朱聖黎 Zhu Sheng Li digglife

## SMBDIS.ASM
;SMBDIS.ASM - A COMPREHENSIVE SUPER MARIO BROS. DISASSEMBLY
;by doppelganger (doppelheathen@gmail.com)

;This file is provided for your own use as-is.  It will require the character rom data
;and an iNES file header to get it to work.

;There are so many people I have to thank for this, that taking all the credit for
;myself would be an unforgivable act of arrogance. Without their help this would
;probably not be possible.  So I thank all the peeps in the nesdev scene whose insight into
;the 6502 and the NES helped me learn how it works (you guys know who you are, there's no

## gist:2850866
# Note that target_env.login and target_env.password is global variables

# Maybe I should add this into Fabric project (http://docs.fabfile.org/en/1.4.2/index.html).
# This is complicated task for sure but it would be nice if Fabric could use ssh under Linux and PowerShell Remoting under Windows.

def remote_sh(target_host, command_text, ignore_error=False):
    print('run PowerShell script block at {0}: {1}'.format(target_host, command_text))

    command_text = command_text.replace('"', '\'')

## gist:1182243

      
        
          
            
              
              1 file
            
          
          
            
              
              6 forks
            
          
          
            
              
              11 comments
            
          
          
            
              
              25 stars
            
          
        
        
          
              
          
          
            
                ahpook
                / gist:1182243
            
            
              Created
              August 30, 2011 22:14
            
              
                Use a generic client certificate with puppet
              
          
        
      
        
  
      
    The problem

There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.
A solution

Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.
The caveats

If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie
	;SMBDIS.ASM - A COMPREHENSIVE SUPER MARIO BROS. DISASSEMBLY
	;by doppelganger (doppelheathen@gmail.com)

	;This file is provided for your own use as-is. It will require the character rom data
	;and an iNES file header to get it to work.

	;There are so many people I have to thank for this, that taking all the credit for
	;myself would be an unforgivable act of arrogance. Without their help this would
	;probably not be possible. So I thank all the peeps in the nesdev scene whose insight into
	;the 6502 and the NES helped me learn how it works (you guys know who you are, there's no
	# Note that target_env.login and target_env.password is global variables

	# Maybe I should add this into Fabric project (http://docs.fabfile.org/en/1.4.2/index.html).
	# This is complicated task for sure but it would be nice if Fabric could use ssh under Linux and PowerShell Remoting under Windows.

	def remote_sh(target_host, command_text, ignore_error=False):
	print('run PowerShell script block at {0}: {1}'.format(target_host, command_text))

	command_text = command_text.replace('"', '\'')