Group items tagged

config/environments/production.rb

Create an additional staging environment that closely resembles the production one

Keep any additional configuration in YAML files under the config/ directory

Rails::Application.config_for(:yaml_file)

Use nested routes to express better the relationship between ActiveRecord models

nest routes more than 1 level deep then use the shallow: true option

namespaced routes to group related actions

Keep the controllers skinny

all the business logic should naturally reside in the model

Share no more than two instance variables between a controller and a view.

using a template

Prefer corresponding symbols to numeric HTTP status codes

without abbreviations

Keep your models for business logic and data-persistence only

Avoid altering ActiveRecord defaults (table names, primary key, etc)

Prefer has_many :through to has_and_belongs_to_many

self[:attribute]

self[:attribute] = value

validates

Consider extracting custom validators to a shared gem

preferable to make a class method instead which serves the same purpose of the named scope

.update_attributes

Override the to_param method of the model

Use the friendly_id gem. It allows creation of human-readable URLs by using some descriptive attribute of the model instead of its id

.find_each

.find_each

Looping through a collection of records from the database (using the all method, for example) is very inefficient since it will try to instantiate all the objects at once

always call before_destroy callbacks that perform validation with prepend: true

When persisting AR objects

Avoid string interpolation in queries

param will be properly escaped

Consider using named placeholders instead of positional placeholders

use of find over where when you need to retrieve a single record by id

use of find_by over where and find_by_attribute

use of where.not over SQL

use heredocs with squish

Use rake db:schema:load instead of rake db:migrate to initialize an empty database

change_column_default

imposing data integrity from the Rails app is impossible

use the change method instead of up and down methods.

constructive migrations

use models in migrations, make sure you define them so that you don't end up with broken migrations in the future

In this case, block will be used by create_table in rollback

Never make complex formatting in the views, export the formatting to a method in the view helper or the model.

When the labels of an ActiveRecord model need to be translated, use the activerecord scope

Separate the texts used in the views from translations of ActiveRecord attributes

config/application.rb config.i18n.load_path += Dir[Rails.root.join('config', 'locales', '**', '*.{rb,yml}')]

I18n.t

I18n.l

Use "lazy" lookup for the texts used in views.

Use the dot-separated keys in the controllers and models

Reserve app/assets for custom stylesheets, javascripts, or images

Third party code such as jQuery or bootstrap should be placed in vendor/assets

Provide both HTML and plain-text view templates

config.action_mailer.raise_delivery_errors = true

Use a local SMTP server like Mailcatcher in the development environment

Provide default settings for the host name

The _url methods include the host name and the _path methods don't

Format the from and to addresses properly

default from:

sending html emails all styles should be inline

Sending emails while generating page response should be avoided. It causes delays in loading of the page and request can timeout if multiple email are sent.

.start_with?

.end_with?

&.

Config your timezone accordingly in application.rb

config.active_record.default_timezone = :local

it can be only :utc or :local

Time.zone.parse

Time.zone.now

Per-deploy values

trict separation of config from code.

he codebase could be made open source at any moment, without compromising any credentials.

“config” does not include internal application config

stores config in environment variables (often shortened to env vars or env).

env vars are granular controls, each fully orthogonal to other env vars

Executors define the environment in which the steps of a job will be run.

Executor declarations in config outside of jobs can be used by all jobs in the scope of that declaration, allowing you to reuse a single executor definition across multiple jobs.

It is also possible to allow an orb to define the executor used by all of its commands.

When invoking an executor in a job any keys in the job itself will override those of the executor invoked.

Steps are used when you have a job or command that needs to mix predefined and user-defined steps.

Use the enum parameter type when you want to enforce that the value must be one from a specific set of string values.

Use an executor parameter type to allow the invoker of a job to decide what executor it will run on

invoke the same job more than once in the workflows stanza of config.yml, passing any necessary parameters as subkeys to the job.

If a job is declared inside an orb it can use commands in that orb or the global commands.

To use parameters in executors, define the parameters under the given executor.

Parameters are in-scope only within the job or command that defined them.

A single configuration may invoke a job multiple times.

Pre and post steps allow you to execute steps in a given job without modifying the job.

conditions are checked before a workflow is actually run

Conditional steps may be located anywhere a regular step could and may only use parameter values as inputs.

