Skip to content

Instantly share code, notes, and snippets.


David Wittman DavidWittman

View GitHub Profile
razorsedge /
Created Nov 29, 2016
Packer templates to copy and encrypt a Marketplace AMI.
"description": "Copy the CentOS 6 AMI into our account so that we can add boot volume encryption.",
"min_packer_version": "0.11.0",
"variables": {
"aws_region": "us-east-1",
"aws_vpc": null,
"aws_subnet": null,
"ssh_username": "centos"
"builders": [
View .gitlab-ci.yml
image: php:5.6
- test_build
- test
- dist_build
- deploy
pmp /
Last active Aug 31, 2020
Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.

If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.

KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.

The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.

KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API. To exceed these limitations, you must use a technique called "envelope encryptio

uvsmtid /
Last active Mar 2, 2018
Salt Grains vs Pillars

Salt Grains vs Pillars

Both grains and Pillars define input data to parameterize [Salt][1] states.

Depending on the purpose of data, one should make a choice to put it in one place or another.


  • This doc focuses on practical differences between Grains and Pillars for [default use case][2] only.
  • It is not about everything what is possible.
thwarted / resize-java-iKVM-viewer
Last active Mar 16, 2021
resize-java-iKVM-viewer: find all supermicro Java iKVM Viewer windows and resize them to display all the content
View resize-java-iKVM-viewer
# find all supermicro Java iKVM Viewer windows and resize
# them to display all the content
# for reasons that are beyond sanity, this shitty closed source program
# sets the min and max window sizes to the same values, making it unresizable
# through dragging.
# this wouldn't be so bad if it actually resized the window to display all
# the content. it constantly resizes based on the resolution of the
obstschale /
Last active May 3, 2021
An Octave introduction cheat sheet.
Apsu /
Last active Dec 24, 2015
Quick description of VIP failover + local service routing issue

In Linux, when you add an IP to an interface, the kernel creates two routes for you:

table local: local x.x.x.y dev foo proto kernel scope host src x.x.x.y
table main: x.x.x.a/bb dev foo proto kernel scope link src x.x.x.y

Now, if you are setting up an HA pair or cluster, you will often have a VIP -- a "virtual" or "floating" IP -- which is moved between boxes during failovers. And if you happen to be running clients on these nodes as well which connect to that VIP, something very odd happens when you move the IP.

So... linux has routing rules, tables, and a cache. When a connection is made, the cache is consulted for a matching route tuple (src, dst, tos, fwmark, iif) and if it exists, the connection stores a pointer to it so each packet can rapidly be routed. If the cache entry expires or otherwise goes away, a new route is cloned by following the policy rules to look in the tables.

Now... when an IP you're connected to/from goes away... something very odd happens. The stack realizes that it can

dypsilon /
Last active May 9, 2021
A badass list of frontend development resources I collected over time.
lorin / preseed-fragment.seed
Last active May 7, 2021
Automated partitioning with Ubuntu preseed
View preseed-fragment.seed
# Use LVM for partitioning
d-i partman-auto/method string lvm
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. Preseed this away
d-i partman-lvm/device_remove_lvm boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
DavidWittman / tokenreaper.sql
Last active Dec 14, 2015
MySQL scheduled event to remove Keystone authentication tokens expired for over one week.
View tokenreaper.sql
USE keystone
-- This needs to be set in the my.cnf to persist
SET GLOBAL event_scheduler = 1;
CREATE EVENT tokenreaper
END $$