| #!/bin/bash | |
| # pre-commit git hook to check the validity of a puppet manifest | |
| # | |
| # Prerequisites: | |
| # gem install puppet-lint puppet | |
| # | |
| # Install: | |
| # /path/to/repo/.git/hooks/pre-comit | |
| # Source RVM if needed |
| #!/usr/bin/env python | |
| import hashlib | |
| import optparse | |
| import paramiko | |
| from Crypto.PublicKey import RSA | |
| def insert_char_every_n_chars(string, char='\n', every=64): | |
| return char.join( |
The best way to use this tool is to hook apt's use of dpkg to run it before doing any package installs.
In your apt.conf, put this:
DPkg::Pre-Install-Pkgs {"xargs -rL1 bash /path/to/stripdeb.sh 2>&1 | logger -t stripdeb"}
Then, a demo:
% sudo apt-get install mysql-server-5.1
| #!/usr/bin/ruby | |
| require 'rubygems' | |
| require 'packetfu' | |
| dev = ARGV[0] | |
| mac=`ip link show #{dev} | awk '/ether/ {print $2}'` | |
| ARGV.shift | |
| dests = ARGV | |
| cap = PacketFu::Capture.new( |
| #!/bin/sh | |
| [[ -n "$1" && -n "$2" ]] || { echo "Usage: $0 <interface to grab multicast packets from> <interface to send modified packets to> [target MAC address 1] [target MAC address 2] ..."; exit 0 ; } | |
| IIF=$1 | |
| OIF=$2 | |
| shift | |
| shift | |
| SRC_MACADDR=`ip link show $OIF | awk '/ether/ {print $2}' | tr -d :` |
| #!/bin/sh | |
| VIP=$1 | |
| IF=$2 | |
| # Determine the interface's MAC address | |
| MAC=`ip link show $IF | awk '/ether/ {print $2}'` | |
| # Determine ENI ID of the interface | |
| ENI_ID=`curl http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC/interface-id` |
| tmp | |
| log | |
| doc | |
| daemon | |
| *.swp |
| class ZendeskTicketsJob | |
| extend Resque::Plugins::ExponentialBackoff | |
| @queue = :low | |
| FIELDS = ['zendesk_id', 'requester_id', 'assignee_id', 'group', 'subject', 'tags', 'status', 'priority', 'via', 'ticket_type', 'created_at', 'assigned_at', 'solved_at', 'resolution_time', 'satisfaction', 'group_stations', 'assignee_stations', 'reopens', 'replies', 'first_reply_time_in_minutes', 'first_reply_time_in_minutes_within_business_hours', 'first_resolution_time_in_minutes', 'first_resolution_time_in_minutes_within_business_hours', 'full_resolution_time_in_minutes', 'full_resolution_time_in_minutes_within_business_hours', 'agent_wait_time_in_minutes', 'agent_wait_time_in_minutes_within_business_hours', 'requester_wait_time_in_minutes', 'requester_wait_time_in_minutes_within_business_hours', 'reservation_code', 'requires_manual_closing'] | |
| def self.perform(url) | |
| `rm /tmp/zendesk_tickets*` | |
| `wget #{url} -O /tmp/zendesk_tickets.csv.zip` | |
| `unzip -p /tmp/zendesk_tickets.csv.zip > /tmp/zendesk_tickets.csv` | |
There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.
Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.
If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie
| DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE | |
| Version 2, December 2014 | |
| Copyright (C) 2014 Addy Osmani @addyosmani | |
| Everyone is permitted to copy and distribute verbatim or modified | |
| copies of this license document, and changing it is allowed as long | |
| as the name is changed. | |
| DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE |