lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.5 LTS
Release:        18.04
Codename:       bionic

uname -r
4.15.0-159-generic

[Wed Oct 20 14:28:18 2021] ------------[ cut here ]------------
[Wed Oct 20 14:28:18 2021] perf buffer not large enough
[Wed Oct 20 14:28:18 2021] WARNING: CPU: 0 PID: 12288 at /build/linux-teTg6M/linux-4.15.0/kernel/trace/trace_event_perf.c:288 perf_trace_buf_alloc+0x86/0xa0
[Wed Oct 20 14:28:18 2021] Modules linked in: ip6table_filter ip6_tables xt_nat veth vsock_diag vsock sctp_diag sctp dccp_diag dccp raw_diag unix_diag af_packet_diag netlink_diag udp_diag tcp_diag inet_diag ipt_REJECT nf_reject_ipv4 xt_tcpudp xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 nf_conntrack_netlink nfnetlink xfrm_user xfrm_algo xt_addrtype iptable_filter iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack br_netfilter bridge stp llc overlay aufs nls_iso8859_1 input_leds kvm_intel kvm irqbypass joydev serio_raw sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath
[Wed Oct 20 14:28:18 2021]  linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc hid_generic aesni_intel aes_x86_64 crypto_simd glue_helper cryptd usbhid psmouse ahci libahci virtio_scsi hid virtio_net
[Wed Oct 20 14:28:18 2021] CPU: 0 PID: 12288 Comm: dockerd Not tainted 4.15.0-159-generic #167-Ubuntu
[Wed Oct 20 14:28:18 2021] Hardware name: OpenStack Foundation OpenStack Nova, BIOS 1.10.2-1ubuntu1 04/01/2014
[Wed Oct 20 14:28:18 2021] RIP: 0010:perf_trace_buf_alloc+0x86/0xa0
[Wed Oct 20 14:28:18 2021] RSP: 0018:ffffa60a42453cd0 EFLAGS: 00010282
[Wed Oct 20 14:28:18 2021] RAX: 0000000000000000 RBX: 000000000000109c RCX: 0000000000000000
[Wed Oct 20 14:28:18 2021] RDX: 000000000000001c RSI: ffffffffa2d63c3c RDI: 0000000000000246
[Wed Oct 20 14:28:18 2021] RBP: ffffa60a42453ce8 R08: 000013084d9fabc3 R09: ffffffffa2d63c20
[Wed Oct 20 14:28:18 2021] R10: 000000000000104e R11: 0000000000000001 R12: 000000000000104e
[Wed Oct 20 14:28:18 2021] R13: ffffa60a42453e28 R14: 000000000000000f R15: ffff9a3a8e0d5000
[Wed Oct 20 14:28:18 2021] FS:  00007fca2e7fc700(0000) GS:ffff9a3d3fc00000(0000) knlGS:0000000000000000
[Wed Oct 20 14:28:18 2021] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[Wed Oct 20 14:28:18 2021] CR2: 000000000000000f CR3: 000000042adfc004 CR4: 00000000007606f0
[Wed Oct 20 14:28:18 2021] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[Wed Oct 20 14:28:18 2021] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[Wed Oct 20 14:28:18 2021] PKRU: 55555554
[Wed Oct 20 14:28:18 2021] Call Trace:
[Wed Oct 20 14:28:18 2021]  kprobe_perf_func+0xb4/0x250
[Wed Oct 20 14:28:18 2021]  ? do_execveat_common.isra.34+0x5/0x7d0
[Wed Oct 20 14:28:18 2021]  kprobe_dispatcher+0x34/0x50
[Wed Oct 20 14:28:18 2021]  aggr_pre_handler+0x45/0x80
[Wed Oct 20 14:28:18 2021]  ? do_execveat_common.isra.34+0x1/0x7d0
[Wed Oct 20 14:28:18 2021]  kprobe_ftrace_handler+0x8f/0xf0
[Wed Oct 20 14:28:18 2021]  ftrace_ops_assist_func+0xa9/0x130
[Wed Oct 20 14:28:18 2021]  0xffffffffc07c80d5
[Wed Oct 20 14:28:18 2021]  ? do_execveat_common.isra.34+0x1/0x7d0
[Wed Oct 20 14:28:18 2021]  do_execveat_common.isra.34+0x5/0x7d0
[Wed Oct 20 14:28:18 2021]  SyS_execve+0x31/0x40
[Wed Oct 20 14:28:18 2021]  ? do_execveat_common.isra.34+0x5/0x7d0
[Wed Oct 20 14:28:18 2021]  ? copy_oldmem_page+0xb0/0xb0
[Wed Oct 20 14:28:18 2021]  do_syscall_64+0x73/0x130
[Wed Oct 20 14:28:18 2021]  entry_SYSCALL_64_after_hwframe+0x41/0xa6
[Wed Oct 20 14:28:18 2021] RIP: 0033:0x555a8ebc944b
[Wed Oct 20 14:28:18 2021] RSP: 002b:000000c000fd3bb8 EFLAGS: 00000202 ORIG_RAX: 000000000000003b
[Wed Oct 20 14:28:18 2021] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000555a8ebc944b
[Wed Oct 20 14:28:18 2021] RDX: 000000c000f34740 RSI: 000000c0014cb6d0 RDI: 000000c0014882a0
[Wed Oct 20 14:28:18 2021] RBP: 000000c000fd3d58 R08: 0000000000000000 R09: 0000000000000000
[Wed Oct 20 14:28:18 2021] R10: 0000000000000000 R11: 0000000000000202 R12: 0000555a8ebbda50
[Wed Oct 20 14:28:18 2021] R13: 0000000000000018 R14: 0000000000000017 R15: 0000000000000100
[Wed Oct 20 14:28:18 2021] Code: c7 44 18 f8 00 00 00 00 5b 41 5c 41 5d 5d c3 80 3d a2 06 48 01 00 75 15 48 c7 c7 9b 60 4e a2 c6 05 92 06 48 01 01 e8 4a de ef ff <0f> 0b 5b 31 c0 41 5c 41 5d 5d c3 0f 1f 44 00 00 66 2e 0f 1f 84 
[Wed Oct 20 14:28:18 2021] ---[ end trace 4571369f97795a2f ]---

