml  calico-node.yml  kdd-crds.yml  kubelet.conf  kubescheduler-config.yaml  scheduler.conf

/etc/kubernetes/manifests/:
etcd.yaml  kube-apiserver.yaml  kube-controller-manager.yaml  kube-scheduler.yaml

/var/lib/kubelet/:
config.yaml  cpu_manager_state  device-plugins  kubeadm-flags.env  memory_manager_state  pki  plugins  plugins_registry  pod-resources  pods

/etc/cni/net.d/:
10-calico.conflist  calico-kubeconfig  calico.conflist.template  nerdctl-bridge.conflist  nerdctl-dkfile_default.conflist  nerdctl-prometheus-pushgateway_default.conflist  nerdctl-rtorrent_default.conflist

cat /etc/cni/net.d/10-containerd-net.conflist { "cniVersion": "1.0.0", "name": "containerd-net", "plugins": [ { "type": "bridge", "bridge": "cni0", "isGateway": true, "ipMasq": true, "promiscMode": true, "ipam": { "type": "host-local", "ranges": [ [{ "subnet": "10.244.0.0/16" }], [{ "subnet": "2001:4860:4860::/64" }] ], "routes": [ { "dst": "0.0.0.0/0" }, { "dst": "::/0" } ] } }, { "type": "portmap", "capabilities": {"portMappings": true} } ] }

  • grep -r 'kind: .' /etc/kubernetes/ | sort | uniq
/etc/kubernetes/admin.conf:kind: Config
/etc/kubernetes/calico-config.yml:kind: ConfigMap
/etc/kubernetes/calico-cr.yml:kind: ClusterRole
/etc/kubernetes/calico-crb.yml:  kind: ClusterRole
/etc/kubernetes/calico-crb.yml:- kind: ServiceAccount
/etc/kubernetes/calico-crb.yml:kind: ClusterRoleBinding
/etc/kubernetes/calico-ipamconfig.yml:kind: IPAMConfig
/etc/kubernetes/calico-node-sa.yml:kind: ServiceAccount
/etc/kubernetes/calico-node.yml:kind: DaemonSet
/etc/kubernetes/controller-manager.conf:kind: Config
/etc/kubernetes/k8s-cluster-critical-pc.yml:kind: PriorityClass
/etc/kubernetes/kdd-crds.yml:    kind: ""
/etc/kubernetes/kdd-crds.yml:    kind: BGPConfiguration
/etc/kubernetes/kdd-crds.yml:    kind: BGPPeer
/etc/kubernetes/kdd-crds.yml:    kind: BlockAffinity
/etc/kubernetes/kdd-crds.yml:    kind: CalicoNodeStatus
/etc/kubernetes/kdd-crds.yml:    kind: ClusterInformation
/etc/kubernetes/kdd-crds.yml:    kind: FelixConfiguration
/etc/kubernetes/kdd-crds.yml:    kind: GlobalNetworkPolicy
/etc/kubernetes/kdd-crds.yml:    kind: GlobalNetworkSet
/etc/kubernetes/kdd-crds.yml:    kind: HostEndpoint
/etc/kubernetes/kdd-crds.yml:    kind: IPAMBlock
/etc/kubernetes/kdd-crds.yml:    kind: IPAMConfig
/etc/kubernetes/kdd-crds.yml:    kind: IPAMHandle
/etc/kubernetes/kdd-crds.yml:    kind: IPPool
/etc/kubernetes/kdd-crds.yml:    kind: IPReservation
/etc/kubernetes/kdd-crds.yml:    kind: KubeControllersConfiguration
/etc/kubernetes/kdd-crds.yml:    kind: NetworkPolicy
/etc/kubernetes/kdd-crds.yml:    kind: NetworkSet
/etc/kubernetes/kdd-crds.yml:kind: CustomResourceDefinition
/etc/kubernetes/kubeadm-config.yaml:kind: ClusterConfiguration
/etc/kubernetes/kubeadm-config.yaml:kind: InitConfiguration
/etc/kubernetes/kubeadm-config.yaml:kind: KubeProxyConfiguration
/etc/kubernetes/kubeadm-config.yaml:kind: KubeletConfiguration
/etc/kubernetes/kubeadm-images.yaml:kind: ClusterConfiguration
/etc/kubernetes/kubeadm-images.yaml:kind: InitConfiguration
/etc/kubernetes/kubelet-config.yaml:kind: KubeletConfiguration
/etc/kubernetes/kubelet.conf:kind: Config
/etc/kubernetes/kubernetes-services-endpoint.yml:kind: ConfigMap
/etc/kubernetes/kubescheduler-config.yaml:kind: KubeSchedulerConfiguration
/etc/kubernetes/manifests/etcd.yaml:kind: Pod
/etc/kubernetes/manifests/kube-apiserver.yaml:kind: Pod
/etc/kubernetes/manifests/kube-controller-manager.yaml:kind: Pod
/etc/kubernetes/manifests/kube-scheduler.yaml:kind: Pod
/etc/kubernetes/node-crb.yml:  kind: ClusterRole
/etc/kubernetes/node-crb.yml:  kind: Group
/etc/kubernetes/node-crb.yml:kind: ClusterRoleBinding
/etc/kubernetes/scheduler.conf:kind: Config
  • kubectl get cm -n kube-system
coredns
extension-apiserver-authentication
kube-apiserver-legacy-service-account-token-tracking
kube-proxy #KubeProxyConfiguration
kube-root-ca.crt
kubeadm-config #ClusterConfiguration
kubelet-config #KubeletConfiguration

