From b307e05e524fb9a59bd8b8a41fc20a678d6dc03f Mon Sep 17 00:00:00 2001
From: Lukas Vacula <lvacula@telesystem.us>
Date: Tue, 28 Nov 2023 10:20:03 -0500
Subject: [PATCH] init

---
 .gitignore                            |   1 +
 README.md                             |   7 +
 gen-weeknote.md                       |   4 +
 programming/functional-programming.md |  14 ++
 progress.md                           |  45 ++++++
 sysadmin/docker.md                    |   8 +
 sysadmin/jenkins.md                   |  20 +++
 sysadmin/kickstart.md                 |  34 +++++
 sysadmin/podman.md                    | 208 ++++++++++++++++++++++++++
 weeknotes/2023-42.md                  |  15 ++
 10 files changed, 356 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 gen-weeknote.md
 create mode 100644 programming/functional-programming.md
 create mode 100644 progress.md
 create mode 100644 sysadmin/docker.md
 create mode 100644 sysadmin/jenkins.md
 create mode 100644 sysadmin/kickstart.md
 create mode 100644 sysadmin/podman.md
 create mode 100644 weeknotes/2023-42.md

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1377554
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.swp
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..5e962b5
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+# knowledge
+
+Experimental knowledgebase. 
+
+Uses standard markdown or .txt formatting.
+
+`#tag#` for tagging
diff --git a/gen-weeknote.md b/gen-weeknote.md
new file mode 100644
index 0000000..4e4909c
--- /dev/null
+++ b/gen-weeknote.md
@@ -0,0 +1,4 @@
+if ! test -f weeknotes/$(date +%Y-%V).md; then 
+	echo -e "# $(date +%Y-%V)\n" >> weeknotes/$(date +%Y-%V).md
+fi
+vi weeknotes/$(date +%Y-%V).md -c "$"
diff --git a/programming/functional-programming.md b/programming/functional-programming.md
new file mode 100644
index 0000000..01f1f7c
--- /dev/null
+++ b/programming/functional-programming.md
@@ -0,0 +1,14 @@
+# Functional Programming
+
+## Common and Useful Functions
+(syntax is scala, search for Rust/Python equivalents)
+
+### Lists
+- `flatten` : turn a list of lists into a singular, flat list
+- `map` : turn a list of objects into a list of a certain attribute of all of the objects
+- `flatmap` : map an object, then flatten the resulting list of lists
+- `filter` : filter a list of objects by an attribute
+
+
+## Sources
+- Grokking Functional Programming by Michal Plachta
diff --git a/progress.md b/progress.md
new file mode 100644
index 0000000..08f9ad2
--- /dev/null
+++ b/progress.md
@@ -0,0 +1,45 @@
+# Things to Improve
+
+## Art
+### Why
+I want to be able to create things.
+### How
+- Practice drawing
+- Follow Proko class
+	- High value, but high time commitment
+- Idle sketching
+
+## Programming
+### Why
+Useful skill that can improve job prospects. 
+### How
+- leetcode
+- programming projects
+	- need inspiration
+- Read books
+- Writing for blog
+
+## Sysadmin
+### Why
+*Very* useful for career, and helps improve other areas of life (via homelab stuff).
+### How
+- Homelab
+	- Ansible
+	- New services
+- Reading
+	- Anki
+- Writing for blog
+
+## Health
+### Why
+I want to be more comfortable in my body - both physically and socially.
+### How
+- Eat less
+	- Mostly a social problem
+- Drink water/tea more
+- Push ups
+	- Easy and quick
+- Pomodoro
+	- Improves focus, easy to integrate
+- Go to the gym
+	- High value, but high time commitment
diff --git a/sysadmin/docker.md b/sysadmin/docker.md
new file mode 100644
index 0000000..8c3381c
--- /dev/null
+++ b/sysadmin/docker.md
@@ -0,0 +1,8 @@
+# Docker
+
+## Performance
+- Containers will use all available resources - RAM, CPU, GPU
+	- This includes unlimited access to CPU cycles.