pam_tally2: Error opening /var/log/tallylog for update: Permission denied
pam_tally2: Authentication error
useradd: failed to reset the tallylog entry of user "victoriametrics"

Current mode:                   enforcing

CentOS Linux release 7.9.2009 (Core)

yum -y install yum-plugin-copr
yum -y copr enable antonpatsev/VictoriaMetrics
yum makecache
yum -y install vmsingle

git clone https://git.cloud-team.ru/lections/kubernetes_setup.git
cd terraform
TF_IN_AUTOMATION=1 terraform apply -auto-approve

│ Error: Invalid index
│ 
│   on k8s-cluster.tf line 380, in output "load_balancer_public_ip":
│  380:   value = yandex_lb_network_load_balancer.k8s-load-balancer.listener.*.external_address_spec.0.address
│ 
│ Elements of a set are identified only by their value and don't have any separate index or key to select with, so it's only possible to perform operations across all
│ elements of the set.

python3 dnsserver.py --domain yourdomain.net --soa-master=ns1.yourdomain.net --soa-email=email@yourdomain.net --ns-servers=ns1.yourdomain.net,ns2.yourdomain.net --log-level ERROR --http-port 80 --http-index /somewhere/index.html
12:12:47: starting DNS server on 10.128.0.20/ on port 53, upstream DNS server "1.1.1.1"
12:12:47: Starting httpd...
Saving debug log to /var/log/letsencrypt/letsencrypt.log
12:12:47: Cannot find wildcard certificate. Run certbotdns.py now and then restart this. Meanwhile HTTP will not work.

python3 certbotdns.py wildcard 10.128.0.20.yourdomain.net email@yourdomain.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for 10.128.0.20.yourdomain.net
Running manual-auth-hook command: python3 /root/localtls/certbotdns.py deploy
Output from manual-auth-hook command python3:
_acme-challenge.10.128.0.20.yourdomain.net

Waiting for verification...
Challenge failed for domain 10.128.0.20.yourdomain.net
dns-01 challenge for 10.128.0.20.yourdomain.net
Cleaning up challenges
Running manual-cleanup-hook command: python3 /root/localtls/certbotdns.py cleanup
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: 10.128.0.20.yourdomain.net
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.10.128.0.20.yourdomain.net - check that a DNS
   record exists for this domain
None
None

python3 certbotdns.py wildcard yourdomain.net email@yourdomain.net
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for yourdomain.net
Running manual-auth-hook command: python3 /root/localtls/certbotdns.py deploy
Output from manual-auth-hook command python3:
_acme-challenge.yourdomain.net

