mariadb_backup

 1. download all

mysqldump --all-databases --user=root --password > database.sql

2.  restore

mysql -u root -p < database.sql

3.  ref1   ref2

Linux create/delete user, group, and acl

 1.  Add special user and group

group ref useradd_ref  acl_birds

#groupadd -g 4200 sysadmin2

#useradd appadmin1 -u 4100 -g 4100  -s /bin/bash 

#deluser ...

2. 　useradd command and compare adduser ref

useradd is law level
The command useradd is also used to add users. It comes with some flags.  Some of them are as follows.
-D        Defaults
-m        Creates a home directory
-s         Defines the shell for the user
-e         Date on which the user account will be disabled
-b         Base directory for the home directory of the user
-u         UID
-g         Initial group number
-G        Additional groups by name
-c         Comment

proxmox: disk setting

 1. disk create

pve->磁碟->Direcory->建立 Directory

2. linux Linux 檔案系統掛載（mount）使用教學與範例

3. create partion ref

promox: strorage setting file

 1.  vim /etc/pve/storage.cfg

root@pve:/etc/pve# cat storage.cfg

dir: local

        path /var/lib/vz

        content iso,vztmpl,backup

lvmthin: local-lvm

        thinpool data

        vgname pve

        content rootdir,images

dir: sdb_ve

        path /mnt/pve/sdb

        content iso,vztmpl,rootdir,backup,snippets,images

        is_mountpoint 1

        nodes pve

dir: sdbc_data

        path /mnt/pve/sdbc_data

        content images,rootdir,vztmpl,iso,snippets,backup

        is_mountpoint 1

        nodes pv

* you can chnage the sdb_ve such name

proxmox : start lxc script example

 1 Good ref

pct create <id> /var/lib/vz/template/cache/centos-7-default_20170504_amd64.tar.xz \
	-arch amd64 \
	-ostype <centos|ubuntu|etc> \
	-hostname <hostname> \
	-cores <cores> \
	-memory <memory(MB)> \
	-swap <swap(MB)> \
	-storage local-lvm \
	-password \
	-net0 name=eth0,bridge=<bridge>,gw=<gateway>,ip=<cidr>,type=veth &&\
	pct start <id> &&\
	sleep 10 &&\
	pct resize <id> rootfs <storage(ex: +4G)> &&\
	pct exec <id> -- bash -c "yum update -y &&\
	yum install -y openssh-server &&\
	systemctl start sshd &&\
	useradd -mU hogeuser &&\
	echo "password" | passwd --stdin hogeuser"

Proxmox : Good Document

 1. Proxmox Office  ref

reerence List

html List

2.  Chinese Proxmox VE 4.x 中文初階學習手冊   ref

3. Chinese Proxmox 手冊目錄   ref

4. It helper ref

proxmox: uid mapping file

 1. good ref ,ref2

Hi,

As it looks like you have an unprivileged container.
This means that the UID/GID is mapped.
So root with UID 0 in the container is UID 100000 on the host.
Every UID/GID in the container is +100000 on the host.

You can set the permission on the host that it matches to the bind-mount or you can remap the UID/GID.
For the remapping see [1]
Or just run the container in privileged mode then the mapping is the same.

I would not install docker direct on the host because this can have dependency problems.
It's not included in our tests, so you're alone with such a setup.

1.) https://pve.proxmox.com/wiki/Unprivileged_LXC_containers

2. Good office ref

# uid map: from uid 0 map 1005 uids (in the ct) to the range starting 100000 (on the host), so 0..1004 (ct) → 100000..101004 (host) lxc.idmap = u 0 100000 1005 lxc.idmap = g 0 100000 1005 # we map 1 uid starting from uid 1005 onto 1005, so 1005 → 1005 lxc.idmap = u 1005 1005 1 lxc.idmap = g 1005 1005 1 # we map the rest of 65535 from 1006 upto 101006, so 1006..65535 → 101006..165535 lxc.idmap = u 1006 101006 64530 lxc.idmap = g 1006 101006 64530

