Skip to content

Instantly share code, notes, and snippets.

View bpluly's full-sized avatar

Simon Lucy bpluly

2 followers · 8 following
View GitHub Profile
@bpluly
bpluly / gitsshproxy.md
Last active December 8, 2023 13:29

As part of the process of migrating as many instances as possible from public IPv4 addresses, because it's going to get expensive I have to use a proxy from the backend interface to github in order to pull updates from the repos. This is part of the distribution of the whole system apart from configuration not in the repos. To begin with I planned on adding a forward Proxy on the existing HAProxy on the front of the production web servers, it's in the same backend subnet and it's always going to have an IPv4 interface. But that got very ugly. I decided instead on using ssh and proxy through the sshd already running on the HAProxy instance. After a lot of complexity I went back to the simplest.

Host github.com
   HostName github.com
   AddressFamily inet
   IdentityFile ~/.ssh/github_rsa
   IdentityFile ~/.ssh/keyforproxyinstance
 User git
@bpluly
bpluly / describe-instances-resource.md
Last active November 24, 2023 18:13
AWS describe-instances when private dns name is the instance resource

The Instance metadata has two fields for PrivateDNSName one in the Instance struct and then within NetworkInterfaces[] within that struct. When resource names are used for the private dns field you have to filter for the field in the NetworkInterfaces list (generally the first one). For example, to get the InstanceID of an instance using the resource name dns:

aws ec2 describe-instances --filters "Name=network-interface.private-dns-name,Values=i-0c8489ec965617999.eu-west-2.compute.internal" --query "Reservations[0].Instances[0].{Instance:InstanceId}" { "Instance": "i-0c8489ec965617999" }

@bpluly
bpluly / gist:7777c72211bf0002a1ade54a88e31bc3
Last active October 31, 2023 16:20
Using rsync from Fabric2/Patchwork/Paramiko on AWS EIC connections to update certificates on HAProxy

Further adventures in EIC land. I use Fabric2 for all the distribution of code and as much Opswork as I can. That includes updating certs. The certs are all managed from my local machine and then distributed. I use rsync to move the certificate trees (all LetsEncrypt). Before using EIC this was simple the same ssh config could be used but had to be repeated for the Patchwork rsync as it makes its own connection even though there's an existing connection to the host. The ssh_opts for EIC mean you have to inject the InstanceId for each host, the Paramiko Connection object might have it but I failed to find it spelunking; it relies on the ssh_opts parameter to fill the rsync options.

Using the EC2 API DescribeInstances gets the InstanceId along with everything else about the instance and using the Private DNS for the host filters the API response. To get the Private DNS on my ssh config I use the Connection objects which has the updated host string, converting Hostname to the Host which is either an IP address

@bpluly
bpluly / gist:333c3df0e57aeb5318c20f39a8e0093f
Last active October 31, 2023 16:20
Using AWS EIC (EC2 Instance Connect) with OpenSSH

As AWS are going to start charging for all public IPv4 endpoints I have started to look at how to rotate out as manu instances as possible but still have the same mechanisms to access and manage them, ie ssh.

I could leave the Bastion and connect to everything on the private network via the Bastion that's much the samed as now except re-rolling all the instances to remove the public interface. There is EC2 Instance Connect which AWS have just beefed up and is available for AWS Linux 2 and Ubuntu so I tried that.

It has all the convolutions of any other soft networking solution and further commits the sin of requiring aws commands to do the usual work of setting up a tunnel. This is presuming that each connection is a new tunnel from the client to the instance, there's no Bastion so the controls in the Security Group need to be tied down.

Everything seemed mostly ok until I tried to actually connect to an instance, this was with using one of the few examples in the documentation. These examples are all comm

@bpluly
bpluly / gist:7bbbc0520c98c8fcd731b54e9079a2f9
Last active October 31, 2023 16:21
Installing Postgres15 on AWS 2

Whilst AWS Linux 2023 has an up to date package, AWS Linux 2 does not but the former isn't suitable for anything that requires EPEL or much in the way of customising.

sudo rpm -ivh --nodeps https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm sudo sed -i 's/\$releasever/7/g' /etc/yum.repos.d/pgdg-redhat-all.repo sudo yum install -y postgresql15 postgresql15-server PGSETUP_INITDB_OPTIONS='--encoding=UTF-8 --locale=C.UTF-8' sudo /usr/pgsql-15/bin/postgresql-15-setup initdb sudo systemctl enable --now postgresql-15 systemctl status postgresql-15