Waiting for verification...
Challenge failed for domain yourdomain.net
dns-01 challenge for yourdomain.net
Cleaning up challenges
Running manual-cleanup-hook command: python3 /root/localtls/certbotdns.py cleanup
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: yourdomain.net
   Type:   dns
   Detail: DNS problem: NXDOMAIN looking up TXT for
   _acme-challenge.yourdomain.net - check that a DNS record exists for
   this domain
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
None
None

2021-07-15 12:17:18,809:DEBUG:certbot.main:certbot version: 0.40.0
2021-07-15 12:17:18,809:DEBUG:certbot.main:Arguments: ['--noninteractive', '--agree-tos', '--email', 'email@yourdomain.net', '--manual', '--preferred-challenges=dns', '--manual-public-ip-logging-ok', '--manual-auth-hook', 'python3 /root/localtls/certbotdns.py deploy', '--manual-cleanup-hook', 'python3 /root/localtls/certbotdns.py cleanup', '-d', '*.10.128.0.20.yourdomain.net']
2021-07-15 12:17:18,809:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-15 12:17:18,815:DEBUG:certbot.log:Root logging level set at 20
2021-07-15 12:17:18,815:INFO:certbot.log:Saving debug log to /var/log/letsencrypt/letsencrypt.log
2021-07-15 12:17:18,816:DEBUG:certbot.plugins.selection:Requested authenticator manual and installer None
2021-07-15 12:17:18,816:DEBUG:certbot.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: IAuthenticator, IPlugin
Entry point: manual = certbot.plugins.manual:Authenticator
Initialized: <certbot.plugins.manual.Authenticator object at 0x7ff1b3515b80>
Prep: True
2021-07-15 12:17:18,817:DEBUG:certbot.plugins.selection:Selected authenticator <certbot.plugins.manual.Authenticator object at 0x7ff1b3515b80> and installer None
2021-07-15 12:17:18,817:INFO:certbot.plugins.selection:Plugins selected: Authenticator manual, Installer None
2021-07-15 12:17:18,819:DEBUG:certbot.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-v02.api.letsencrypt.org/acme/acct/130687661', new_authzr_uri=None, terms_of_service=None), 6439102b194ec0e68f3614050ef16266, Meta(creation_dt=datetime.datetime(2021, 7, 15, 12, 8, 58, tzinfo=<UTC>), creation_host='localhost'))>
2021-07-15 12:17:18,819:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2021-07-15 12:17:18,820:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2021-07-15 12:17:19,454:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 658
2021-07-15 12:17:19,454:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 Jul 2021 12:17:19 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "7ze8_jIGrbk": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2021-07-15 12:17:19,455:INFO:certbot.main:Obtaining a new certificate
2021-07-15 12:17:19,533:DEBUG:certbot.crypto_util:Generating key (2048 bits): /etc/letsencrypt/keys/0005_key-certbot.pem
2021-07-15 12:17:19,535:DEBUG:certbot.crypto_util:Creating CSR: /etc/letsencrypt/csr/0005_csr-certbot.pem
2021-07-15 12:17:19,536:DEBUG:acme.client:Requesting fresh nonce
2021-07-15 12:17:19,536:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2021-07-15 12:17:19,692:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2021-07-15 12:17:19,692:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 Jul 2021 12:17:19 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 01027bBVN5WDeZpizkLAGJ-TU5tZ4IdGMDmKlYxnPMjKZjA
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800


