How to avoid Cloud Run to scale down to 0. Need My container be available always like AWS Fargate

I have my api deployed in cloud run, It is such an easy service to use without worrying about the infrastructure apart from the fact that i could not see any option to keep my container alive all the time like AWS Fargate. Since i am very new to this service I don’t know whether it is a problem or not. If my container is idle for a while the cloud run shuts it down and the request comes after that will take a hit by cold start latency.So I don’t want my container to scales down to 0. At least one container should be there always.If this is not possible i might need to go with Fargate with load balancer to link my domain which is by the way free in cloud run.

linux – Vulnerabilidade da imagem python:3.7-slim em container docker

Ao utilizar a imagem python:3,7-slim verifiquei que essa imagem possui duas vulnerabilidades críticas e algumas graves. Qual a imagem debian ideal a ser utilizada sem ser a alpine pois ja tentei antes e ela da problema ao instalar a biblioteca pandas. Pesquisei diversas vezes e não consegui achar nenhuma solução ou passo inicial para resolver esses problemas.

CVE-2019-19814

In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

CVE-2019-19816

In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled.

meu docker file está assim:

FROM python:3.7-slim


# Copiando requirements.txt
COPY requirements.txt /app/
WORKDIR /app

# Declarando os argumentos recebidos do build
#ARGS para API
ARG PORT
ARG HOST
ARG DEBUG
ARG SECRET_KEY

# ARGS do banco de dados
ARG DATABASE_ENGINE
ARG DATABASE_NAME
ARG DATABASE_HOST
ARG DATABASE_USER
ARG DATABASE_PASSWORD
ARG DATABASE_PORT
ARG DATABASE_SERVICE

# Defindo as variáveis de ambiente
ENV PORT=${PORT}
ENV HOST=${HOST}
ENV DEBUG=${DEBUG}
ENV SECRET_KEY=${SECRET_KEY}

ENV DATABASE_ENGINE=${DATABASE_ENGINE}
ENV DATABASE_USER=${DATABASE_USER}
ENV DATABASE_PASSWORD=${DATABASE_PASSWORD}
ENV DATABASE_HOST=${DATABASE_HOST}
ENV DATABASE_PORT=${DATABASE_PORT}
ENV DATABASE_SERVICE=${DATABASE_SERVICE}


#baixa e instala os drives da oracle
ADD https://download.oracle.com/otn_software/linux/instantclient/195000/oracle-instantclient19.5-basiclite-19.5.0.0.0-1.x86_64.rpm ./instantclient19.5-basiclite.rpm

RUN apt-get update -y && 
apt-get upgrade -y && 
apt-get install alien perl -y && 
alien -i --scripts  ./instantclient19.5-basiclite.rpm && 
pip install -r requirements.txt && 
apt-get install  libaio-dev -y && 
apt-get remove alien gcc -y 

ENV LD_LIBRARY_PATH="/usr/lib/oracle/19.5/client(64)/lib/${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
ENV ORACLE_HOME="/usr/lib/oracle/19.5/client(64)"
ENV PATH="/usr/lib/oracle/19.5/;"+${PATH}

# #cria um usuario
RUN useradd python

# # Copy the current directory contents into the container at /app
COPY --chown=python . /app

EXPOSE ${PORT}

USER python

CMD python manage.py runserver ${HOST}:${PORT} 

Header customization ( Container Height )

I’m using a custom theme, i would like to reduce the height of the mega menu container.
Could you please help me out ?

Please find the attached image. header image ( screenshot)

linux – docker container cannot access host file and directory

I ran this command to create a container (i do the following in a Virtualbox installed with centos 7)

docker run -d -v /var/nginx/www/html:/var/www/html -p 9000:9000 --link cyt_mysql:mysql --name cyt_phpfpm php:7.2-fpm 

and then run docker exec -it cyt_phpfpm /bin/bash enter the container

root@fb73b592460c:/var/www/html# touch test.php

    touch: cannot touch 'test.php': Permission denied
    root@fb73b592460c:/var/www/html# ls -al
    total 0
    
        drwxrwxrwx. 2 root root  6 Jun 25 15:10 .
        drwxr-xr-x. 3 root root 18 Jun  9 13:35 ..
        root@fb73b592460c:/var/www/html# ls -al
        ls: cannot access 'test.php': Permission denied
        total 0
        drwxrwxrwx. 2 root root 22 Jun 25 15:18 .
        drwxr-xr-x. 3 root root 18 Jun  9 13:35 ..

and then i create a file (test.php) in host, and then run ls -al in container

        -?????????? ? ?    ?     ?            ? test.php
        root@fb73b592460c:/var/www/html# 

seems the container has no permssion to access the host file and directory, how to fix it?

plugins – Hooking into the HTML header container

Unless a theme provides such a hook there is no way to do this with actions and filters. If a hook is provided then it will be theme specific, no generic WP solution exists.

For a full list of the hooks that a theme should implement, see here:

Plugin API Hooks

At the moment this includes:

  • wp_head() Goes at the end of the element of a theme’s header.php template file.
  • wp_body_open() Goes at the begining of the element of a theme’s header.php template file.
  • wp_footer() Goes in footer.php, just before the closing tag
  • wp_meta() Typically goes in the
  • Meta
  • section of a Theme’s menu or sidebar.