@bpluly
bpluly / gist:841d58635306123f40599f2b98b946fe
Created April 18, 2023 11:22
Island Folk Track Listing
Album Artist,Album,Disc#,Track#,Title,Track Artist(s),Composer(s),,Source,Is Dup?,Is Hidden?,Tags
Various Artists,Mojo Presents: Island Folk,1,1,Go Down Easy,John Martyn,John Martyn,,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,2,The Sea,Fotheringay,Sandy Denny,,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,3,We Used to Know,Jethro Tull,Ian Anderson,,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,4,Lonely Boy,Nirvana,"Alex Spyropoulos, Patrick Campbell-Lyons",,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,5,Primrose Hill,John Martyn / Beverley Martyn,John Martyn,,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,6,No More Sad Refrains,Sandy Denny,Sandy Denny,,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,8,Red Hair,The Incredible String Band,Mike Heron,,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,9,Where Are Your Smiles At,Claire Hamill,"Claire Hamill, Mike Coles",,Local,no,no,
Various Artists,Mojo Presents: Island Folk,1,10,She
@bpluly
bpluly / gist:dc2981bad8bd9e319964927c2fddb05f
Last active October 31, 2023 16:26
SVG Drag n Drop

In creating the graph view in Zettel.io of notes in a kasten I wanted to maintain the general method of not relying upon frameworks. For the Card and Strips view in the Kasten I used Canvas for the linking lines layer between notes. On the graph I wanted to show it as a kind of entity graph, ellipses with links, and later tags, connecting the notes.

I did not want a force graph as in d3 because that's very stiff the user can kind of change the view of the graph but it's hard to place them easily.

The graph page is the same kind of structure as the Card and Strip views but I separated it out as its own template. Within each Node set of DIVs there's an SVG viewBox with an ellipse and a text element inside, the text is just the summary or title of the Note. At the moment that's only 20 characters long.

I thought it would be as simple as the original Drag n Drop to move elements around as it orginally was for Cards and Strips before I refactored it to have ordering on the notes. But (after the travail to unde

@bpluly
bpluly / gist:cbd24427f0d34a9f5246f04e66c6d9ce
Created December 9, 2022 12:46
Python 3.8 pprint
From Python documentation for 3.8
pprint
The pprint module added a sort_dicts parameter to several functions. By default, those functions continue to sort dictionaries before rendering or printing. However, if sort_dicts is set to false, the dictionaries retain the order that keys were inserted. This can be useful for comparison to JSON inputs during debugging.
In addition, there is a convenience new function, pprint.pp() that is like pprint.pprint() but with sort_dicts defaulting to False:
>>>
>>> from pprint import pprint, pp
@bpluly
bpluly / Couch-ordered-views.md
Last active November 24, 2023 18:15
Ordering a set of CouchDB documents so that regular queries can be made and standard responses returned including bookmarks

This is for sets of documents where orderings can be made regardless of the content, so not indexed on a known field but ordered. And not just a single ordering but multiple alternative orderings.

Imagine a box of cards, they're in a particular order first to last. To order them again requires going through each card and placing it in the new order, and the previous order is unavailable until it's reordered destroying the existing one again. The first solution was a separate document of a different type which had lists of orders, each list within the lists had a label or a name, and the ordering was a list of documents in a particular order.

This works but can only work after the documents have been selected and then the ordering applied. That means that all the other features of search or query only happen before the ordering can be applied. That makes bookmarking impossible and so the whole set has to be returned to the client and the client has to manage the paging. This is horrible.

The planned altern

@bpluly
bpluly / gist:36552662084cd5c1ee00a7b6b757e0e4
Created June 8, 2022 10:29
Highlight broken on Ultraedit Linux on Elementary
The File View, and probably other dockable windows doesn't style hightlighted elements properly.
The highlighted line has an opaque fill in which ever GTK system stylesheet is in force.
Only if you click the highlight does the background text appear through the highlight.
The solution I found was to force applications to use the Dark Theme, then restart Ultraedit.
Ultraedit then uses the GTK style sheet for dockable windows properly, even when changing the theme in UE itself.