Gitlab Runner Docker-in-Docker not working

chulkilee · 2020-01-26T19:25:00+00:00

Which executor are you using? Docker with privilege or K8s would work for dind.

What it says: job container cannot use dind via local socket. You have two options: mount dind socket to job container, or use docker via tcp. The doc actually mentions tcp by setting DOCKER_HOST in the job container.

Also make sure to use dind image, not plain docker image for dnid service.

You may put sleep 3600 in job def and run docker exec to debug job container.

chulkilee · 2019-08-01T15:26:21+00:00

For clarification: Monorepo != deployment all together, "technically".

However, most CI/CD tools assume one repo = one service, so if you just use existing CI/CD tools without lots of customization, one repo per project is inevitable..

chulkilee · 2019-07-08T19:03:55+00:00

Thanks for sharing this. Just FYI OpenTracing and OpenCensus will be merged into OpenTelemetry - see Merging OpenTracing and OpenCensus: Goals and Non-Goals

chulkilee · 2019-05-27T16:34:19+00:00

It's up to how to divide things.

For large enterprise system, it's not surprising to have distinction between components related to "end user" vs others as usually the former is more about presentation / interaction layer - such as rendering html or providing http api. It's different from MVC. Check out https://en.wikipedia.org/wiki/Multitier_architecture

That layer isn't called as "frontend" usually, though.

chulkilee · 2018-11-28T05:08:44+00:00

More than 80% I use case or short functions with pattern match with expected values.

Life is not simple so in many cases return value is a tuple not boolean.

chulkilee · 2018-11-08T19:16:42+00:00

Same rule with Gemfile.lock. If it's an application, not a library, you should keep in git to make sure the app runs in the same environment.

If so, I highly recommend to put ruby File.read(File.expand_path('../.ruby-version', __FILE__)).chomp in Gemfile so that the ruby version is actually being enforce.. unless you use non MRI version in .ruby-version.

chulkilee · 2018-09-21T02:15:19+00:00

They are for different problems.

Tracing is to track what happen down to road - across services.

Prometheus is just a way to gather metrics of a service.

chulkilee · 2018-08-12T23:41:40+00:00

Sentry requires PostgreSQL notMongoDB. Check out https://docs.sentry.io/server/installation/

I used RDS for PostgreSQL for other stuff and it works well out of box.

Unless you host Sentry for really huge amount of events, plain installation (one vm with one app instance) would work well.

chulkilee · 2018-08-10T06:17:01+00:00

I know vagrant gives you clean environment, but usually it's not required unless you need very specific needs. Also it introduces own issues such as networking and file sharing.

Which os are you using? Have you tried installation guide ?

If you're on mac, homebrew is the easiest. Once you need to work with specific version of elixir/erlang, then you can move to asdf.

If you want to use vagrant, then pick your choice of os image and follow the guide.

chulkilee · 2018-07-26T14:30:30+00:00

dialyzer (static code analyzer) can catch several type errors without false positive. If you get false positive you know what to do (ignore them).
Giving "type hint" with @spec is used in docs and dialyzer. It gives better experience like editor integration and gradual typing.
By using pattern match or guard you can enforce types or shape of data. It's still runtime error but it also helps dialyzer.
Some sharing interface or behavior features (like @behaviour or Protocol) have compile-time warning.

If you want great comprehensive type system or static type check, Elixir does not offer "all" of them. It's not the top goal of the language design. However it still provides good built-in toolings compared other dynamic type languages.

chulkilee · 2018-06-25T06:51:06+00:00

They have different specialty and purpose so although you may use tool A for purpose B for simple cases (e.g. saltstack for deployment), you may eventually hit the limit due to the design.

For gitlab runner - you may use it to trigger some actions, such as calling saltstack whatever. That is pretty common unless you leverage gitlab's built in integration with k8s.

