Dynaconf: A Comprehensive Guide to Configuration Management in Python

2023/11/01 08:10

Dynaconf is a powerful configuration management library for Python that simplifies the process of managing and accessing application settings. It offers a wide range of features, including support for multiple configuration sources, environment variables, and dynamic reloading.

Main features:

Multiple configuration sources: Dynaconf can read settings from various sources, including environment variables, files, and even Vault servers. This flexibility allows you to centralize your configuration management and adapt to different deployment environments.
Environment variable support: Dynaconf seamlessly integrates with environment variables, making it easy to inject configuration values from your system or containerized environments.
Dynamic reloading: Dynaconf can dynamically reload configuration changes without restarting your application, ensuring that your application always reflects the latest settings.

Supported configuration file formats:

Dynaconf supports a variety of configuration file formats, including:

TOML (recommended)
YAML
JSON
INI
Python files

Installation:

Dynaconf can be installed using either pip or poetry:

pip install dynaconf

# or

poetry add dynaconf

How to initialize Dynaconf

To initialize Dynaconf in your project, run the following command in your project’s root directory:

dynaconf init -f toml

This command will create the following files:

config.py: This file imports the Dynaconf settings object.
settings.toml: This file contains your application settings.
.secrets.toml: This file contains your sensitive data, such as passwords and tokens.

config.py

The config.py file is a Python file that imports the Dynaconf settings object. This file is required for Dynaconf to work.

Here is an example of a config.py file:

import dynaconf

settings = dynaconf.settings()

settings.toml

The settings.toml file contains your application settings. This file is optional, but it is the recommended way to store your settings.

Here is an example of a settings.toml file:

[default]
debug = false
host = "localhost"
port = 5000

secrets.toml

The .secrets.toml file contains your sensitive data, such as passwords and tokens. This file is optional, but it is recommended to store your sensitive data in a separate file from your application settings.

Here is an example of a .secrets.toml file:

[default]
database_password = "my_database_password"
api_token = "my_api_token"

Importing and using the Dynaconf settings object

Once you have initialized Dynaconf, you can import the settings object into your Python code. For example:

from config import settings

You can then access your application settings using the settings object. For example:

setting_value = settings.get('KEY')

Dynaconf also supports accessing settings using attributes. For example:

setting_value = settings.KEY

Importing environment variables in Docker-Compose:

When using Dynaconf with Docker-Compose, the best strategy for importing environment variables is to define them in your docker-compose.yml file and then access them using Dynaconf’s envvar_prefix setting.

version: "3.8"

services:
  app:
    build: .
    environment:
      - APP_DEBUG=true
      - APP_HOST=0.0.0.0
      - APP_PORT=8000

In your Python code, you can access these environment variables using Dynaconf:

import dynaconf

settings = dynaconf.settings(envvar_prefix="APP")

debug = settings.get("DEBUG")
host = settings.get("HOST")
port = settings.get("PORT")

Conclusion:

Dynaconf is a versatile and powerful configuration management library for Python that simplifies the process of managing and accessing application settings. Its comprehensive feature set and ease of use make it an ideal choice for a wide range of Python projects.

Managing Local Users and Groups in Windows 11 Using PowerShell

2023/10/30 08:41

In today’s digital age, managing users and groups efficiently is essential for smooth computer operations. Windows 11, Microsoft’s latest OS, offers robust tools for this purpose. One of these is PowerShell, which allows for streamlined user and group management. Below, we dive deep into managing local users and groups using PowerShell in Windows 11.

1. Get Local Users List Using PowerShell

To retrieve a list of local users:

Get-LocalUser

2. Getting User List, Local and Non-local

For a comprehensive list that includes both local and non-local users, combine local user data with Active Directory information:

Get-LocalUser Get-ADUser -Filter *

(Note: The latter command requires the Active Directory module.)

3. Add and Remove User Using PowerShell

Adding a User:

New-LocalUser -Name "Username" -Description "Description of the User" -NoPassword

Removing a User:

Remove-LocalUser -Name "Username"

4. Manage Groups Using PowerShell

View all local groups:

Get-LocalGroup

Create a new group:

New-LocalGroup -Name "GroupName" -Description "Description of the Group"

Remove a group:

Remove-LocalGroup -Name "GroupName"

5. Manage Group Members Using PowerShell

Add a member to a group:

Add-LocalGroupMember -Group "GroupName" -Member "Username"

Remove a member from a group:

Remove-LocalGroupMember -Group "GroupName" -Member "Username"

View members of a group:

Get-LocalGroupMember -Group "GroupName"

Mastering OpenSSH on Windows 11: A Comprehensive Guide

2023/10/28 18:10

In the modern era of hybrid working environments, securing remote connections is paramount. Windows 11, keeping pace with this need, facilitates the integration of OpenSSH server for a secure remote login, utilizing key-based authentication. This post delineates a step-by-step approach to set up OpenSSH server, manage key-based authentication, and handle service operations seamlessly using PowerShell.

Installing OpenSSH Server using PowerShell

Launch PowerShell as an Administrator.
Execute the following command to install OpenSSH Server:

Add-WindowsFeature -Name OpenSSH.Server

Once installed, you can check the installation with:

Get-WindowsFeature -Name OpenSSH.*

Managing SSH Public Key

For User Access:

Save the public key in C:\Users\<username>\.ssh\authorized_keys.

For Administrator Access:

Save the public key in C:\ProgramData\ssh\administrators_authorized_keys.

Adding the Key using PowerShell:

Add-Content -Path "C:\Users\<username>\.ssh\authorized_keys" -Value $(Get-Content -Path "<path_to_public_key>")

Managing OpenSSH Service

# check service status
Get-Service -Name sshd
# start service
Start-Service sshd
# stop service
Stop-Service sshd
# restart service
Restart-Service sshd

Understanding SSH-Agent

SSH-Agent is a background program that handles private key operations. It stores your private keys securely, requiring you to unlock them only once, thus easing the authentication process.

Generating SSH Key using PowerShell

ssh-keygen -t ed25519

Follow the on-screen instructions to specify a path and passphrase for your keys.

Adding Key to SSH-Agent

Start-Service ssh-agent ssh-add $env:USERPROFILE\.ssh\id_ed25519

Utilizing the Key for Secure Connection

For using the stored keys in SSH Agent, just run a SSH client as always:

ssh username@server_address

By following the above-mentioned steps, you not only set up a robust OpenSSH server on Windows 11 but also ensure a secure remote connectivity through key-based authentication.

Reference

Add a New Dropdown Menu in OpenWRT LUCI

2023/10/17 09:00

OpenWRT, the popular open-source Linux operating system designed for embedded devices, offers the LUCI interface for easy configuration and management. LUCI is essentially the web interface for OpenWRT, and while it’s already feature-rich, sometimes you may want to extend its functionalities based on your needs.

Recently, I had a requirement to enhance my OpenWRT LUCI interface. Specifically, I wanted to introduce a new menu named “Apps” in the LUCI dashboard. The objective was to have each entry within this new menu link to different applications installed on my device. And not just that! I wanted these application pages to pop open in new tabs for ease of access.

The Solution

The changes were made in a single file located at:

/usr/lib/lua/luci/controller/apps.lua

Within this file, I implemented the following code:

module("luci.controller.apps", package.seeall)

function index()
    local page

    page = entry({"admin", "apps"}, firstchild(), _("Apps"), 60)
    page.dependent = false

    entry({"admin", "apps", "portainer"}, call("serve_js_redirect", "https", "9443"), _("Portainer"), 10).leaf = true
    entry({"admin", "apps", "nodered"}, call("serve_js_redirect", "http", "1880"), _("NodeRED"), 20).leaf = true
    entry({"admin", "apps", "grafana"}, call("serve_js_redirect", "http", "3000"), _("Grafana"), 30).leaf = true
    entry({"admin", "apps", "prometheus"}, call("serve_js_redirect", "http", "9090"), _("Prometheus"), 40).leaf = true
end