kubectl

  • kubectl [get|describe|edit|set resources] (pods,rc,services,cm,deployments,rs,runtimeclass|lease) -A

kubelet_reconfig

  • to learn more
  • kubectl edit cm -n kube-system kubelet-config
  • /var/lib/kubelet/config.yaml
  • systemctl restart kubelet

k8s usage

kubectl apply -f https://kubernetes.io/examples/controllers/frontend.yaml kubectl apply -f https://k8s.io/examples/admin/dns/dnsutils.yaml kubectl apply -f https://kubernetes.io/examples/pods/pod-rs.yaml kubectl apply -f https://k8s.io/examples/controllers/nginx-deployment.yaml

k8s config detail

  • kubeadm config(k8s_init_cfg&k8s_cluster_cfg helper)

    • kubeadm config images list(use k8s_init_cfg gen k8s_cluster_cfg and get docker images(need use) list print out)
    • kubeadm config images pull
    • kubeadm config print [init-defefault|join-defaults|reset-default]

  • kubeadm kubeconfig(kube_access_cfg helper)

  • kube_access_cfg(--kubeconfig): include info(CACert,APIServer,ClientName,TokenAuth,ClientCertAuth)

    • load kube_access_cfg: kubeadm&kubectl default load it from: ~/.kube/config or /etc/kubernates/admin.conf
    • save kube_access_cfg when boot init: kubeadm init will generate /etc/kubernates/admin.conf at 'phase kubeconfig', reference kubeadm init -h
    • send&cp /etc/kubernates/admin.conf to some user's ~/.kube/config, will give full acesss the k8s cluster to this user
    • generate kube_access_cfg(with limit acesss& validity-perio) print to stdout by cmd: kubeadm kubeconfig user [--config k8s_cluster_cfg.yml]
    • (kubeadm config|kubeadm upgrade|...) can use --kubeconfig kube_access_cfg.yml option to load kube_access_cfg

  • k8s_init_cfg(--config):

    • show default k8s_init_cfg: kubeadm config print init-defaults
    • save default k8s_init_cfg: kubeadm config print init-defaults > k8s_init_cfg.yml
    • on other machine k8s init by: kubeadm init --config k8s_init_cfg.yml
    • 'kubeadm init' == 'kubeadm init --config <(kubeadm config print init-defaults)', but you can edit output of 'kubeadm config print init-defaults' for custom init