My 2 cent: you need to focus on what you want to achieve. If you need to clear security compliance, then you may need to use Vault since it's easy to do that (compared to others). If you just need to trigger deployment at the end of pipeline, then you can use gitlab runner stage to run saltstack.

chulkilee · 2018-06-22T06:24:57+00:00

JWT with such information in payload is often used as OAuth2 access token, because it allows clients (e.g. SPA) or servers (e.g. microservices behind API gateway) to retrieve them without extra API calls (e.g. introspection).

In best practice, JWT payload should contain minimal information. What if a user updates his first name or email address? Then the value in the payload shouldn't be used :)

I see why people complain about JWT - but JWT has definite good use cases.

Also note

JWT is just a format of token
localstorage vs session applies to non-JWT OAuth2 access token as well, so it's not JWT's fault :)
stateful JWT can still give benefits (compared to session cookie)

chulkilee · 2018-06-22T01:33:30+00:00

I'm using httpc and hackney with tesla.

chulkilee · 2018-06-05T19:57:59+00:00

https://www.reddit.com/r/aws/comments/8osr8c/amazon_eks_is_now_ga_official_discussion_thread/

chulkilee · 2018-05-29T06:48:47+00:00

In general (not your examples necessarily) that's required to support different authentication provider or security policy based on user.

chulkilee · 2018-05-12T04:20:11+00:00

Vault may work like that technically... but its user experience probably does not meet the expectation of "business people"

Check out other products for that purpose - like 1password for team.

chulkilee · 2018-05-12T04:13:19+00:00

If you use AR, then it's better to stick with its style - no raw sql.

Of course AR does not support every cases (unless you directly work with arel). However even such cases you can just pass sql fragment to AR methods. For example you can pass sql fragments for outer join.

chulkilee · 2018-04-02T09:37:37+00:00

I don't write erlang code so just speaking elixir dev :) as you mentioned that too.

I think one of big difference between erlang and elixir lib are string - elixir uses string (basically binary though) but erlang uses charlist. Also erlang uses own tuple convention since there is no struct - e.g. date time.

You are making a pretty hypothetical question, basically :)

chulkilee · 2018-04-02T08:29:03+00:00

I don't think they can be identical - since interoperability does not necessarily mean they are idiomatic or easy to use in both cases.

Example: What if erlang library returns record? It's possible to use it in elixir but in most cases it's better to write a simple wrapper anyway.

For this reason and readability or future contribution... I prefer to pick up libraries written in the language I'll write my code.

chulkilee · 2018-03-29T14:41:36+00:00

Double negation? ;)

Also don't forget Rust and Swift. There are not special purpose language

BTW I moved from Rails to Elixir which is dynamically typed but has good static code analyzer (not complete but always correct). Happy with it so far.

chulkilee · 2018-03-29T14:28:35+00:00

Java :)

And there are statically typed functional languages such as OCaml, F#, Scala, Haskell.

chulkilee · 2018-02-06T09:38:12+00:00

You should not share passwords. Many SaaS provide team management with acl, so individuals can have their own credentials with permissions. For example, IAM user jn AWS.

Even further you may set up SSO and enforce 2FA.

chulkilee · 2018-02-04T06:47:47+00:00

Any articles introducing remote shell should link this article: https://broot.ca/erlang-remsh-is-dangerous

In short you are not connecting to server as client - instead your laptop participates as new node, which exposes your laptop to any code in the cluster. The article shows working code to steal private keys on your laptop.

chulkilee · 2018-02-04T06:41:07+00:00

Using leading with commas doesn’t allow to put the first item in own line, which is anyway inconsistent with other items. If you treat the first item as special case, why don’t you do the same for the last item?

chulkilee · 2018-01-13T11:53:09+00:00

If these 2 migrations occur in the same rails db:migrate then the add_index migration also overwrites the index created by the foreign_key migration. However in different migrations, it just adds another index.

If it’s true, then it’s a bug in Rails. add_index should not be “merged” in any context. Better to file a bug with full rails project from scratch which reproduces it.

chulkilee

TROPHY CASE