David Strauss davidstrauss

## gist:7653180
[straussd@systemd-f19 systemd]$ sudo systemctl set-property test-1.service CPUShares=777
Failed to set unit properties on test-1.service: No such device or address
[straussd@systemd-f19 systemd]$ systemctl status test-1.service
test-1.service - test service 1
   Loaded: loaded (/etc/systemd/system/test-1.service; enabled)
   Active: activating (start) since Mon 2013-11-25 19:45:25 PST; 51s ago
 Main PID: 336 (sleep)
   CGroup: /mine.slice/test-1.service
           └─336 /usr/bin/sleep 100

## gist:7805704
# cat /etc/systemd/system/mirrors.mount
[Mount]
What=/dev/mapper/36000d31000491800000000000000005c
Where=/mirrors
Options=defaults,discard
TimeoutSec=600

[Install]
WantedBy=local-fs.target
# systemctl start mirrors.mount

## my.cnf
[mysqld_safe]
# Standard config
socket=<%= @base %>/data/mysql.sock
datadir=<%= @base %>/data
log-error=<%= @base %>/logs/mysqld.log
pid-file=<%= @base %>/mysqld.pid
port=<%= Etc.getpwnam(@id).uid %>

[mysqld]
bind-address=::

## gist:9699575
### Keybase proof

I hereby claim:

  * I am davidstrauss on github.
  * I am davidstrauss (https://keybase.io/davidstrauss) on keybase.
  * I have a public key whose fingerprint is 3655 BE19 8242 7E5D 0080  9990 D276 730B BAD5 4AE4

To claim this, I am signing this object:

## library_updates.py
import os
import pprint
import fnmatch
import time
import subprocess

def find_services_needing_restart():
    services = {}
    pids = [ f for f in os.listdir('/proc') if f.isdigit() and os.path.isdir(os.path.join('/proc', f)) ]

## stunnel.c
            if(bind(opt->fd, &opt->local_addr.sa, addr_len(&opt->local_addr))) {
                s_log(LOG_ERR, "Error binding service [%s] to %s",
                    opt->servname, local_address);
                sockerror("bind");
                closesocket(opt->fd);
                opt->fd=-1;
                str_free(local_address);
                return 1;
            }
            if(listen(opt->fd, SOMAXCONN)) {

## gist:ab01855e7d758d1f771b
[straussd@zeus ~]$ curl -kv https://gw.home.lan/
* Adding handle: conn: 0xc87940
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0xc87940) send_pipe: 1, recv_pipe: 0
* About to connect() to gw.home.lan port 443 (#0)
*   Trying 172.30.42.1...
* Connected to gw.home.lan (172.30.42.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb

## gist:cc880fc9fd43383714d8
[straussd@zeus ~]$ ssh -vvvvvv root@gw.home.lan
OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 51: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to gw.home.lan [172.30.42.1] port 22.
debug1: Connection established.
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/straussd/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/straussd/.ssh/id_rsa type 1

## gist:8e056f0bb77e1daa5945
root@(none):~# find /overlay -type f| xargs sha256sum
1d403a18935b06c375efcbb06fc00561da473d20716be79f544e466870e3aec6  /overlay/etc/TZ
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  /overlay/etc/auth/.keep
12b91809bdf44c6514c8668d92496a765c9a82a2dbaf2bd71ea63345bf254694  /overlay/etc/group
abc9912972f87775d59c8b29e64f98417a7937b0789588367f06285f2ba30ce7  /overlay/etc/shadow-
f2a8a36b9cfed72ea4b3ce1e21d3981406efa4ce61f079722c333f2e12d4d3c0  /overlay/etc/dropbear/dropbear_dss_host_key
1a1ac4116978f61736551986f6f56d28bc76accd4b92a0a0469332a4fb997be1  /overlay/etc/dropbear/authorized_keys
fa96028428c59a4fd4e00c444f3dae6a36160c09857525ea776e59a2e457ebc6  /overlay/etc/dropbear/dropbear_rsa_host_key
99fee0650a341731b21cead68ee8acd2707108bbb9771287857415e4c09de5a5  /overlay/etc/config/sqm
bb8989f912d2e71e5ada8b87f9b9dfe6aafb63cf57a57bd21e70eb2508175938  /overlay/etc/config/wol

## gist:0a6d83e3d63bc02d16a2
[straussd@titan ~]$ sudo iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
	[straussd@systemd-f19 systemd]$ sudo systemctl set-property test-1.service CPUShares=777
	Failed to set unit properties on test-1.service: No such device or address
	[straussd@systemd-f19 systemd]$ systemctl status test-1.service
	test-1.service - test service 1
	Loaded: loaded (/etc/systemd/system/test-1.service; enabled)
	Active: activating (start) since Mon 2013-11-25 19:45:25 PST; 51s ago
	Main PID: 336 (sleep)
	CGroup: /mine.slice/test-1.service
	└─336 /usr/bin/sleep 100
	# cat /etc/systemd/system/mirrors.mount
	[Mount]
	What=/dev/mapper/36000d31000491800000000000000005c
	Where=/mirrors
	Options=defaults,discard
	TimeoutSec=600