3.   Good example ref 

4. LXC_REF

This configuration will map both user and group ids in the range 0-9999 in the container to the ids 100000-109999 on the host.

        lxc.idmap = u 0 100000 10000
        lxc.idmap = g 0 100000 10000

5.   oracle explain  ref

user:start_uid:uid_count

Add an entry for the dockremap user if you plan to configure default user namespace remapping. Alternately, add an entry for the unprivileged user that you are going to use for this purpose. For example:

dockremap:100000:65536

In the example above, dockremap represents the unpriveleged system user that is used for the remapping. 100000 represents the first UID in the range of available UIDs that processes within the container may run with. 65536 represents the maximum number of UIDs that may be used by a container. Based on this example entry, a process running as the root user within the container is launched so that on the host system it runs with the UID 100000. If a process within the container is run as a user with UID 500, on the host system it would run with the UID 100500.

6. subuid 

subuid - the subordinate uid file

Each line in /etc/subuid contains a user name and a range of subordinate user ids that user is allowed to use. This is specified with three fields delimited by colons (":"). These fields are:

7. pod man ref

/etc/subuid:johndoe:200000:1001
/etc/subgid:johndoe:200000:1001

8. An unprivileged LXC container ref

So even root can own unprivileged containers, since the effective UIDs of container processes on the host will end up inside the range defined by the mapping.
However, for root you have to define the subordinate IDs first. Unlike users created via adduser, root will not have a range of subordinate IDs defined by default.

9. good eample ref

he most common example and what most LXD users will end up with by default is a map of 65536 UIDs and GIDs, with a host base id of 100000. This means that root in the container (uid 0) will be mapped to the host uid 100000 and uid 65535 in the container will be mapped to uid 165535 on the host. UID/GID 65536 and higher in the container aren’t mapped and will return an error if you attempt to use them.

From a security point of view, that means that anything which is not owned by the users and groups mapped into the container will be inaccessible. Any such resource will show up as being owned by uid/gid “-1” (rendered as 65534 or nobody/nogroup in userspace). It also means that should there be a way to escape the container, even root in the container would find itself with just as much privileges on the host as a nobody user.

10. My Example

#  groupadd -g 100000 lxcremap

# useradd lxcremap -g 100000 -u 100000

# pct set 105 -mp0 /mnt/pve/sde_vipdata/data/system-mariadb-0019,mp=/data

# chown -R lxcremap:lxcremap /mnt/pve/sde_vipdata/data/system-mariadb-0019/

#vi 105.conf [map file]

lxc.idmap: u 0 100000 65534

lxc.idmap: g 0 100000 65534

lxc.idmap: u 65534 165534 1

lxc.idmap: g 65534 165534 1

# cat /etc/subuid [ allow uid]

root:1005:1

root:100000:65536

# cat /etc/subgid [allow gid]

root:1005:1

root:100000:65536

Proxmox-Basic: Linux LXC and docker compare

 1.  Good Ref  

關於 LXC

先撇除一般Hypervisor 不談(大家應該都很熟悉了)，在了解Docker之前我們應該先來了解，什麼是 LXC (Linux Container)？我們現來看一下他的定義：

 LXC (LinuX Containers) provide an isolated operating system environment with its own file system, network, process and block I/O space. A favorite way to describe containers is that they are like “chroot on steroids”, since they provide the file system isolation that chroot jails provide but they go beyond that by also providing an IP address, a separate process domain, user ids and dedicated access to the host’s physical resources (i.e. memory, CPU) which chroot jails do not provide

Why Docker more than LXC

沒錯，一開始Docker也是架設在LXC之上，不過從Docker 0.9版以後，LXC 已經不再是Docker 唯一且預設的執行環境 (請參考：docker drops LXC as default execution environment)，Docker 現在支援更多種的"isolation tools"包含：

• DOpenVZ
• systemd-nspawn
• libvirt-lxc
• libvirt-sandbox
• qemu/kvm
• BSD Jails
• Solaris Zones
• chroot