  • comment_form() Goes in comments.php directly before the file’s closing tag ()

Note that aside from wp_head and wp_footer, there is no guarantee that the theme developer knew to add them, or did so correctly, particularly wp_body_open and wp_meta

8 – Why container in Drush command is different than the container in the test case that is executing this command?

I created a functional test for my module: https://www.drupal.org/project/content_fixtures . It is using Drush commands to load/purge/list fixtures, so I wanted test case starting from the beginning: the Drush command. By looking at code of the scheduler module, I learned that I can test Drush commands by using DrushTestTrait (source for reference: https://git.drupalcode.org/project/scheduler/-/blob/8.x-1.x/tests/src/Functional/SchedulerDrushTest.php ) I stumbled on an issue though: it looks like for whatever reason, container in Drush command is in different state, than the container in the test case executing this Drush command.

What happens:
In my test case I’m enabling content_fixtures_test module, this module defines fixture and service with the content_fixture tag, that is supposed to be added to my Loader class by the service_collector. It is correctly added to my loader available in my test case, but loader available in my Drush command is empty, like it’s a different instance!

This is code in question:

https://git.drupalcode.org/project/content_fixtures/-/blob/8.x-1.x/tests/src/Functional/OperationsTest.php#L54-58

You can locally replace $loader->loadFixtures(); with $this->drush('content-fixtures:load'); (and uncomment trait above) – that should result in the same thing, but the latter will fail, because for some reason Drush will think that the Loader is empty, so it won’t load any fixtures.

Any ideas why it doesn’t work as expected? Am I missing something?

Handy command to run this module’s tests: ./vendor/bin/phpunit -c ./web/core ./web/modules/contrib/content_fixtures . Just clone/require 8.x-1.x-dev branch.

Oh, I’m running these tests on Drupal 9.

docker – How to bind a port in a “host” network mode from a container run by a rootless dockerd?

  • Install rootless dockerd on Ubuntu 20.04:

    $ curl -fsSL https://get.docker.com/rootless | sh
    $ export PATH=$HOME/bin:$PATH
    $ export DOCKER_HOST=unix:///run/user/1000/docker.sock
    
  • Run rootless dockerd:

    $ dockerd-rootless.sh --experimental
    ...
    INFO(2020-06-03T16:53:51.690572434+02:00) API listen on /run/user/1000/docker.sock
    
  • Check container in non-host network mode (SUCCESS):

    $ docker run --rm -it -p 8080:8080 python python -m http.server 8080
    Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...
    

    On other terminal:

    $ curl http://localhost:8080
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    ...
    
    $ lsof -i :8080
    COMMAND      PID    USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
    rootlessk 116618 marcinr    9u  IPv6 2313409      0t0  TCP *:http-alt (LISTEN)
    
  • Try to run in “host” network mode (FAILURE):

    $ docker run --rm -it --network host python python -m http.server 8080
    Serving HTTP on 0.0.0.0 port 8080 (http://0.0.0.0:8080/) ...
    

    On other terminal:

    $ curl http://localhost:8080
    curl: (7) Failed to connect to localhost port 8080: Connection refused
    
    $ lsof -i :8080
    <empty>
    

    I know I can run these commands using nsenter:

    $ nsenter -U -n -t $(cat /run/user/1000/docker.pid) lsof -i :8080
    COMMAND    PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
    python  119656 root    3u  IPv4 2360676      0t0  TCP *:http-alt (LISTEN)
    

    but I want to be able to use my web application in a web browser, not in the terminal only.

  • My question is: how to publish the port 8080 to the host in a “host” network mode using rootless dockerd? Should i run dockerd-rootless.sh script or even a raw rootlesskit with specific arguments to achieve this?

    docker – What is / are the best threat modeling method(s) for container security?

    I am currently researching threat modeling for container security, I am wondering which methods are the best for container security. Till now I got the conclusion that STRIDE is most used and it is used as well for container security because it is easy to understand and each threat is easy to map to the CVE database.

    Maybe in the community are people with experience in the field that can advise or share their experience about what is the best threat modeling method for container security and why.

    Thanks.

    magento2 – How added custom widget container to Catalog Category page?

    How added custom widget container for adding widgets to Catalog Category page after main scope?

    I tried added to tag body catalog_category_view.xml
    My custom container

    <container name="custom.container" label="Custom Container" after="main.content"/>
    

    but this is not working
    enter image description here

    docker – Accessing log files within linux container in Azure App Service

    This may be a simple question but I find the Azure documentation vast and a bit vague to advice would be appreciated.

    So I’ve got docker container running in Azure app service. I have a linux container which is pushed to Azure container registry from our pipelines where it is then used by the web app. I can view the log stream which automatically displays the docker logs and I assume anything sent to standard out.

    There are various logs files within the container on certain file paths. How can I access these logs? (Other than using ssh in Kudu to get into the container). Is there a way of mapping these file paths to one of the Azure log analytic tools?

    Thanks – Please let me know if you need more information on any part of this setup.