ryran

# powerline-go for PS1, customizable-on-the-fly thanks to bash-preexec & a custom helper function
# https://gist.github.com/ryran/dc0ec41ae5311ac40ce2896d19bbc984
# Source from the bottom of ~/.bashrc

# Backup PS1
[[ $PS1_ORIG ]] || PS1_ORIG=$PS1

# Download binary from github.com/justjanne/powerline-go & customize the path here
__pwr_binpath=/usr/local/bin/powerline-go

ryran

#!/bin/bash
# ocp4-download-clients v0.2.0 last mod 2020/01/23
# Copyright 2020 Ryan Sawhill Aroha <rsaw@redhat.com>
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,

ryran

#!/bin/bash
# ocp4-chk-upgrade-channel v1.4 last mod 2022/11/16
# https://gist.github.com/ryran/072409b1b7efd5018683a8c45e019652
# Copyright 2020, 2021, 2022 Ryan Sawhill Aroha <rsaw@redhat.com>
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#

ryran

#!/bin/bash
# Created 2019 by Ryan Sawhill Aroha <rsaw@redhat.com>
# Ref: https://docs.gitlab.com/ee/user/admin_area/monitoring/health_check.html

rc=0
url="https://localhost/-"
endpoints="readiness liveness"

file1=$(mktemp) file2=$(mktemp)
trap "rm -rf $file1 $file2" EXIT INT

ryran

#!/bin/bash

tmp=$(mktemp -d)
trap "cd - >/dev/null; rm -rf $tmp" EXIT
cd $tmp

echo >&2
echo "Checking expiration dates for all certs in all namespaces ..." >&2
echo "(Pipe to 'sort' to see soonest-to-expire at the top)" >&2
echo >&2

ryran

#!/bin/bash

MASTERS="master0 master1 master2"
WORKERS="worker0 worker1"

echo "Checking expiration dates for all node /var/lib/kubelet/pki/kubelet-{server,client}-current certs ..." >&2
echo >&2
for h in $MASTERS $WORKERS; do
    echo $h
    ssh $h 'for f in kubelet-{server,client}-current.pem; do printf "\t$f: "; sudo openssl x509 -enddate -noout -in /var/lib/kubelet/pki/$f; done'

ryran

#!/bin/bash
#
# This extremely rough nonsense is an attempt to automate the disaster recovery
# expired certs documentation published at
# https://docs.openshift.com/container-platform/4.1/disaster_recovery/scenario-3-expired-certs.html
# ... Which was last reviewed on 2019/06/10
#
# Please contact rsaw@redhat.com with suggestions or corrections

# CUSTOMIZE THESE:

ryran

#!/usr/bin/python3
# Written May 2019 by Ryan Sawhill Aroha <rsaw@redhat.com>
# For dealing with OCPv4's MachineConfigs (which use Ignition)
# Ref: https://github.com/openshift/machine-config-operator
# Requires python v3.6+

import urllib.parse
import os.path
from sys import argv, stdin, stderr, exit as sysexit

ryran

// Tested in RHEL7, modern Fedora (last edited 2018/04)
// Save to /etc/polkit-1/rules.d/

/*
This first rule prevents wheel group-members from becoming polkit admins.
    (NOTE: of course you should delete/comment this first rule if you want
     your wheel users to have unfettered access to the system, or if you
     have any other custom admin declarations.)
This overrides /etc/polkit-1/rules.d/50-default.rules which would otherwise
make it possible for wheel-group members to do all kinds of things, e.g.:

ryran

#!/bin/bash

flock_open() {
    # Open a blocking request for an exclusive lock against file $1, by
    #   loop-trying a mkdir on: "$(dirname $1)/.$(basename $1).lock"
    # Lock can be stolen from a dead PID 3.2-19.2 seconds after they die, though
    #   this can be changed by calling flock_open w/custom deadmax= env variable.
    local parentdir=$(dirname "${1}")
    local lock=${parentdir}/.${1##*/}.lock~
    local owner= lastOwner=