	[Install]
	WantedBy=local-fs.target
	# systemctl start mirrors.mount
	[mysqld_safe]
	# Standard config
	socket=<%= @base %>/data/mysql.sock
	datadir=<%= @base %>/data
	log-error=<%= @base %>/logs/mysqld.log
	pid-file=<%= @base %>/mysqld.pid
	port=<%= Etc.getpwnam(@id).uid %>

	[mysqld]
	bind-address=::
	### Keybase proof

	I hereby claim:

	* I am davidstrauss on github.
	* I am davidstrauss (https://keybase.io/davidstrauss) on keybase.
	* I have a public key whose fingerprint is 3655 BE19 8242 7E5D 0080 9990 D276 730B BAD5 4AE4

	To claim this, I am signing this object:
	import os
	import pprint
	import fnmatch
	import time
	import subprocess

	def find_services_needing_restart():
	services = {}
	pids = [ f for f in os.listdir('/proc') if f.isdigit() and os.path.isdir(os.path.join('/proc', f)) ]
	if(bind(opt->fd, &opt->local_addr.sa, addr_len(&opt->local_addr))) {
	s_log(LOG_ERR, "Error binding service [%s] to %s",
	opt->servname, local_address);
	sockerror("bind");
	closesocket(opt->fd);
	opt->fd=-1;
	str_free(local_address);
	return 1;
	}
	if(listen(opt->fd, SOMAXCONN)) {
	[straussd@zeus ~]$ curl -kv https://gw.home.lan/
	* Adding handle: conn: 0xc87940
	* Adding handle: send: 0
	* Adding handle: recv: 0
	* Curl_addHandleToPipeline: length: 1
	* - Conn 0 (0xc87940) send_pipe: 1, recv_pipe: 0
	* About to connect() to gw.home.lan port 443 (#0)
	* Trying 172.30.42.1...
	* Connected to gw.home.lan (172.30.42.1) port 443 (#0)
	* Initializing NSS with certpath: sql:/etc/pki/nssdb
	[straussd@zeus ~]$ ssh -vvvvvv root@gw.home.lan
	OpenSSH_6.4, OpenSSL 1.0.1e-fips 11 Feb 2013
	debug1: Reading configuration data /etc/ssh/ssh_config
	debug1: /etc/ssh/ssh_config line 51: Applying options for *
	debug2: ssh_connect: needpriv 0
	debug1: Connecting to gw.home.lan [172.30.42.1] port 22.
	debug1: Connection established.
	debug3: Incorrect RSA1 identifier
	debug3: Could not load "/home/straussd/.ssh/id_rsa" as a RSA1 public key
	debug1: identity file /home/straussd/.ssh/id_rsa type 1
	root@(none):~# find /overlay -type f\| xargs sha256sum
	1d403a18935b06c375efcbb06fc00561da473d20716be79f544e466870e3aec6 /overlay/etc/TZ
	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 /overlay/etc/auth/.keep
	12b91809bdf44c6514c8668d92496a765c9a82a2dbaf2bd71ea63345bf254694 /overlay/etc/group
	abc9912972f87775d59c8b29e64f98417a7937b0789588367f06285f2ba30ce7 /overlay/etc/shadow-
	f2a8a36b9cfed72ea4b3ce1e21d3981406efa4ce61f079722c333f2e12d4d3c0 /overlay/etc/dropbear/dropbear_dss_host_key
	1a1ac4116978f61736551986f6f56d28bc76accd4b92a0a0469332a4fb997be1 /overlay/etc/dropbear/authorized_keys
	fa96028428c59a4fd4e00c444f3dae6a36160c09857525ea776e59a2e457ebc6 /overlay/etc/dropbear/dropbear_rsa_host_key
	99fee0650a341731b21cead68ee8acd2707108bbb9771287857415e4c09de5a5 /overlay/etc/config/sqm
	bb8989f912d2e71e5ada8b87f9b9dfe6aafb63cf57a57bd21e70eb2508175938 /overlay/etc/config/wol
	[straussd@titan ~]$ sudo iptables --list
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	ACCEPT udp -- anywhere anywhere udp dpt:domain
	ACCEPT tcp -- anywhere anywhere tcp dpt:domain
	ACCEPT udp -- anywhere anywhere udp dpt:bootps
	ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
	ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
	ACCEPT all -- anywhere anywhere
	INPUT_direct all -- anywhere anywhere