A conditional step consists of a step with the key when or unless. Under this conditional key are the subkeys steps and condition

A condition is a single value that evaluates to true or false at the time the config is processed, so you cannot use environment variables as conditions

Rails 4 automatically adds the sass-rails, coffee-rails and uglifier gems to your Gemfile

reduce the number of requests that a browser makes to render a web page

Starting with version 3.1, Rails defaults to concatenating all JavaScript files into one master .js file and all CSS files into one master .css file

In production, Rails inserts an MD5 fingerprint into each filename so that the file is cached by the web browser

The technique sprockets uses for fingerprinting is to insert a hash of the content into the name, usually at the end.

asset minification or compression

The sass-rails gem is automatically used for CSS compression if included in Gemfile and no config.assets.css_compressor option is set.

Supported languages include Sass for CSS, CoffeeScript for JavaScript, and ERB for both by default.

When a filename is unique and based on its content, HTTP headers can be set to encourage caches everywhere (whether at CDNs, at ISPs, in networking equipment, or in web browsers) to keep their own copy of the content

asset pipeline is technically no longer a core feature of Rails 4

Rails uses for fingerprinting is to insert a hash of the content into the name, usually at the end

Fingerprinting is enabled by default for production and disabled for all other environments

The files in app/assets are never served directly in production.

Paths are traversed in the order that they occur in the search path

You should use app/assets for files that must undergo some pre-processing before they are served.

By default .coffee and .scss files will not be precompiled on their own

app/assets is for assets that are owned by the application, such as custom images, JavaScript files or stylesheets.

lib/assets is for your own libraries' code that doesn't really fit into the scope of the application or those libraries which are shared across applications.

vendor/assets is for assets that are owned by outside entities, such as code for JavaScript plugins and CSS frameworks.

Any path under assets/* will be searched

By default these files will be ready to use by your application immediately using the require_tree directive.

Sprockets uses files named index (with the relevant extensions) for a special purpose

Rails.application.config.assets.paths

causes turbolinks to check if an asset has been updated and if so loads it into the page

if you add an erb extension to a CSS asset (for example, application.css.erb), then helpers like asset_path are available in your CSS rules

If you add an erb extension to a JavaScript asset, making it something such as application.js.erb, then you can use the asset_path helper in your JavaScript code

The asset pipeline automatically evaluates ERB

data URI — a method of embedding the image data directly into the CSS file — you can use the asset_data_uri helper.

Sprockets will also look through the paths specified in config.assets.paths, which includes the standard application paths and any paths added by Rails engines.

image_tag

asset_data_uri

sass-rails provides -url and -path helpers (hyphenated in Sass, underscored in Ruby) for the following asset classes: image, font, video, audio, JavaScript and stylesheet.

Rails.application.config.assets.compress

In JavaScript files, the directives begin with //=

The require_tree directive tells Sprockets to recursively include all JavaScript files in the specified directory into the output.

manifest files contain directives — instructions that tell Sprockets which files to require in order to build a single CSS or JavaScript file.

Sprockets uses manifest files to determine which assets to include and serve.

the family of require directives prevents files from being included twice in the output

which files to require in order to build a single CSS or JavaScript file

Directives are processed top to bottom, but the order in which files are included by require_tree is unspecified.

In JavaScript files, Sprockets directives begin with //=

If require_self is called more than once, only the last call is respected.

require directive is used to tell Sprockets the files you wish to require.

You need not supply the extensions explicitly. Sprockets assumes you are requiring a .js file when done from within a .js file

require_directory

The file extensions used on an asset determine what preprocessing is applied.

Additional layers of preprocessing can be requested by adding other extensions, where each extension is processed in a right-to-left manner

require_self

In development mode, assets are served as separate files in the order they are specified in the manifest file.

when these files are requested they are processed by the processors provided by the coffee-script and sass gems and then sent back to the browser as JavaScript and CSS respectively.

css.scss.erb

js.coffee.erb

Keep in mind the order of these preprocessors is important.

By default Rails assumes that assets have been precompiled and will be served as static assets by your web server

with the Asset Pipeline the :cache and :concat options aren't used anymore

Assets are compiled and cached on the first request after the server is started

RAILS_ENV=production bundle exec rake assets:precompile

Debug mode can also be enabled in Rails helper methods

If you set config.assets.initialize_on_precompile to false, be sure to test rake assets:precompile locally before deploying

By default Rails assumes assets have been precompiled and will be served as static assets by your web server.

a rake task to compile the asset manifests and other files in the pipeline

RAILS_ENV=production bin/rake assets:precompile

a recipe to handle this in deployment

config/initializers/assets.rb

The initialize_on_precompile change tells the precompile task to run without invoking Rails

The X-Sendfile header is a directive to the web server to ignore the response from the application, and instead serve a specified file from disk

the jquery-rails gem which comes with Rails as the standard JavaScript library gem.