  • k8s_cluster_cfg:

    • show current k8s_cluster_cfg: kubectl describe -n kube-system cm kubeadm-config

  • kubelet config:

    • [kubeadm init|join|upgrade] will write KubeletConfiguration to file /var/lib/kubelet/config.yaml and passing it to the local node kubelet #ref
    • kubelet all node update: ref: Update the cgroup driver on all nodes
    • kubectl drain [node-name] --ignore-daemonsets
    • kubectl uncordon [node-name]

· 2 min read
Spark light

important

all

debian(linux)

ip route add 0/0 via 192.168.1.1 route add 10.2.100.0 mask 255.255.255.0 192.168.2.230 #/usr/sbin/ip -6 addr add '2402:4e00:1701:ea00:0:98f9:46b2:d3d3/64' dev eth0 #/usr/sbin/ip -6 route add default via 2402:4e00:1701:ea00::0 dev eth0

busybox(openwrt, alpine)

  • openwrt: iproute == ip route

iproute del local $IPV6ADDR dev eth0 iproute add local $IPV6ADDR dev eth0 route add -net 10.0.0.0/8 dev eth0.2 gw 192.168.2.6 route del default route delete -net 45.78.6.36 netmask 255.255.255.255 route add default gw 192.168.1.1 route add default gw 192.168.1.1 dev br-lan route add default dev wireguard

macosx

  • show netstat -nr
-n:(show ip or show name)
sudo route -n delete -net 0.0.0.0
sudo route -n add -net 0.0.0.0 192.168.1.1
sudo route -n add -net 0.0.0.0 192.168.123.198
sudo route -n add -net 10.2.100.0 192.168.2.230  255.255.255.0
sudo route -n delete -net 10.2.100.0

win

ipconfig /flushdns

others

ifconfig eth0 192.168.1.67/24 echo "nameserver 61.139.2.69" > /etc/resolv.conf

· 3 min read
Spark light

telecom (abbreviation/ acronym/ initialism )

  • RAN: Radio Access Network
  • UE:User Equipment //mobile phone
  • Node B:Radio base station
  • gNB:(Next Generation NodeB) //5g Base Station
  • eNB: //Base Station
  • NR: New Radio //5G radio interface between UE&gNB
  • 5GCN:5G core network
  • EPC:Evolved Packet Core //4G LTE core network
  • UPF - User Plane Function
  • GTP(GPRS Tunnelling Protocol) //https://github.com/free5gc/gtp5g
  • AMF:Access and Mobility Management
  • 3GPP:the Third-Generation Partnership Project //telecom stardard orgnazation
  • PLMN Identity(Mobile Country Code (MCC), Mobile Network Code (MNC) and a cell ID)
  • mobile identity (IMSI)

telcom abbrev map

GenerationRadio TechnologyBase Station Name
2GGSMBTS (Base Transceiver Station)
3GUMTSNodeB
4GLTEeNB, Evolved NodeB
5GNR:New RadiogNB, Next Generation NodeB

aritech view

Spectrum usage & feature

  • ref http://anisimoff.org/eng/5g/5g_overview.html
  • Low-frequency bands <3GHz 带宽低于20MHz, 长距离覆盖,稳定,低带宽
  • Medium-frequency bands (3-6Ghz)cmW 厘米波 用多天线传输提高覆盖面 高带宽200MHz 5G的主要使用频段
  • high-frequency bands,(6-24Ghz) mmW 毫米波,也是wifi使用的波段,5G也开始使用
  • Massive MIMO and Beamforming()
  • Diversity(frequency diversity) 单天线对,多频同传,不是所有频段都受到干扰,提高传输成功率 //Frequency diversity employs a single transmit/receive antenna pair, but operating at two or more widely spaced carrier frequencies.
  • Spatial Multiplexing 空间复用, 多数据流复用同一通道
  • Directivity (beamforming) 方向性波束,多天线服务不同方向互补干扰,提高覆盖率和抗干扰能力
  • SIM aes128 MILENAGE