+
+## Sources
+- Docker official documentation
diff --git a/sysadmin/jenkins.md b/sysadmin/jenkins.md
new file mode 100644
index 0000000..ce5feac
--- /dev/null
+++ b/sysadmin/jenkins.md
@@ -0,0 +1,20 @@
+# Jenkins 
+
+- CI/CD tool
+- jobs are configured using a Jenkinsfile
+
+## Pipelines
+- Jenkins 2 allows pipelines-as-code
+		- descriptive rather than imperative
+
+## Systems
+- Node
+	- runs jobs
+	- can be a container, or a system
+- Master
+	- controls other jenkins instances
+	- not meant for heavyweight tasks
+- Agent
+	- also called a slave
+	- any non-master system
+	- 
diff --git a/sysadmin/kickstart.md b/sysadmin/kickstart.md
new file mode 100644
index 0000000..b883452
--- /dev/null
+++ b/sysadmin/kickstart.md
@@ -0,0 +1,34 @@
+# Kinkstart
+
+## ERB Syntax
+Kickstart uses ERB (embeddable Ruby) syntax. 
+
+ERB appears to be Ruby's answer to Python's jinja2 and Rust's Tera template system. It is used by many items within the Satellite/Foreman/Puppet ecosystem.
+
+
+## Partition Tables
+
+> Note: Within RH Satellite, the "snippet" option can be used to specify that a partition table is a snippet that can be used inside of another partition table.
+
+Partition tables take the form of ERB syntax. 
+
+- `zerombr` - clears invalid partitions, **used to prevent clearpart from waiting for input**
+- `clearpart` - removes partitions
+	`--all` - remove all partitions from all disks
+	`--initlabel` - reinitialize labels for partitions
+	`--drives=...` - specify drives to clear
+- `autopart` - automatic best-effort partitioning. creates /, /boot, and a swap partition. creates /home on disks larger than 50GB
+	`--type=...` - select partitioning scheme type (lvm, lvm-thin, plain, etc)
+	`--nohome` - do not create a /home parition
+	`--nolvm` - shorthand for `--type=plain`
+	`--fstype=...` - specify filesystem type (xfs, ext4, etc...)
+- `reqpart` - create required partitions for the platform such as /efi, biosboot, etc..
+	`--add-boot` - create /boot regardless of if it is needed or not
+- `part <mountpoint>` - create a partition to be mounted at *mountpoint*
+	`--size` - minimum size in MiB, must be an integer with no units
+	`--grow` - grow the partition to take up the remaining space on the disk
+	`--ondisk` - create the partition on a specific disk
+	`--fsprofile=...` - use a specific filesystem profile (FS must support usage profiles)
+	`--mkfsoptions=...` - options to pass to mkfs
+	`--fstype=...` - ext4, xfs, etc...
+	`--fsoptions` - options to pass when *mounting* the filesystem
diff --git a/sysadmin/podman.md b/sysadmin/podman.md
new file mode 100644
index 0000000..ab8dbfd
--- /dev/null
+++ b/sysadmin/podman.md
@@ -0,0 +1,208 @@
+# Using Podman with SELinux
+- SEL confines container processes to system_u:system_r:container_t:s0 domain
+- File perms for volumes must be system_u:object_r:container_file_t:s0
+- This can be done easily by appending `:z` to volume mappings during container creation
+	- Example: `-v /opt/docker/vw-data:/vw-data/:z`
+
+# Sources
+https://blog.christophersmart.com/2021/01/31/podman-volumes-and-selinux/
+
+---
+# Book Notes: Podman In Action
+
+## Definitions
+- container orchestrator - orchestrate conatiners onto multiple machines or nodes; primary CO is Kubernetes; often interacts with a separate container engine
+	- examples: Kubernetes, Docker Swarm, Apache Mesos
+- container engine - contfigures containerized apps to run on a single node
+	- examples: Podman, Docker, containerd, CRI-O, buildah
+- Open Container Initiative container runtimes - configure parts of the linux kernel and launch the containerized app
+	- examples: runc, crun, Kata, gVisor
+- pod - multiple containers sharing the same namespaces and cgroups
+- cgroups - control groups; linux kernel feature; allows processes to be put in hierarchical groups to limit and monitor resource usage
+- namespaces - virtualized environments where different processes see different sets of resources
+	- examples: network namespace, mount namespace, PID namespace
+- skopeo - tool to inspect containers?