Possible options for JavaScript compression are :closure, :uglifier and :yui

concatenate assets

pulling from git is slow.

Support for containers has existed in the Linux kernel since version 2.6.24 when cgroup support was added

All of the logic that used to live in your cookbooks/playbooks/manifests/etc now lives in a Dockerfile that resides directly in the repository for the application it is designed to build

All of the dependencies of the application are bundled with the container which means no need to build on the fly on every server during deployment.

Containers bring standardization which allows for systems like centralized logging, monitoring, and metrics to easily snap into place no matter what is running in the container.

Dockerfiles do not give you the same level of control over configuration as your application transitions between environments, like dev, staging, and production.

configuration management systems now have hooks for docker integration.

Config management will only be used to install Docker, an orchestration system, configure PAM/SSH auth, and tune OS sysctl values.

程序中使用了 jQuery 代码库和许多模块，都保存在 lib/assets/javascripts/library_name 文件夹中，那么 lib/assets/javascripts/library_name/index.js 文件的作用就是这个代码库的清单。清单文件中可以按顺序列出所需的文件，或者干脆使用 require_tree 指令。

如果使用 Turbolinks（Rails 4 默认启用），加上 data-turbolinks-track 选项后，Turbolinks 会检查静态资源是否有更新，如果更新了就会将其载入页面

config.assets.paths 包含标准路径和其他 Rails 引擎添加的路径。

链接不存在的资源（也包括链接到空字符串的情况）会在调用页面抛出异常。

关闭标签不能使用 -%> 形式

Sprockets 通过清单文件决定要引入和伺服哪些静态资源

在 JavaScript 文件中，Sprockets 的指令以 //= 开头。在上面的文件中，用到了 require 和 the require_tree 指令。

app/assets/javascripts/application.js

require_tree 指令告知 Sprockets 递归引入指定文件夹中的所有 JavaScript 文件。文件夹的路径必须相对于清单文件。也可使用 require_directory 指令加载指定文件夹中的所有 JavaScript 文件，但不会递归。

app/assets/stylesheets/application.css

不管创建新程序时有没有指定 --skip-sprockets 选项，Rails 4 都会生成 app/assets/javascripts/application.js 和 app/assets/stylesheets/application.css

如果多次调用 require_self，只有最后一次调用有效

如果想使用多个 Sass 文件，应该使用 Sass 中的 @import 规则，不要使用 Sprockets 指令。

如果使用默认的 gem，生成控制器或脚手架时，会生成 CoffeeScript 和 SCSS 文件，而不是普通的 JavaScript 和 CSS 文件。

在开发环境中，或者禁用 Asset Pipeline 时，这些文件会使用 coffee-script 和 sass 提供的预处理器处理，然后再发给浏览器

启用 Asset Pipeline 时，这些文件会先使用预处理器处理，然后保存到 public/assets 文件夹中，再由 Rails 程序或网页服务器伺服

添加额外的扩展名可以增加预处理次数，预处理程序会按照扩展名从右至左的顺序处理文件内容。所以，扩展名的顺序要和处理的顺序一致

预处理器的执行顺序很重要

在开发环境中也可启用压缩功能，检查是否能正常运行。需要调试时再禁用压缩即可。

默认情况下，Rails 认为静态资源已经事先编译好了，直接由网页服务器伺服。

般情况下，请勿修改 config.assets.digest 的默认值

可在部署时编译静态资源

在多次部署之间共用这个文件夹是十分重要的，这样只要缓存的页面可用，其中引用的编译后的静态资源就能正常使用。

默认编译的文件包括 application.js、application.css 以及 gem 中 app/assets 文件夹中的所有非 JS/CSS 文件（会自动加载所有图片）

如果想编译其他清单，或者单独的样式表和 JavaScript，可以添加到 config/application.rb 文件中的 precompile 选项

设置编译所有静态资源

manifest-md5hash.json 的文件，列出所有静态资源和对应的指纹

把 Expires 报头设置为很久以后

在本地预编译后，可以把编译好的文件纳入版本控制系统，再按照常规的方式部署

实时编译消耗的内存更多，比默认的编译方式性能更低，因此不推荐使用

如果用 CDN 分发静态资源，要确保文件不会被缓存，因为缓存会导致问题。如果设置了 config.action_controller.perform_caching = true，Rack::Cache 会使用 Rails.cache 存储静态文件，很快缓存空间就会用完。

Sprockets 默认使用的公开路径是 /assets

X-Sendfile 报头的作用是让服务器忽略程序的响应，直接从硬盘上伺服指定的文件

为 Rails 提供标准 JavaScript 代码库的 jquery-rails gem 是个很好的例子。这个 gem 中有个引擎类，继承自 Rails::Engine。添加这层继承关系后，Rails 就知道这个 gem 中可能包含静态资源文件，会把这个引擎中的 app/assets、lib/assets 和 vendor/assets 三个文件夹加入 Sprockets 的搜索路径中。

a volume outlives any Containers that run within the Pod, and data is preserved across Container restarts.