Secret & Auth

opensource

· One min read
Spark light

Mean and average

The mean most commonly refers to the arithmetic mean, but may refer to some other form of mean, such as harmonic or geometric (see the Wikipedia article). Thus, when used without qualification, I think most people would assume that "mean" refers to the arithmetic mean.
Average has many meanings, some of which are much less mathematical than the term "mean". Even within the context of numerical summaries, "average" can refer to a broad range of measures of central tendency.
Thus, the arithmetic mean is one type of average. Arguably, when used without qualification the average of a numeric variable often is meant to refer to the arithmetic mean.

· One min read
Spark light

support ipv6 china

http://cp.cloudflare.com/generate_204
https://img.alicdn.com/a 
https://img.alicdn.com/b 
https://img.alicdn.com/c 
https://img.alicdn.com/d
https://img.alicdn.com/e
https://img.alicdn.com/generate_204
https://img.alicdn.com/test #response.body == test

china

https://i.ytimg.com/generate_204
https://connectivitycheck.platform.hicloud.com/generate_204
https://connectivitycheck.platform.hihonorcloud.com/generate_204
http://wifi.vivo.com.cn/generate_204
http://connectivitycheck.cbg-app.huawei.com/generate_204
http://connect.rom.miui.com/generate_204


https://www.google.com/gen_204
https://www.google.com/generate_204
https://www.v2ex.com/generate_204
http://www.qualcomm.cn/generate_204
http://www.gstatic.com/generate_204
http://clients3.google.com/generate_204
http://www.apple.com/library/test/success
http://connectivitycheck.android.com/generate_204
http://connectivitycheck.gstatic.com/generate_204
http://fireoscaptiveportal.com/generate_204
http://freetimecaptiveportal.com/generate_204
http://gateway.zscalerthree.net/generate_204
http://gateway.zscloud.net/generate_204
http://g.cn/generate_204
http://play.googleapis.com/generate_204
http://speedtest-global.spatialbuzz.net/generate_204
http://tabletcaptiveportal.com/generate_204
http://www.google.cn/generate_204
http://www.msftncsi.com/ncsi.txt
http://captive.roku.com/ok
http://www.appleiphonecell.com
http://captive.apple.com
http://detectportal.firefox.com/success.txt
http://www.msftconnecttest.com/connecttest.txt
http://www.youtube.com/generate_204
https://translate.google.cn/generate_204

big file download test

https://gw.alicdn.com/bao/uploaded/LB1bC41LVXXXXcGXFXXXXXXXXXX.mp4
http://steamusercontent-a.akamaihd.net/rangecheck   2M
https://cdn.akamai.steamstatic.com/steam/apps/5952/movie_max.webm
https://cdn.cloudflare.steamstatic.com/steam/apps/5952/movie_max.webm

· 2 min read
Spark light

refs site

To remember

  • one-hot encoding
  • torch.nn.Liner
  • torch.nn.Embedding
torch.tensor([[1,2,4,5]])
weights = torch.rand(10, 3)
net = torch.nn.liner(10,2)
print(net,net.h)
torch.mm

AI > machine learning > deep learning

pytorch.nn.Embedding

理解Epoch, Batch, and Mini-batch

  • Gradient Descent
  • Batch Gradient Descent
  • Stochastic Gradient Descent
  • Mini-Batch Gradient Descent
  • 比如有个2000个sample
  • 将2000个sample整体 一次性输入 (input net train&backward feedback) 就是Batch Gradient Descent
  • 2000个数据one by one共2000次分别(input net train&backward feedback) 就是 stochastic gradient descent
  • 2000个数据份 n组 每组2000/n个sample(input net train&backward feedback) 就是Mini-Batch Gradient Descent
  • 上面三个方式,一次整体sample train完称为一个epoch
  • 要经过多次epoch才能达到(Gradient Descent)剃度下降效果

similarity相似度 | diversity index多样性指数

  • Cosine similarity #向量i和j之间的向量夹角大小 越小越相似
  • Pearson Correlation Coefficient(皮尔逊相关系数) #与余弦相似度相比,加入了用户平均分对各独立评分进行修正,减小了用户评分偏置的影响
  • Euclidean Distance #m维空间中两点之间的距离
  • Jaccard Index(Jaccard similarity coefficient) #两个集合A和B的交集在其二者的并集中所占的比例
  • Jaccard Distance #两个集合中不同元素占所有元素的比例来衡量两个集合的区分度