+- container image - a committed container
+
+
+## Podman 
+- supports images in OCI, docker v2, and docker v1 formats
+- supports all OCI runtimes
+- supports rootless containers
+
+
+## Containers 
+- groups of processes running on a linux system; isolated from one another
+- prevents processes from interfering with other processes
+- prevents processes from dominating system resources
+- allows installations to use specific shared libraries
+- isolated using resource constraints, security constraints, namespaces
+	- security constraints include SELinux, RO-access to filesystems, user namespaces, seccomp
+- simplifies software distribution; correct dependencies are already there
+
+## Container Image Format
+1. Directory tree containing all software required to run the application
+2. JSON file to describe the rootfs
+	- laid out like it was the root of a linux filesystem
+3. JSON file to link multiple images together to support different architectures
+
+## Rootless Containers
+- docker requires root; podman does not
+	- command to gain root privileges if the user is in the docker group: `docker run -ti --name hacker --privileged -v /:/host ubi8  chroot /host`
+	- command to erase evidence of activities: `docker rm hacker`
+		- this includes logging if docker's default logging config is used
+	- docker *can* be run rootless, but it's rare to do so due to the additional configuration required
+- podman containers are owned by the user and have no addition privileges compared to that user
+	- even on container escape, there are no additional privileges
+
+## Fork/Exec Model
+- docker is client/server model with multiple daemons
+	- server runs setup steps, then acts as a communication layer back to client
+	- docker daemon, containerd daemon, etc; if any fail, all containers stop
+
+## Systemd Integration
+- podman aims for integration with systemd
+	- support systemd within containers
+	- socket activation
+	- systemd notifications
+	- systemd management of cgroups
+
+## Pods
+- shared storage/network resources
+- supports kubernetes YAML via `podman generate kube` and `podman play kube`
+- allows multiple microservice containers to be combined into a larger service pod
+
+## Podman Container Customizability
+- allows container defaults to be overridden
+- multiple configuration files (distibution-level, system-level, user-level)
+- allows more or less security depending on need
+
+## User-namespace Support
+- allows multiple UIDs to be assigned to a user
+- allows isolation between processes from the same user
+
+# Podman Commands
+(all commands should be prefixed with `podman`)
+- `run <image>` - pull image and execute in the foreground until exit
+- `run -ti <image> <command>` - run the command in the specified image in interactive mode
+- `run --rm` - delete container upon exit
+- `run -d` - detach from the container and run it in the background
+- `run -p <host_port>:<container_port>` - publish the container's internal port to the external host
+	- in rootless mode, only host ports below 1024 are usable
+- `run --name <name>` provides a name for the container
+	- if a name is not specified, a unique name is generated
+- `run --user <username>` - run as a specific user in the image
+- `create <image>` - pull the image and build it, but don't execute
+	- has near-identical flags to `run`
+- `start` - start a built image
+- `inspect` - get information about a container/image/network/etc
+	- most items have a specific `inspect` command for their type
+		- `podman image inspect`
+		- `podman container inspect`
+		- etc
+- `commit` - create new image from current container state
+	- **should only be run while a container is stopped**
+	- not the most common method compared to podman build
+- `push` - push image to registry
+- `login <registry>` - log in to a registry to do push/pull actions
+	- by default, credentials are stored in /run/user/\<uid\>/containers/auth.json as a base64-encoded string
+		- credentials are cleared on reboot