Kubernetes supports many types of volumes, and a Pod can use any number of them simultaneously.

To use a volume, a Pod specifies what volumes to provide for the Pod (the .spec.volumes field) and where to mount those into Containers (the .spec.containers.volumeMounts field).

Each Container in the Pod must independently specify where to mount each volume

localnfs

cephfs

awsElasticBlockStore

glusterfs

vsphereVolume

An awsElasticBlockStore volume mounts an Amazon Web Services (AWS) EBS Volume into your Pod.

an EBS volume can be pre-populated with data, and that data can be “handed off” between Pods.

create an EBS volume using aws ec2 create-volume

the nodes on which Pods are running must be AWS EC2 instances

EBS only supports a single EC2 instance mounting a volume

check that the size and EBS volume type are suitable for your use!

A cephfs volume allows an existing CephFS volume to be mounted into your Pod.

the contents of a cephfs volume are preserved and the volume is merely unmounted.

have your own Ceph server running with the share exported

The configMap resource provides a way to inject configuration data into Pods

When referencing a configMap object, you can simply provide its name in the volume to reference it

volumeMounts: - name: config-vol mountPath: /etc/config volumes: - name: config-vol configMap: name: log-config items: - key: log_level path: log_level

create a ConfigMap before you can use it.

An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node.

By default, emptyDir volumes are stored on whatever medium is backing the node - that might be disk or SSD or network storage, depending on your environment.

you can set the emptyDir.medium field to "Memory" to tell Kubernetes to mount a tmpfs (RAM-backed filesystem)

volumeMounts: - mountPath: /cache name: cache-volume volumes: - name: cache-volume emptyDir: {}

An fc volume allows an existing fibre channel volume to be mounted in a Pod.

configure FC SAN Zoning to allocate and mask those LUNs (volumes) to the target WWNs beforehand so that Kubernetes hosts can access them.

Flocker is an open-source clustered Container data volume manager. It provides management and orchestration of data volumes backed by a variety of storage backends.

emptyDir

flocker

A flocker volume allows a Flocker dataset to be mounted into a Pod

have your own Flocker installation running

A gcePersistentDisk volume mounts a Google Compute Engine (GCE) Persistent Disk into your Pod.

Using a PD on a Pod controlled by a ReplicationController will fail unless the PD is read-only or the replica count is 0 or 1

A glusterfs volume allows a Glusterfs (an open source networked filesystem) volume to be mounted into your Pod.

have your own GlusterFS installation running

a powerful escape hatch for some applications

access to Docker internals; use a hostPath of /var/lib/docker

allowing a Pod to specify whether a given hostPath should exist prior to the Pod running, whether it should be created, and what it should exist as

specify a type for a hostPath volume

the files or directories created on the underlying hosts are only writable by root.

hostPath: # directory location on host path: /data # this field is optional type: Directory

An iscsi volume allows an existing iSCSI (SCSI over IP) volume to be mounted into your Pod.

have your own iSCSI server running

A feature of iSCSI is that it can be mounted as read-only by multiple consumers simultaneously.

A local volume represents a mounted local storage device such as a disk, partition or directory.

Compared to hostPath volumes, local volumes can be used in a durable and portable manner without manually scheduling Pods to nodes, as the system is aware of the volume’s node constraints by looking at the node affinity on the PersistentVolume.

PersistentVolume spec using a local volume and nodeAffinity

PersistentVolume volumeMode can now be set to “Block” (instead of the default value “Filesystem”) to expose the local volume as a raw block device.

When using local volumes, it is recommended to create a StorageClass with volumeBindingMode set to WaitForFirstConsumer

An nfs volume allows an existing NFS (Network File System) share to be mounted into your Pod.

have your own NFS server running with the share exported

A persistentVolumeClaim volume is used to mount a PersistentVolume into a Pod.

PersistentVolumes are a way for users to “claim” durable storage (such as a GCE PersistentDisk or an iSCSI volume) without knowing the details of the particular cloud environment.

A projected volume maps several existing volume sources into the same directory.

