devops

Command Quick Reference

Here’s my own list of handy commands/one-liners.

Mike Berggren

Mike Berggren

7 min read
Command Quick Reference
Photo by Gabriel Heinzer / Unsplash
💡
I'll be updating this page from time to time. Consider bookmarking it for future reference (https://hackfaqs.com/cqr/) 😃

Azure

Azure - Bash

az group create --name <resourcegroupname> --location <region> - Create a resource group in bash cloud console.

az acr create --resource-group <resourcegroupname> --name <acrinstancename> --sku Basic - Create a new Azure Container Registry (ACR) instance. Note: The name of the ACR must be globally unique.

az group list --query "[?name=='<resourcegroupname>']" -o table - Verify that a resource group was created.

az acr list --resource-group <resourcegroupname> - Confirm that a new ACR was created.

Azure - Powershell

Remove-AzResourceGroup -Name "<ResourceGroupName>" -Force -AsJob - Delete resource group and everything thing inside it.

Test-AzDnsAvailability -DomainNameLabel <custom-label> -Location '<location>' - Quick little command to confirm if a DNS name is available (unused) within a given location.

Azure - Log Analytics Workspace Queries (Kusto)

    AzureActivity 
    | where HTTPRequest<>dynamic({"clientIpAddress":'1.2.3.4'}) and Level == 'Information'

Azure activity logs where the client IP address is not 1.2.3.4 and the log level is not categorized as information-level severity.

    SecurityEvent
    | where EventID == '4625'

Rule looking for windows event id 4625 (failed login).

Docker

Docker - General Administration

docker container start <container id> - Launches/runs a container.

docker container start --attach <container id> - Launches/runs a container and attaches the terminal to it so we can see debug logs output on screen without having to run the logs output.

docker exec <container id> <command> - Run a command from within the container.

docker images - List all locally-stored images on docker.

docker images --digests - Lists all locally-stored images on docker by SHA-256 digest.

docker kill <container id> - Instructs docker to terminate the container that matches the container id. The container id does not have to be a complete ID string.

docker ps - Outputs a list of containers we've created and that are actively running.

docker ps --all - Outputs a list of all containers created (including those that are not running).

docker ps -aq | xargs docker rm - Generate a list of all loaded containers (just the container IDs) and then feed those ids to docker rm so that we can remove them all in one pass.

docker run <image name>:<image label> - creates, runs, and attaches a docker container.

docker rm <container id> - Removes a container that is stopped. It will not remove a container that it actively running.

docker rm -f <container id> - Remove a container. This will remove a container even if it is running.

docker rmi <repository/image name> - Removes docker image from local system.

docker search <search criteria> - Searches docker hub registry for images.

docker search --filter is-official=true --filter stars=100 <search criteria> - Searches docker hub registry for images but filters for images that are official and images that have a rating of 100 stars.

docker stop <container id> - Instructs docker to gracefully stop container (if possible).

docker stop -t 0 <container id> - Instructs docker to stop the container (non-gracefully).

docker volume ls - List docker volumes

docker volume inspect <volume name> - Additional details regarding volume including mount point, name, options, and scope.

Docker - Troubleshooting and performance tuning

docker inspect - inspect the details of docker objects (output in JSON)

docker logs <container id> - Generates recent log output for container. The container id does not have to be a complete ID string. It can be the first few characters.

docker logs <container id> --follow - Essentially the same as tail -f in linux. It keeps displaying real-time log output as it get generated.

docker stats - Provides statistics on the system resource utilization of a running container. Details include things like memory usage, networking I/O, PIDs, etc.

docker system prune - Instructs docker to remove all stopped containers, all networks not used by at least one container, all dnagling images, and unused build cache.

Docker Compose

docker-compose up - Builds the docker image for each of the defined services, creates the containers, and start them.

docker-compose build - Builds the docker image for each of the defined services. You can also specify an optional service name if you only want this to apply to a single service.

docker-compose create - Creates the containers for each of the defined services. You can also specify an optional service name if you only want this to apply to a single service.

docker-compose down - Stops all containers. Deletes all containers and images. Remove all artifacts.

docker-compose restart - Stops and starts all currently running containers.

docker-compose start - Starts the application(s)

Ethtool

ethtool -p <interface name> - Blink the physical network light to signify which interface the system actually thinks is “eth0” “eth1” etc.

Git

Note: Github has an excellent cheatsheet here

git add [file] - add a file as it looks now to your next commit (stage)

git reset [file] - unstage a file while retaining the changes in working directory.

git commit -m "[descriptive message]" - commit your staged content as a new commit snapshot

git rm [file] - delete the file from project and stage the removal for commit

git status - show modified files in working directory, staged for next commit

Java Keytool

keytool -delete -alias <cert alias> -keystore <jks keystore file> - Deletes the certificate that has the specified alias name.

keytool -list -v -keystore <jks keystore file> - Provides information on the certificate(s) inside a JKS file.