· One min read
Spark light

CommonJS vs (ESModules)

moduleCommonJSESModules
in/outrequire(),module.exports={....}import/export
ref vs copycjs module.exports的是值得拷贝ESM export的是值引用
html use<script src=""></><script type=module src=""></>
加载运行时加载编译时加载.先加载在执行(es2020 提案引入import())
import namerequire("module")import "module.js" 需要ext名
  • ESModules import必须要带ext后缀的决策考虑: ESModules设计为可以用在浏览器上,浏览器import加载http server后端时没有后缀,只能盲猜后缀或多次请求.js,.mjs等后缀, 带来极差的用户体验
  • .ts编译为.js后 所有import "module" 修改为了 import "module.js"

https://www.typescriptlang.org/tsconfig#target

check point: package.json: "type":"module" #define as ESModules tsconfig: "compilerOptions.module": "commonjs|Node16|ES6", # tsconfig: "compilerOptions.target":"ESNext|es2017|ES6", # filename .cjs CommonJS, .js esmodule

workable match:

package.json(no type:module) tsconfig.compilerOptions.module = commonjs tsconfig.compilerOptions.target = es2017

· 2 min read
Spark light
import * as allsupertest from 'supertest'; //import all as new js collection obj
import request from 'supertest'; //import the default 
import { Test, Agent } from 'supertest'

tsconfig("esModuleInterop": true) , will let allsupertest() function call build error, it should avoid use still style call

tsc: package.main="dist/index.js" tsocnfig.compilerOptions.outDir="./dist/" 时tsc默认人文dist也是源码目录 dist=>dist build会报错 tsc目标文件覆盖源文件错误. 额外加上package.types=""dist/indx.d.ts", 就可以避免tsc吧 dist目录当作源码, 通过tsocnfig.exclude无法排除掉这个场景下的dist/目录,exlude只排除include匹配到的项目,这个官方文档描述清楚了

vscode识别tsconfig文件名模式:tsconfig.*.json 其他tsconfig-xxx.json匹配解析

yarn plugin import typescript 会在.yarnrc.yml中记录plugin并下载plugin到 .yarn/plugins/到. 如果后续删除.yarn目录但是不清理.yarnrc.yml中的plugin条目。后续任何yarn命令将报plugin加载错误。策略:不删除.yarn目录 只删除.yarn/cache目录. 或 yarn cache clean

typescript build

tsc -p tsconfig.json #build single tsconfig.json (not use reference define in tsconfig.json) tsc -b tsconfig.json "declarationMap": true, 当ts源码 的mod1 import mod2时。如果mod2的ts的rootDir不和package.json在同一级目录。而在./src等子目录下时候 vscode不code intelli 不work。需要declarationMap:true 通过编译输出的map文件来辅助code intellli

· 2 min read
Spark light

参考文章

DNS TERM

  • RRSet (Resource Record Set) Resource Record group
  • DNSSEC(Domain Name System Security Extensions)(域名查询结果签名机制,防止伪造 串改) ref RR record(DNSKEY,DS,RRSIG,NSEC)
  • DNSSEC: ref:https://medium.com/iocscan/how-dnssec-works-9c652257be0
  • TLD,TLDN(top level domain), like:(.com,.cn)
  • SLD,2LD(second level domain), like:(googl.com,china.cn)

Master files?

