Skip to content

Instantly share code, notes, and snippets.

David Wittman DavidWittman

View GitHub Profile
@razorsedge
razorsedge / encrypt-centos.org-6-ami.json
Created Nov 29, 2016
Packer templates to copy and encrypt a Marketplace AMI.
View encrypt-centos.org-6-ami.json
{
"description": "Copy the centos.org CentOS 6 AMI into our account so that we can add boot volume encryption.",
"min_packer_version": "0.11.0",
"variables": {
"aws_region": "us-east-1",
"aws_vpc": null,
"aws_subnet": null,
"ssh_username": "centos"
},
"builders": [
View .gitlab-ci.yml
---
image: php:5.6
stages:
- test_build
- test
- dist_build
- deploy
before_script:
@pmp
pmp / envelope_encryption_kms_boto_pycrypto.md
Last active Jun 12, 2020
Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.
View envelope_encryption_kms_boto_pycrypto.md

If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.

KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.

The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.

KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API. To exceed these limitations, you must use a technique called "envelope encryptio

@uvsmtid
uvsmtid / salt_pillars_vs_grains.md
Last active Mar 2, 2018
Salt Grains vs Pillars
View salt_pillars_vs_grains.md

Salt Grains vs Pillars

Both grains and Pillars define input data to parameterize [Salt][1] states.

Depending on the purpose of data, one should make a choice to put it in one place or another.

NOTE:

  • This doc focuses on practical differences between Grains and Pillars for [default use case][2] only.
  • It is not about everything what is possible.
@thwarted
thwarted / resize-java-iKVM-viewer
Last active Mar 24, 2020
resize-java-iKVM-viewer: find all supermicro Java iKVM Viewer windows and resize them to display all the content
View resize-java-iKVM-viewer
#!/bin/bash
# find all supermicro Java iKVM Viewer windows and resize
# them to display all the content
#
# for reasons that are beyond sanity, this shitty closed source program
# sets the min and max window sizes to the same values, making it unresizable
# through dragging.
# this wouldn't be so bad if it actually resized the window to display all
# the content. it constantly resizes based on the resolution of the
@obstschale
obstschale / octave.md
Last active Jul 21, 2020
An Octave introduction cheat sheet.
View octave.md

Octave CheatSheet

GNU Octave is a high-level interpreted language, primarily intended for numerical computations.
(via GNU Octave)

Basics

  • not equal ~=
  • logical AND &&
@Apsu
Apsu / VIP.md
Last active Dec 24, 2015
Quick description of VIP failover + local service routing issue
View VIP.md

In Linux, when you add an IP to an interface, the kernel creates two routes for you:

table local: local x.x.x.y dev foo proto kernel scope host src x.x.x.y
table main: x.x.x.a/bb dev foo proto kernel scope link src x.x.x.y

Now, if you are setting up an HA pair or cluster, you will often have a VIP -- a "virtual" or "floating" IP -- which is moved between boxes during failovers. And if you happen to be running clients on these nodes as well which connect to that VIP, something very odd happens when you move the IP.

So... linux has routing rules, tables, and a cache. When a connection is made, the cache is consulted for a matching route tuple (src, dst, tos, fwmark, iif) and if it exists, the connection stores a pointer to it so each packet can rapidly be routed. If the cache entry expires or otherwise goes away, a new route is cloned by following the policy rules to look in the tables.

Now... when an IP you're connected to/from goes away... something very odd happens. The stack realizes that it can

@dypsilon
dypsilon / frontendDevlopmentBookmarks.md
Last active Aug 2, 2020
A badass list of frontend development resources I collected over time.
View frontendDevlopmentBookmarks.md
@lorin
lorin / preseed-fragment.seed
Last active Jul 2, 2020
Automated partitioning with Ubuntu preseed
View preseed-fragment.seed
# Use LVM for partitioning
d-i partman-auto/method string lvm
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. Preseed this away
d-i partman-lvm/device_remove_lvm boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
@DavidWittman
DavidWittman / tokenreaper.sql
Last active Dec 14, 2015
MySQL scheduled event to remove Keystone authentication tokens expired for over one week.
View tokenreaper.sql
USE keystone
-- This needs to be set in the my.cnf to persist
SET GLOBAL event_scheduler = 1;
DELIMITER $$
CREATE EVENT tokenreaper
ON SCHEDULE EVERY 1 WEEK
DO BEGIN
DELETE FROM `token` WHERE expires <= DATE_SUB(NOW(), INTERVAL 1 WEEK);
END $$
DELIMITER ;
You can’t perform that action at this time.