Kubernetes

kubectl apply -f fooexample.yaml - Execute/install instructions from "fooexample.yaml" file.

kubectl cluster-info - Provides information on the kubernetes cluster(s).

kubectl delete -f example.yaml - Deletes active namespaces that are specified in a yaml file called "example.yaml".

kubectl describe pod foopod -n development - Provides status/health related information about a pod (called "foopod" in this example) that's running in the "development" example namespace.

kubectl exec -it foopod – /bin/sh Request an interactive terminal (-it) so we can run shell commands from within a pod.

kubectl get deployments -n development - Looks for any kubernetes deployments that match the name "development"

kubectl get namespaces - Provides information on current namespaces.

kubectl get nodes - Provides information on the kubernetes node(s)

kubectl get pods -A - Provides information on pods in every namespace.

kubectl get pods -n development -o wide - Provides information on pods running in the "development" namespace. The -o wide switch tells the system to return additional information.

kubectl get services -A - Provides a list of services running in a cluster.

kubectl logs foopod -n development - Provides most recent logs for pod (in this case, podname of "foopod") in the "development" namespace.

Linux - Disk Usage

df -h - View disk partition space usage.

du -h <dir> | grep '[0-9\.]\+G' - Return disk space usage for directories consuming 1 GB or more.
Linux - DNS

dig @<nameserver><common name><record type> +short - Returns just the IP/data for the record.

Linux - ftp

get <filename> - Retrieve a file and store it locally on the client machine.

Linux - Kernel Information

uname -a - Provides general information about the linux kernel, system hostname, etc.

cat /proc/cmdline - Provides information on the booted kernel parameters / flags.

Linux - miscellaneous

hashid <hash value> - Analyze a hash and determine which hashing algorithm could be used to generate it.

Linux - modprobe

modprobe -q vmxnet3 && echo "vmxnet3 installed" || "vmxnet3 not installed" - Confirm if vmxnet3 network driver is installed.

Linux - netcat

nc -nvlp <port> Create a netcat listener for inbound connections on a specific port.

Linux - openssl

openssl s_client -cert <path to tls cert> -connect <remote mail server fqdn or ip>:25 -starttls smtp -state -msg | tee <log file path> - Debugs SMTP starttls negotiation.

openssl s_client -connect <remote host>:<destination port> - Debugs the HTTPS transaction between client and remote host.

openssl x509 -noout -in cert.pem -dates - Returns the dates that a pem formatted certificate is valid for.

openssl s_client -connect google.com:443 -tls1_2 - Tests to see if a remote site can support TLS 1.2. The -tls1_1 and -tls1 arguments can be used instead too.

Linux - User, Group, and Process Information

adduser foouser --ingroup sudo - Create a new local user and add them to the sudo admin group.

find / -group foo 2>/dev/null - Starting with the root directory (/), search for any files that belong to a group called "foo".

ps -eo pid,ppid,rss,vsize,pcpu,pmem,cmd -ww –sort=pid | grep -i <command that corresponds to process> | grep -iv grep - Provides the process details for a specific process that matches the grep search. Details include: process id, parent process id, non-swapped physical memory being used (in kB), swapped memory being used, CPU utilization, physical memory utilization, and command path. Also uses an inverse grep search to eliminate the grep search itself from the output.

id - Provides information on the user ID and group ids that the issuing user belongs to.

Linux - rsync

rsync --list-only <target_ip>:: Connect to target machine and list all available directories.

Linux - Searching

grep -iv <search string><file path> Returns case insensitive entries that DON’T match the search string.

Linux - System Info

dpkg-reconfigure tzdata - Change system time zone in Ubuntu server.
hostnamectl set-hostname foohost - Change hostname on Ubuntu server to "foohost".
lsb_release -a - Display system information on linux distributor ID, description, release version, and codena

Linux - ufw

sudo ufw allow from <source IP, subnet, or "any"> to <destination ip, subnet, or "any"> port <destination port> proto <tcp|udp> - rule syntax for allowing traffic for a specific port/protocol via ufw firewall. Note: all ufw rule changes happen immediately and are persistent

sudo ufw delete <full rule command> - delete rule from rule list

sudo ufw disable - Shuts down ufw firewall

sudo ufw enable - Starts/enables ufw firewall

sudo ufw status verbose - Displays the status of ufw and what rules are configured.

minikube

minikube update-check - Check for the current version of minikube installed on system and compare that with the latest available version.

mongodb

db.<collectionName>.find().pretty(); - Display the contents of a mongodb collection and format the data to look better.

use <databaseName>; - Select a database to perform queries.

show collections; - Query the list of collections stored in a mongodb database.

show dbs; - List local databases

nmap

nmap -p- --min-rate=1000 -sV <target_ip> - Run a nmap scan looking for all TCP ports (0-65535) and attempt to determine the version of the service running on the port. Send a minimum of 1000 packets per second (to speed up progress of scan) .

Postgresql

\c <database name> or \connect <database name> - Tells the system that we want to connect to a specific database.

\l or \list - List the existing databases

Read more