2021-07-15 12:17:19,692:DEBUG:acme.client:Storing nonce: 01027bBVN5WDeZpizkLAGJ-TU5tZ4IdGMDmKlYxnPMjKZjA
2021-07-15 12:17:19,693:DEBUG:acme.client:JWS payload:
b'{\n  "identifiers": [\n    {\n      "type": "dns",\n      "value": "*.10.128.0.20.yourdomain.net"\n    }\n  ]\n}'
2021-07-15 12:17:19,694:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwNjg3NjYxIiwgIm5vbmNlIjogIjAxMDI3YkJWTjVXRGVacGl6a0xBR0otVFU1dFo0SWRHTURtS2xZeG5QTWpLWmpBIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
  "signature": "FeiGKN-j-X_VZYeTxGKRgZyyuhJfP2zeopROjQszKwtkkodu6M2aaTu_sEnssp-28Ad0Y94p9YyoSbqFoA45y4McRf-KE-7DEeetshZhJq63K2al-unfyF0zcKAxqcgvHAtLv28SjHRmCzFimV91FD-93OzksmbOXksKlijmNFhWPgK_4gI6F7SZ4u23AfMzRC4Z2UFa679hngQwIYIZ9kJz1jPXCuLm53YuGMQwQHZDW-0nlo9K2YTT2FK29wzM0Sm4qH9IC8Fz7mIXb8GEJ91U_s-BEh1t321Rt1vNbzb9lxysBdo2EmYhcXR7ENT42UC3j1tKQH_f3FEhDppRrQ",
  "payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogIiouMTAuMTI4LjAuMjAueW91cmRvbWFpbi5uZXQiCiAgICB9CiAgXQp9"
}
2021-07-15 12:17:20,036:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 351
2021-07-15 12:17:20,036:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 15 Jul 2021 12:17:19 GMT
Content-Type: application/json
Content-Length: 351
Connection: keep-alive
Boulder-Requester: 130687661
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Location: https://acme-v02.api.letsencrypt.org/acme/order/130687661/11093878505
Replay-Nonce: 0102PVAWzO6fdI-avHs2w8h5kpLwy-ry33EvAURV0ec6fK8
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "status": "pending",
  "expires": "2021-07-22T12:17:19Z",
  "identifiers": [
    {
      "type": "dns",
      "value": "*.10.128.0.20.yourdomain.net"
    }
  ],
  "authorizations": [
    "https://acme-v02.api.letsencrypt.org/acme/authz-v3/14836301534"
  ],
  "finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/130687661/11093878505"
}
2021-07-15 12:17:20,038:DEBUG:acme.client:Storing nonce: 0102PVAWzO6fdI-avHs2w8h5kpLwy-ry33EvAURV0ec6fK8
2021-07-15 12:17:20,038:DEBUG:acme.client:JWS payload:
b''
2021-07-15 12:17:20,040:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/14836301534:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwNjg3NjYxIiwgIm5vbmNlIjogIjAxMDJQVkFXek82ZmRJLWF2SHMydzhoNWtwTHd5LXJ5MzNFdkFVUlYwZWM2Zks4IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNDgzNjMwMTUzNCJ9",
  "signature": "GwMw8_KAmv3p6m9YnxHGA4vyEQA_s1UZgj_4Uhis-wpazLPsmt3FBYc8WagPNKvcRWbym8HuHokA6tZ-1zGBdeIj7Rugkp-rANfXlHnv27uXmFc9aKyK8pmp_dm-d3hB5Br6VElSOW4w2CftjQFB7GviuMZa-_F0TrBkZsdKcYeA7k3Ux03RhPw30YEAsY9W-h0yk_RTz6ljPGdHnJGMuGJK5sXU3fiQ8LfcEpHtb6p3lnuq3ZpmJt3xZr-izLRwLUu-EtHmbs3fiBzCPPnh9PRxSa12-MI9sCkJxWsHlBhPInhPFq3ZhGK08IVze1rlR0kIr7ks9TRVhByJi-Q7DQ",
  "payload": ""
}
2021-07-15 12:17:20,240:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/14836301534 HTTP/1.1" 200 399
2021-07-15 12:17:20,240:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 Jul 2021 12:17:20 GMT
Content-Type: application/json
Content-Length: 399
Connection: keep-alive
Boulder-Requester: 130687661
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102-r9ZGsiYTbA2bP5UIEnrArG7hPo2SyQGK2g0QCxqk3w
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "10.128.0.20.yourdomain.net"
  },
  "status": "pending",
  "expires": "2021-07-22T12:17:19Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "pending",
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14836301534/Ug2DDw",
      "token": "jRFstmrLmjBUh1LbjHp7WSlieWmC_5FXVQleY6o1nW4"
    }
  ],
  "wildcard": true
}
2021-07-15 12:17:20,241:DEBUG:acme.client:Storing nonce: 0102-r9ZGsiYTbA2bP5UIEnrArG7hPo2SyQGK2g0QCxqk3w
2021-07-15 12:17:20,241:INFO:certbot.auth_handler:Performing the following challenges:
2021-07-15 12:17:20,241:INFO:certbot.auth_handler:dns-01 challenge for 10.128.0.20.yourdomain.net
2021-07-15 12:17:20,242:INFO:certbot.hooks:Running manual-auth-hook command: python3 /root/localtls/certbotdns.py deploy
2021-07-15 12:17:20,286:INFO:certbot.hooks:Output from manual-auth-hook command python3:
_acme-challenge.10.128.0.20.yourdomain.net

