Skip to content

Instantly share code, notes, and snippets.

View DavidWittman's full-sized avatar

David Wittman DavidWittman

123 followers · 22 following
View GitHub Profile
@bfg
bfg / apache-2.2-mod_remoteip.c
Created June 23, 2011 09:32
Working backport (doesn't crash when using Allow/Deny ACLs) of Apache 2.3 module mod_remoteip to Apache 2.2.x
/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
@rubiojr
rubiojr / fog_kvm_create_from_template.rb
Created November 29, 2011 17:15
Create KVM guest using fog/libvirt and a QCOW2 template
require 'fog'
require 'net/ssh'
require 'net/scp'
def upload_file(host, user, password, source, dest, print_progress = true)
Net::SSH.start(host, user, :password => password) do |ssh|
puts "Uploading file... (#{File.basename(source)})"
ssh.scp.upload!(source, dest) do |ch, name, sent, total|
if print_progress
@DavidWittman
DavidWittman / tokenreaper.sql
Last active December 14, 2015 09:08
MySQL scheduled event to remove Keystone authentication tokens expired for over one week.
USE keystone
-- This needs to be set in the my.cnf to persist
SET GLOBAL event_scheduler = 1;
DELIMITER $$
CREATE EVENT tokenreaper
ON SCHEDULE EVERY 1 WEEK
DO BEGIN
DELETE FROM `token` WHERE expires <= DATE_SUB(NOW(), INTERVAL 1 WEEK);
END $$
DELIMITER ;
@Apsu
Apsu / VIP.md
Last active December 24, 2015 08:59
Quick description of VIP failover + local service routing issue

In Linux, when you add an IP to an interface, the kernel creates two routes for you:

table local: local x.x.x.y dev foo proto kernel scope host src x.x.x.y
table main: x.x.x.a/bb dev foo proto kernel scope link src x.x.x.y

Now, if you are setting up an HA pair or cluster, you will often have a VIP -- a "virtual" or "floating" IP -- which is moved between boxes during failovers. And if you happen to be running clients on these nodes as well which connect to that VIP, something very odd happens when you move the IP.

So... linux has routing rules, tables, and a cache. When a connection is made, the cache is consulted for a matching route tuple (src, dst, tos, fwmark, iif) and if it exists, the connection stores a pointer to it so each packet can rapidly be routed. If the cache entry expires or otherwise goes away, a new route is cloned by following the policy rules to look in the tables.

Now... when an IP you're connected to/from goes away... something very odd happens. The stack realizes that it can

@ryanflorence
ryanflorence / events.coffee
Created April 14, 2012 05:46
@events =
events: {}
on: (topic, handler, context = this) ->
(@events[topic] or= []).push {handler, context}
trigger: (topic, args...) ->
return unless @events[topic]?
handler.apply(context, args) for {handler, context} in @events[topic]
anonymous
anonymous / .gitlab-ci.yml
Created August 17, 2016 15:46
---
image: php:5.6
stages:
- test_build
- test
- dist_build
- deploy
before_script:
@razorsedge
razorsedge / encrypt-centos.org-6-ami.json
Created November 29, 2016 01:11
Packer templates to copy and encrypt a Marketplace AMI.
{
"description": "Copy the centos.org CentOS 6 AMI into our account so that we can add boot volume encryption.",
"min_packer_version": "0.11.0",
"variables": {
"aws_region": "us-east-1",
"aws_vpc": null,
"aws_subnet": null,
"ssh_username": "centos"
},
"builders": [
@sturadnidge
sturadnidge / tmux-1.8-on-CentOS-6.x.txt
Last active May 10, 2021 18:31
Install tmux 1.8 on CentOS 6.x minimal (64bit)
# download latest libevent2 and tmux sources, and extract them somewhere
# (thx bluejedi for tip on latest tmux URL)
#
# at the time of writing:
# https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
# http://sourceforge.net/projects/tmux/files/latest/download?source=files
#
# install deps
yum install gcc kernel-devel make ncurses-devel
@pmp
pmp / envelope_encryption_kms_boto_pycrypto.md
Last active November 17, 2021 16:35
Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.

If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.

KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.

The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.

KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API. To exceed these limitations, you must use a technique called "envelope encryptio

@thwarted
thwarted / resize-java-iKVM-viewer
Last active September 15, 2022 08:59
resize-java-iKVM-viewer: find all supermicro Java iKVM Viewer windows and resize them to display all the content
#!/bin/bash
# find all supermicro Java iKVM Viewer windows and resize
# them to display all the content
#
# for reasons that are beyond sanity, this shitty closed source program
# sets the min and max window sizes to the same values, making it unresizable
# through dragging.
# this wouldn't be so bad if it actually resized the window to display all
# the content. it constantly resizes based on the resolution of the