+	- other options for storing passwords are available
+- `image prune` - remove images without a tag
+	- `image prune -a` - remove all images not in use by a container
+- `image mount` - mount an images root filesystem as read-only
+	- cannot be done in rootless mode
+- `unshare` - enter user amd mount namespaces
+- `build` - build a container using Dockerfile or Containerfile
+
+## Container Images
+- containers are not the same as images
+- images are committed containers
+- "images" usually refers to content stored in container storage or in a container registry
+- stored as a series of layers
+
+### Image Tagging
+- allows adding additional names ot images
+
+### Image Mounting
+```
+podman unshare
+mnt=$(podman image mount <imagename>)
+ls $mnt
+podman image unmount <imagename>
+exit
+```
+
+## Image Building; Containerfiles
+- docker has Dockerfile; podman has Containerfile (and Dockerfile)
+- Containerfiles contain two types of directives
+	- adding content to the container image
+	- describing and documenting image use
+
+### Containerfile directives
+```
+# FROM specifies the container to base the image off of
+# FROM scratch # start with no content at all
+FROM registry.access.redhat.com/ubi8 # start from the ubi8 image
+
+# COPY copies files, directories, or tarballs into the new rootfs
+# ADD provides the same function, but supports remote URLs as well
+# VOLUME will create a folder that is marked as holding externally-mounted volumes
+
+# RUN runs a command on the image during building
+# commonly used for package management tools
+RUN yum -y update
+RUN yum -y install procps-ng
+RUN yum -y clean all
+# install "ps" command and clean up cruft from yum
+
+# CMD runs a command if a different command is not specified
+# ENTRYPOINT allows container to run as an executable
+
+# ENV defines environment variables
+
+# EXPOSE announces ports that will be opened
+# **but** it does not actually map or open any ports
+
+# LABEL adds metadata
+# MAINTAINER sets author of image
+
+# STOPSIGNAL defines the signal to send to the container for exit
+
+# USER defined the user name (and group name) for subsequent RUN/CMD/ENTRYPOINT directives
+# WORKDIR sets the working directory for subsequent RUN/CMD/ENTRYPOINT/COPY directives
+
+# ONBUILD adds a trigger to use if the image is being used as a base for another build
+```
+
+## Volumes
+- `volume rm <name>` - remove volume
+- `volume list` - list all volumes
+- `volume export` - export contents of volume to TAR archive
+- `volume import` - import TAR as volume
+
+### Why volumes?
+- separate applications from data
+- have the same image in multiple environments
+- reduce overhead of read/write performance
+- share content via network storage
+
+### Flags
+- flags are placed after the volume mapping
+	- `-v ./html:/var/www/html:ro`
+- flags can be combined with commas
+	- `-v ./html:/var/www/html:ro,z`
+- `:ro` - mount as read-only
+- `:z` - relabel content for use by SELinux, allows multi-container access
+- `:Z` - relabel content for use by SELinux, disallows multi-container access
+	- `--security-opt label=disable` can be used to run containers with an "unconfined" label, if needed (but not recommended)
+- `:U` - change ownership of volume to match UID in container
+
+
+### Named Volumes
+- `podman volume crate <name>`
+- defaults to locally named volumes
+	- creates a directory for named volumes
+- can be used by multiple containers at once
+
+
diff --git a/weeknotes/2023-42.md b/weeknotes/2023-42.md
new file mode 100644
index 0000000..37385cc
--- /dev/null
+++ b/weeknotes/2023-42.md
@@ -0,0 +1,15 @@
+# 2023-42
+- started new knowledgebase repo
+	- hopefully it lasts longer than the old one did
+- notes from rh summit
+	- free food
+		- fancy teas
+		- fancy coffee machine
+		- organic apple cider
+	- no disposable cups, only glases and stoneware mugs
+		- trays around venue to set down mugs when finished
+	- rope lights
+	- security desk, turnstiles before elevators
+	- lots of elevators - at least 3, probably 12
+
+