$ORIGIN Directive, #define set current domain to a domain, 后续的各种RR记录都是相对于此domain的 $ORIGIN uk.example.com. @ | domain.com. #(apex record)(naked domains)(the current domain)(the current $origin)

  • IN A 222.222.222.222 #(any undefined domain,泛域名与泛解析)

RR (Resouce Record) TYPE ref

A (ipv4)
AAAA (ipv6)
CNAME (alias)
TXT(任意文本备注)
NS(authoritative name server list)  nslookup -type=ns test.com
SOA(Start Of authority), the very(first) importent one in NS list(name server).
HINFO(host information)
SRV(record for microsoft active directory)
PTR (ip -> domain query)    nslookup -q=ptr 8.8.8.8
MX(mail exchange)
DNSKEY()contains the public signing key
DS(Delegation Signer),contains the hash of DNSKEY
RRSIG(resource record signature)contains the cryptographic signature for an associated record set
NSEC()contains a denial-of-existence record

RR (Resouce Record) Class

  • IN,1 the Internet
  • CS 2 the CSNET class (Obsolete)
  • CH 3 the CHAOS class
  • HS 4 Hesiod [Dyer 87]

nslookup

8.8.8.8
8.8.4.4
223.5.5.5
223.6.6.6
119.29.29.29

DOH(DNS over http)

x# https://dns.google/dns-query
https://doh.pub/dns-query
https://dns.alidns.com/dns-query
x# https://cloudflare-dns.com/dns-query
x# https://doh.dns.sb/dns-query
https://doh.sb/dns-query
https://45.11.45.11/dns-query
https://185.222.222.222/dns-query
x# https://dns.twnic.tw/dns-query

DOT(dns over tls)

tls://8.8.4.4:853
tls://162.14.21.56  #tls_auth_name dot.pub
tls://162.14.21.178 #tls_auth_name dot.pub
tls://223.5.5.5     #tls_auth_name dns.alidns.com
tls://223.6.6.6     #tls_auth_name dns.alidns.com

· One min read
Spark light
lsmod | grep ipv6
sysctl -a | grep ipv6
modprobe ipv6
modinfo ipv6
ip -6 a show
cat /etc/network/interfaces
ifreload -a
ping6 www.qq.com
ping -6 www.qq.com
dig -6 TXT +short o-o.myaddr.l.google.com @ns1.google.com
curl -I -6 https://www.qq.com
wget -6 https://www.qq.com

ifdown $IFACE
ifup $IFACE
systemctl restart networking
find /lib/modules/$(uname -r) -type f -name ipv6.ko

pve support ipv6 only need this cfg

cat /etc/sysctl.d/98.ipv6.conf
net.ipv6.conf.all.accept_ra=2
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.use_tempaddr=2
net.ipv6.conf.vmbr0.accept_ra = 2
EOF
systemctl restart networking

below cfg is not need, but still can leave for referenece

~~echo ipv6 >>  /etc/modules-load.d/ipv6.conf~~  #ipv6 is build in kernel, ifconfig output has inet6,ipv6 already loaded
~~echo "source /etc/network/interfaces.d/*" >> /etc/network/interfaces~~
~~cat <<EOF > /etc/network/interfaces.d/ipv6~~
~~iface vmbr0 inet6 auto~~
~~  dhcp 1~~
~~iface vmbr0 inet6 dhcp~~
~~  request_prefix 1~~
~~iface vmbr0 inet6 manual~~
~~ up dhclient -6 vmbr0~~
~~EOF~~
~~/etc/init.d/networking restart #this not work, /etc/init.d/networking file miss~~

#iface vmbr0 inet6 auto> auto vs dhcp :https://superuser.com/questions/630275/cannot-get-an-ipv6-address-on-debian ##auto is for SLAAC (stateless autoconfiguration #https://forum.proxmox.com/threads/proxmox-host-ipv6-dhcp-not-working.85565/ #https://www.hpc.mil/program-areas/networking-overview/2013-10-03-17-24-38/ipv6-knowledge-base-ip-transport/enabling-ipv6-in-debian-and-ubuntu-linux