---------------------------------------

2. Good 2 ref ref2

使用 lxc 的好處之一，就是可以把虛擬機器再拿來切一切，分出更多的小小的執行環境來同時跑更多的 Linux 作業系統，這在需要模擬很多台電腦時，就會很方便，雖然大部份的文件都是提到用 KVM 來搭配 lxc 使用的，不過，阿舍是在 VirtualBox 上的 Ubuntu 虛擬機器來安裝和測試的，用來，還沒什麼問題，這大概因為 lxc 已被包在 Linux 核心裡，所以，一般的情況，只要 Linux 跑的起來，lxc 就應該可以用吧 ！

Credit Diego Elio “Flameeyes” Pettenò 

lxc 是透過範本來建立虛擬機器 (有人說應該是稱為虛擬執行環境，阿舍瞭解，不過，阿舍習慣上，還是都會用虛擬機器再形容的哩 ！)，而 lxc 內建就有幾個 Linux 發行版本的範本檔可用，以 Ubuntu 為例，lxc 內建的範本檔是放在 /usr/share/lxc/templates 資料夾裡的，所以，當要建立 Ubuntu 的 虛擬機器時，就可以用下面的指令來建立。

3.  compare  ref

LXC virtual environment has no hardware preload emulation. Each virtual environment (an OS or an application) is loaded in a container and executes without any additional overhead and no hardware emulation. This means no penalty from software with limited memory. In the end, LXC will improve the performance of the bare metal as it only bundles the OS/application that is required.

4.  Promx linux container

Containers are a lightweight alternative to fully virtualized machines (VMs). They use the kernel of the host system that they run on, instead of emulating a full operating system (OS). This means that containers can access resources on the host system directly.

The runtime costs for containers is low, usually negligible. However, there are some drawbacks that need be considered:

• Only Linux distributions can be run in Proxmox Containers. It is not possible to run other operating systems like, for example, FreeBSD or Microsoft Windows inside a container.

• For security reasons, access to host resources needs to be restricted. Therefore, containers run in their own separate namespaces. Additionally some syscalls (user space requests to the Linux kernel) are not allowed within containers.

5. LXC in debian and explain

LXC_office

debina_lxc

suse_lxc

Proxmox-Basic: proxmox privileged

1.  good ref

For those that don't know.

Privileged containers: container uid 0 is mapped to the host's uid 0.

Unprivileged containers: container uid 0 is mapped to an unprivileged user on the host.

Unprivileged should be chosen unless you need a privileged container.

My thoughts: I haven't had a need for a privileged container. I can't think of a reason to use one. Maybe if I needed something that needed to access some hardware that couldn't be mapped to an unprivileged container?

2.  you can see chinese discuss

Privileged Containers

Security is done by dropping capabilities, using mandatory access control (AppArmor), SecComp filters and namespaces. The LXC team considers this kind of container as unsafe, and they will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. So you should use this kind of containers only inside a trusted environment, or when no untrusted task is running as root in the container.

中文大意:這模式比較不安全它用 AppArmor 來管控，建議你只能在內網或比較安全的環境來跑這模式，或比較沒有安全顧慮的工作來跑它

proxmox mount direcotry

 1. command line   ref

我們要使用指令範本「qm set 你的VMID –sata代號 /dev/disk/by-id/你的硬碟ID」

qm set 100 –sata1 /dev/disk/by-id/ata-ST1000DM003-1CH162_S1D8F613」

2 View disk and munt ref

proxmox pct -( Proxmox Container Toolkit)