2021-07-15 12:17:20,287:INFO:certbot.auth_handler:Waiting for verification...
2021-07-15 12:17:20,288:DEBUG:acme.client:JWS payload:
b'{\n  "resource": "challenge",\n  "type": "dns-01"\n}'
2021-07-15 12:17:20,289:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/14836301534/Ug2DDw:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwNjg3NjYxIiwgIm5vbmNlIjogIjAxMDItcjlaR3NpWVRiQTJiUDVVSUVuckFyRzdoUG8yU3lRR0syZzBRQ3hxazN3IiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8xNDgzNjMwMTUzNC9VZzJERHcifQ",
  "signature": "AqvdAXbEiLJPnm5x6_g_gRNT2I1UgngtmEnUf_YRZ9F873ODh00ZVo6CdXPs3rpBTlaiOMSmAk1ph6qY1bR1EqGXZcrY4t5Bd8PPgqWIA9Bg5Vq3EYGUyhzTqlbxu0UJ48RMTQ1JFmzuv2PDo9W47P-pr33ZrWE5tr9t2TMtMtY41OuqSUNASHWzcfAgSbvwQESgTFj9LZ5r8Quzj4Jpa7yEZtkDPsWBBHL4q8TaQ-yDAlXqtglbQh7-R-Pa_yr3GmdnlTvwVdUbUZC1E4H4jw5lWldmGfdQwuoUmnkq308NreZlDGXAwPfOwXaVNBTP6xgOM4pwMPvyPyjGbwFmXQ",
  "payload": "ewogICJyZXNvdXJjZSI6ICJjaGFsbGVuZ2UiLAogICJ0eXBlIjogImRucy0wMSIKfQ"
}
2021-07-15 12:17:20,498:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/14836301534/Ug2DDw HTTP/1.1" 200 185
2021-07-15 12:17:20,499:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 Jul 2021 12:17:20 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 130687661
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index", <https://acme-v02.api.letsencrypt.org/acme/authz-v3/14836301534>;rel="up"
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/14836301534/Ug2DDw
Replay-Nonce: 0102COQryNwPHH-FuEIUaF9WNVvgWFFILwC3G6xAx6oyzec
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "type": "dns-01",
  "status": "pending",
  "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14836301534/Ug2DDw",
  "token": "jRFstmrLmjBUh1LbjHp7WSlieWmC_5FXVQleY6o1nW4"
}
2021-07-15 12:17:20,499:DEBUG:acme.client:Storing nonce: 0102COQryNwPHH-FuEIUaF9WNVvgWFFILwC3G6xAx6oyzec
2021-07-15 12:17:21,501:DEBUG:acme.client:JWS payload:
b''
2021-07-15 12:17:21,502:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/14836301534:
{
  "protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTMwNjg3NjYxIiwgIm5vbmNlIjogIjAxMDJDT1FyeU53UEhILUZ1RUlVYUY5V05WdmdXRkZJTHdDM0c2eEF4Nm95emVjIiwgInVybCI6ICJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8xNDgzNjMwMTUzNCJ9",
  "signature": "IYFePWKtNBCj_POrkZ3PPnSb3E-re1BipC2nRmSZzKRHHDIBJX--DOMQRtYE62rb_SxKwOcIKUWvX3qWN05kEmYiXjWEk5XH0oj6ZQhtJUB7wol6_V0moHQ-mMdfkMr_WJom4NrUQj_k8KGNW4nif7eSIeRtt8M4DlyRjd13u-23xf1JMjb-fgvNepMqbxVSWqZL3VbXvBjgqHstluoZDSxfnOwi1EdG3cE7hPZwQKUGmVyWdRMd7HzlnXdWs5CKcOQ-nz_C3hXtcOo2LGmQIYlWFQk--EgEw6GfnPtBWhZuYfFX5REz5EKLrw3qcfT6u2R8mAcKqRLzwQQL3NzgEg",
  "payload": ""
}
2021-07-15 12:17:21,708:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/14836301534 HTTP/1.1" 200 694
2021-07-15 12:17:21,708:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 15 Jul 2021 12:17:21 GMT
Content-Type: application/json
Content-Length: 694
Connection: keep-alive
Boulder-Requester: 130687661
Cache-Control: public, max-age=0, no-cache
Link: <https://acme-v02.api.letsencrypt.org/directory>;rel="index"
Replay-Nonce: 0102GGYr1RrT1oew0rcdfZ4reh2WLHiFRr5XWJKy19x2iDk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
  "identifier": {
    "type": "dns",
    "value": "10.128.0.20.yourdomain.net"
  },
  "status": "invalid",
  "expires": "2021-07-22T12:17:19Z",
  "challenges": [
    {
      "type": "dns-01",
      "status": "invalid",
      "error": {
        "type": "urn:ietf:params:acme:error:dns",
        "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.10.128.0.20.yourdomain.net - check that a DNS record exists for this domain",
        "status": 400
      },
      "url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/14836301534/Ug2DDw",
      "token": "jRFstmrLmjBUh1LbjHp7WSlieWmC_5FXVQleY6o1nW4",
      "validated": "2021-07-15T12:17:20Z"
    }
  ],
  "wildcard": true
}
2021-07-15 12:17:21,709:DEBUG:acme.client:Storing nonce: 0102GGYr1RrT1oew0rcdfZ4reh2WLHiFRr5XWJKy19x2iDk
2021-07-15 12:17:21,709:WARNING:certbot.auth_handler:Challenge failed for domain 10.128.0.20.yourdomain.net
2021-07-15 12:17:21,709:INFO:certbot.auth_handler:dns-01 challenge for 10.128.0.20.yourdomain.net
2021-07-15 12:17:21,709:DEBUG:certbot.reporter:Reporting to user: The following errors were reported by the server:

Domain: 10.128.0.20.yourdomain.net
Type:   dns
Detail: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.10.128.0.20.yourdomain.net - check that a DNS record exists for this domain
2021-07-15 12:17:21,710:DEBUG:certbot.error_handler:Encountered exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2021-07-15 12:17:21,710:DEBUG:certbot.error_handler:Calling registered functions
2021-07-15 12:17:21,710:INFO:certbot.auth_handler:Cleaning up challenges
2021-07-15 12:17:21,710:INFO:certbot.hooks:Running manual-cleanup-hook command: python3 /root/localtls/certbotdns.py cleanup
2021-07-15 12:17:21,753:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
  File "/usr/bin/certbot", line 11, in <module>
    load_entry_point('certbot==0.40.0', 'console_scripts', 'certbot')()
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1382, in main
    return config.func(config, plugins)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 1265, in certonly
    lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
  File "/usr/lib/python3/dist-packages/certbot/main.py", line 121, in _get_and_save_cert
    lineage = le_client.obtain_and_enroll_certificate(domains, certname)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 417, in obtain_and_enroll_certificate
    cert, chain, key, _ = self.obtain_certificate(domains)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 348, in obtain_certificate
    orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
  File "/usr/lib/python3/dist-packages/certbot/client.py", line 396, in _get_order_and_authorizations
    authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 91, in handle_authorizations
    self._poll_authorizations(authzrs, max_retries, best_effort)
  File "/usr/lib/python3/dist-packages/certbot/auth_handler.py", line 180, in _poll_authorizations
    raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

remote: ++ git rev-list '49c8d42b40373944923ef839c2dee3afe24d746a 24d9fa75a13f90ddeda8c5ef12243bf80caa7c12 refs/heads/master..' --not --all
remote: fatal: ambiguous argument '49c8d42b40373944923ef839c2dee3afe24d746a 24d9fa75a13f90ddeda8c5ef12243bf80caa7c12 refs/heads/master..': unknown revision or path not in the working tree.
remote: Use '--' to separate paths from revisions, like this:

ZERO_COMMIT="0000000000000000000000000000000000000000"
while read -r OLDREV NEWREV REFNAME; do

    if [[ "$NEWREV" = "$ZERO_COMMIT" ]]
    then
        # Branch or tag got deleted
        continue
    elif [[ "$OLDREV" = "$ZERO_COMMIT" ]]
    then
        # New branch or tag
        echo "then"
        echo "$NEWREV"
        SPAN=$(git rev-list "$NEWREV" --not --all)
    else
        echo "else"
        echo "$OLDREV"
        echo "$NEWREV"
        SPAN=$(git rev-list "$OLDREV".."$NEWREV" --not --all)
    fi

CREATE TABLE scale_data (
   section NUMERIC NOT NULL,
   id1     NUMERIC NOT NULL,
   id2     NUMERIC NOT NULL
);

INSERT INTO scale_data
SELECT sections.*, gen.*
     , CEIL(RANDOM()*100) 
  FROM GENERATE_SERIES(1, 300)     sections,
       GENERATE_SERIES(1, 900000) gen
 WHERE gen <= sections * 3000;

#!/usr/bin/env python

import sys
import yum

yb = yum.YumBase()
yb.conf.showduplicates = True
yb.setCacheDir()
yb.repos.disableRepo('*')
yb.repos.enableRepo('grafana')

plist = yb.doPackageLists(patterns=sys.argv[1:])

if plist.available:
    print "Available Packages"
    for pkg in sorted(plist.available):
        print pkg, pkg.repo

docker run -p 1389:389 -p 1636:636 --name test-ldap --detach gitea/test-openldap

ldapsearch -x -H ldap://localhost:1389 -b "dc=planetexpress,dc=com" -D "cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com" -w fry '(uid=*)' dn

export MINIO_IDENTITY_LDAP_SERVER_ADDR=127.0.0.1:1389
export MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER='(uid=%s)'
export MINIO_IDENTITY_LDAP_USERNAME_FORMAT='cn=%s,ou=people,dc=planetexpress,dc=com'
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="dc=planetexpress,dc=com"
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER='(&(objectclass=group)(member=%s))'
export MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE=cn
export MINIO_IDENTITY_LDAP_STS_EXPIRY=60h
export MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on
export MINIO_IDENTITY_LDAP_SERVER_INSECURE=on

minio server /mnt/data

The access key ID you provided does not exist in our records

docker run -p 1389:389 -p 1636:636 --name test-ldap --detach gitea/test-openldap

ldapsearch -x -H ldap://localhost:1389 -b "dc=planetexpress,dc=com" -D "cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com" -w fry '(uid=*)' dn

export MINIO_IDENTITY_LDAP_SERVER_ADDR=127.0.0.1:1389
export MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER='(uid=%s)'
export MINIO_IDENTITY_LDAP_USERNAME_FORMAT='cn=%s,ou=people,dc=planetexpress,dc=com'
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="dc=planetexpress,dc=com"
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER='(&(objectclass=group)(member=%s))'
export MINIO_IDENTITY_LDAP_GROUP_NAME_ATTRIBUTE=cn
export MINIO_IDENTITY_LDAP_STS_EXPIRY=60h
export MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on
export MINIO_IDENTITY_LDAP_SERVER_INSECURE=on

minio server /mnt/data

The access key ID you provided does not exist in our records

topk(3, increase(pg_stat_statements_calls{datname!~"template.*", datname!~"postgres", instance=~"$instance", datname=~"$datname"}[10m]))

topk(3, pg_stat_statements_calls{datname!~"template.*", datname!~"postgres", instance=~"$instance", datname=~"$datname"})

topk(5, sum by (datname,queryid) (increase(pg_stat_statements_mean_time_seconds{datname!~"template.*", datname!~"postgres", instance=~"$instance", datname=~"$datname"}[1m])))

topk(5, sum by (datname) (increase(pg_stat_statements_mean_time_seconds{datname!~"template.*", datname!~"postgres", instance=~"$instance"}[1m]) > 10 ))

%pre
/usr/bin/echo "create group sentry"
/usr/bin/cat /etc/group | grep sentry
/usr/bin/getent group sentry > /dev/null || /usr/sbin/groupadd -r sentry
/usr/bin/echo "create user sentry"
/usr/bin/cat /etc/passwd | grep sentry
/usr/bin/getent passwd sentry > /dev/null || /usr/sbin/useradd -r -d /home/sentry -s /bin/bash -g sentry sentry

pg_database_size{datname!~"template.*", datname!~"postgres", instance=~"$server", datname=~"$database"}/(1024*1024*1024)