function serve_js_redirect(protocol, port)
    local ip = luci.http.getenv("SERVER_ADDR")
    local url = protocol .. "://" .. ip .. ":" .. port
    luci.http.prepare_content("text/html; charset=utf-8")
    luci.http.write("<!DOCTYPE html><html><head><meta charset='UTF-8'><title>Redirecting...</title></head><body>")
    luci.http.write("<script type='text/javascript'>")
    luci.http.write("window.onload = function() {")
    luci.http.write("  var newWindow = window.open('".. url .."', '_blank');")
    luci.http.write("  if (!newWindow || newWindow.closed || typeof newWindow.closed == 'undefined') {")
    luci.http.write("    document.getElementById('manualLink').style.display = 'block';")
    luci.http.write("    setTimeout(function() { window.location.href = document.referrer; }, 60000);")  -- Redirigir después de 60 segundos
    luci.http.write("  }")
    luci.http.write("}")
    luci.http.write("</script>")
    luci.http.write("<p id='manualLink' style='display: none;'>The window didn't open automatically. <a href='".. url .."' target='_blank'>Click here</a> to open manually.</p>")
    luci.http.write("</body></html>")
end

Key Points

The index function is responsible for defining the new menu and its entries.
The serve_js_redirect function creates a web page that uses JavaScript to automatically open the desired application in a new browser tab.
A failsafe mechanism is added in the form of a link. If, for any reason (like pop-up blockers), the new tab doesn’t open automatically, the user has the option to manually click on a link to open the application.
The script also includes a feature that will redirect the user back to the previous page after 60 seconds if the new tab doesn’t open.

This modification provides a seamless way to integrate external applications directly into the LUCI interface, making navigation and management even more convenient!

Sniffing Network Traffic in Docker Containers: Leveraging Host’s tcpdump, tcpflow, and more

2023/10/16 14:07

In a Dockerized environment, one often encounters the need to monitor network traffic. However, one might not always wish to install sniffing tools within the container itself. By diving into the network namespace of the container, one can employ the host’s network packages such as tcpdump, tcpflow, and others, to achieve this without augmenting the container’s environment.

Step 1: Dive into the Container’s Network Namespace

Fetch the SandboxKey, which denotes the container’s network namespace:

SANDBOX_KEY=$(docker inspect <CONTAINER_ID> --format '{{ .NetworkSettings.SandboxKey }}')

Enter the container’s network namespace:

sudo nsenter --net=$SANDBOX_KEY

Step 2: Sniff Network Traffic Using Host’s Tools

Having entered the namespace, you can now utilize the host’s packages.

Using tcpdump:

tcpdump -i <INTERFACE_NAME> -w <OUTPUT_FILE.pcap>

Replace <INTERFACE_NAME> as per requirement (typically eth0 for Docker containers). For tcpdump, <OUTPUT_FILE.pcap> is the desired capture file. For tcpflow, <OUTPUT_DIRECTORY> is where the captured streams will be saved.

Conclusion

By navigating into a Docker container’s network namespace, you can readily use the network tools installed on the host system. This strategy circumvents the need to pollute the container with additional packages, upholding the principle of container immutability.

Avoid Filling Your System with Docker Logs: A Quick Guide

2023/10/09 18:00

If you’re using Docker, you might have noticed that over time, logs can accumulate and take up a significant amount of space on your system. This can be a concern, especially if you’re running containers that generate a lot of log data.

To help you avoid this issue, I’m sharing a quick configuration tweak for Docker. By adjusting the daemon.json file, you can limit the size and number of log files Docker retains.

Here’s the configuration:

{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "1"
  }
}

What does this configuration do?

“log-driver”: “json-file”: This ensures Docker uses the default json-file logging driver, which writes log messages in JSON format.
“log-opts”: {…}: This section contains the logging options.
- “max-size”: “10m”: Limits the maximum size of each log file to 10MB.
- “max-file”: “1”: Restricts Docker to retain only one log file.

By implementing this configuration, you ensure that Docker only keeps a single log file with a maximum size of 10MB. Once the log reaches this size, Docker will rotate it, ensuring that old logs don’t eat up your storage.

To apply this configuration, simply add the above JSON to your daemon.json file, typically located at /etc/docker/daemon.json on Linux systems. After making the change, restart the Docker service.

I hope this tip helps you manage your Docker logs more efficiently. Happy containerizing! ?

oriolrius.cat

Inicio