 1. pct is  Tool to manage Linux Containers (LXC) on Proxmox VE

USAGE: pct <COMMAND> [ARGS] [OPTIONS]
       pct clone <vmid> <newid> [OPTIONS]
       pct create <vmid> <ostemplate> [OPTIONS]
       pct destroy <vmid> [OPTIONS]
       pct list
       pct migrate <vmid> <target> [OPTIONS]
       pct move-volume <vmid> <volume> [<storage>] [<target-vmid>] [<target-volume>] 
       pct pending <vmid>
       pct resize <vmid> <disk> <size> [OPTIONS]
       pct restore <vmid> <ostemplate> [OPTIONS]
       pct template <vmid>
       pct config <vmid> [OPTIONS]
       pct set <vmid> [OPTIONS]
       pct delsnapshot <vmid> <snapname> [OPTIONS]
       pct listsnapshot <vmid>
       pct rollback <vmid> <snapname>
       pct snapshot <vmid> <snapname> [OPTIONS]
       pct reboot <vmid> [OPTIONS]
       pct resume <vmid>
       pct shutdown <vmid> [OPTIONS]
       pct start <vmid> [OPTIONS]
       pct stop <vmid> [OPTIONS]
       pct suspend <vmid>
       pct console <vmid> [OPTIONS]
       pct cpusets
       pct df <vmid>
       pct enter <vmid>
       pct exec <vmid> [<extra-args>]
       pct fsck <vmid> [OPTIONS]
       pct fstrim <vmid> [OPTIONS]
       pct mount <vmid>
       pct pull <vmid> <path> <destination> [OPTIONS]
       pct push <vmid> <file> <destination> [OPTIONS]
       pct rescan  [OPTIONS]
       pct status <vmid> [OPTIONS]
       pct unlock <vmid>
       pct unmount <vmid>
       pct help [<extra-args>] [OPTIONS]

2.  put a file to lxc

pct push 100 gitea-1.15.9-linux-amd64 /opt/gitea/gitea

3. Enter to lxc

pct enter 100

4. Look current lxc

root@pve:~/src# pct list
VMID       Status     Lock         Name
100        running                 myalpine

5. Mount file  gui

https://pve.proxmox.com/wiki/Linux_Container#pct_mount_points

http://www.gienginali.idv.tw/modules/tad_book3/page.php?tbdsn=505

https://pve.proxmox.com/wiki/Linux_Container#pct_mount_points

6. alpine rc

https://docs.alpinelinux.org/user-handbook/0.1a/Working/openrc.html

7. Mount file by command ref

root@pve:~# cat  /etc/pve/lxc//100.conf

arch: amd64

cores: 2

features: nesting=1

hostname: myalpine

memory: 512

mp0: /mnt/pve/sdbc_data/machine/100myalpine,mp=/mnt/data

net0: name=eth0,bridge=vmbr0,firewall=1,gw=10.0.255.254,hwaddr=E6:E1:B8:81:DC:BA,ip=10.0.3.1/16,type=veth

ostype: alpine

rootfs: local-lvm:vm-100-disk-0,size=2G

swap: 512

# use privilege that can read wirte disck

unprivileged: 0

PUT/POST/DELETE

 https://ihower.tw/blog/archives/6483

https://softwareengineering.stackexchange.com/questions/114156/why-are-there-no-put-and-delete-methods-on-html-forms

https://blog.kalan.dev/2021-03-13-html-form-data/

https://developer.mozilla.org/zh-TW/docs/Web/HTTP/Headers/Content-Type

https://stackoverflow.com/questions/630453/what-is-the-difference-between-post-and-put-in-http

python decorator

 https://realpython.com/primer-on-python-decorators/

raid

 1. https://www.linwei.com.tw/forum-detail/11/

2. 

nextcloud install

 1. https://nextcloud.com/install/

2. https://iter01.com/604295.html

3.  https://hub.docker.com/_/nextcloud?tab=tags

4.  https://github.com/nextcloud/docker/blob/e2dc98dea469ba67c3e6474aa4fc2cf902f8e9a4/23/apache/Dockerfile

5.  https://github.com/docker-library/docs/blob/master/nextcloud/README.md

6. https://github.com/docker-library/docs/tree/master/nextcloud

7. https://github.com/nextcloud/docker/blob/master/23/apache/Dockerfile

8.  https://help.nextcloud.com/t/docker-compose-nextcloud-apache-mariadb/89031

9. https://mariushosting.com/synology-how-to-install-nextcloud-using-docker/

10. https://github.com/nextcloud/server