All sources are required to be in the same namespace as the Pod. For more details, see the all-in-one volume design document.

Each projected volume source is listed in the spec under sources

A Container using a projected volume source as a subPath volume mount will not receive updates for those volume sources.

RBD volumes can only be mounted by a single consumer in read-write mode - no simultaneous writers allowed

A secret volume is used to pass sensitive information, such as passwords, to Pods

create a secret in the Kubernetes API before you can use it

StorageOS runs as a Container within your Kubernetes environment, making local or attached storage accessible from any node within the Kubernetes cluster.

StorageOS provides block storage to Containers, accessible via a file system.

A vsphereVolume is used to mount a vSphere VMDK Volume into your Pod.

supports both VMFS and VSAN datastore.

create VMDK using one of the following methods before using with Pod.

share one volume for multiple uses in a single Pod.

volumeMounts: - name: workdir1 mountPath: /logs subPathExpr: $(POD_NAME)

env: - name: POD_NAME valueFrom: fieldRef: apiVersion: v1 fieldPath: metadata.name

Use the subPathExpr field to construct subPath directory names from Downward API environment variables

enable the VolumeSubpathEnvExpansion feature gate

emptyDir and hostPath volumes will be able to request a certain amount of space using a resource specification, and to select the type of media to use, for clusters that have several media types.

the Container Storage Interface (CSI) and Flexvolume. They enable storage vendors to create custom storage plugins without adding them to the Kubernetes repository.

Container Storage Interface (CSI) defines a standard interface for container orchestration systems (like Kubernetes) to expose arbitrary storage systems to their container workloads.

Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users may use the csi volume type to attach, mount, etc. the volumes exposed by the CSI driver.

This feature requires CSIInlineVolume feature gate to be enabled:--feature-gates=CSIInlineVolume=true

In-tree plugins that support CSI Migration and have a corresponding CSI driver implemented are listed in the “Types of Volumes” section above.

Mount propagation of a volume is controlled by mountPropagation field in Container.volumeMounts.

HostToContainer - This volume mount will receive all subsequent mounts that are mounted to this volume or any of its subdirectories.

Bidirectional - This volume mount behaves the same the HostToContainer mount. In addition, all volume mounts created by the Container will be propagated back to the host and to all Containers of all Pods that use the same volume.

Edit your Docker’s systemd service file. Set MountFlags as follows:MountFlags=shared

initialize the local CLI

install Tiller into your Kubernetes cluster

helm install

helm init --upgrade

By default, when Tiller is installed, it does not have authentication enabled.

helm repo update

Without a max history set the history is kept indefinitely, leaving a large number of records for helm and tiller to maintain.

helm init --upgrade

Whenever you install a chart, a new release is created.

helm list function will show you a list of all deployed releases.

helm delete

helm status

the Helm server (Tiller).

The Helm client (helm)

brew install kubernetes-helm

it can also be run locally, and configured to talk to a remote Kubernetes cluster.

Role-Based Access Control - RBAC for short

run Tiller in an RBAC-enabled Kubernetes cluster.

run kubectl get pods --namespace kube-system and see Tiller running.

helm inspect

Helm will look for Tiller in the kube-system namespace unless --tiller-namespace or TILLER_NAMESPACE is set.

For development, it is sometimes easier to work on Tiller locally, and configure it to connect to a remote Kubernetes cluster.

helm version should show you both the client and server version.

The --node-selectors flag allows us to specify the node labels required for scheduling the Tiller pod.

--override allows you to specify properties of Tiller’s deployment manifest.

helm init --override manipulates the specified properties of the final manifest (there is no “values” file).

The --output flag allows us skip the installation of Tiller’s deployment manifest and simply output the deployment manifest to stdout in either JSON or YAML format.

switch from the default backend to the secrets backend, you’ll have to do the migration for this on your own.

a beta SQL storage backend that stores release information in an SQL database (only postgres has been tested so far).

Helm requires that kubelet have access to a copy of the socat program to proxy connections to the Tiller API.

A Release is an instance of a chart running in a Kubernetes cluster. One chart can often be installed many times into the same cluster.

helm init --client-only

helm init --dry-run --debug

A panic in Tiller is almost always the result of a failure to negotiate with the Kubernetes API server

Tiller and Helm have to negotiate a common version to make sure that they can safely communicate without breaking API assumptions

helm delete --purge

Helm stores some files in $HELM_HOME, which is located by default in ~/.helm

A Chart is a Helm package. It contains all of the resource definitions necessary to run an application, tool, or service inside of a Kubernetes cluster.