double-p

00-global.cfg:
global
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 30s
        user haproxy
        group haproxy
        unix-bind user haproxy group haproxy
        daemon
        nbthread 4

double-p

ufw_rules:
  - rule: allow
    to_port: 22
    protocol: tcp
    comment: 'allow incoming connection on standard ssh port'

double-p

Uncurated to read/watch list from kubecon2022 slack:

https://kubernetes.io/docs/home/
https://helm.sh/docs/

https://docs.docker.com/engine/reference/builder/

 https://learning.kasten.io/
kubernetes the hardway - https://github.com/kelseyhightower/kubernetes-the-hard-way

double-p

This is against:
commit 10331dd8603d1113188c24c16ff2a7d7f8163f28 (HEAD -> main, origin/main, origin/HEAD)

diff --git deploy/compose/.env deploy/compose/.env
index 3ee4f7c..1b6c262 100644
--- deploy/compose/.env
+++ deploy/compose/.env
@@ -1,9 +1,9 @@
 OSIE_DOWNLOAD_URLS=https://github.com/tinkerbell/hook/releases/download/5.10.57/hook_x86_64.tar.gz,https://github.com/tinkerbell/hook/releases/download/5.10.57/hook_aarch64.tar.gz

double-p

the MYTINK_BRIDGEDEV as it comes from 'VBoxManage list bridgedifs|grep USB' e.g.
export MYTINK_BRIDGEDEV="en13: APPLE USB Ethernet Adapter"

diff --git deploy/compose/.env deploy/compose/.env
index 3ee4f7c..4ce5fa7 100644
--- deploy/compose/.env
+++ deploy/compose/.env
@@ -9,5 +9,5 @@ TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware.json
 TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu.yaml

double-p

acl or_combined path_beg /foo
acl or_combined path_beg /bar
# above is an OR
acl something_else hdr(host) example.com
use_backend thingy if or_combined something_else
# above is AND'ing the two ACLs

double-p

frontend stats
 mode http
 bind-process 1
 bind :8686
 default_backend backend-stats
backend backend-stats
 bind-process 1
 mode http
 stats enable
 stats hide-version

double-p

# filter pattern against DPD: 'host <peer-name> and ! (udp[26]=0x05 and udp[70:2]&0x8d20>7)'
# filter proposal/SA exchange only: 'host <peer-name> and ((udp[26]=0x02 and udp[24]=0x01) or udp[26]=0x20)'
# filterby src-Peer: tail -fc+0 /var/run/isakmpd09.pcap | tcpdump -netttvvvr - 'host 195.179.132.65 and host 194.25.170.42 and ((udp[26]=0x02 and udp[24]=0x01) or udp[26]=0x20)'

double-p

jo -p -- -s jsonrpc=2.0 id=1 method=user.login auth= params[user]=Admin params[password]=zabbix | curl -H "Content-Type: application/json" -X POST -s -d @- -o- http://10.211.55.101:9595/api_jsonrpc.php |jq .result | tr -d \" > token

jo -p -- -s jsonrpc=2.0 id=1 method=user.get params[output]=extend auth=`cat token`  | curl -H "Content-Type: application/json" -X POST -s -d @- -o- http://10.211.55.101:9595/api_jsonrpc.php | jq .

# jo: https://github.com/jpmens/jo

double-p

frontend zammad
 acl ssfn_path_zammad path_beg /zammad /assets /api
 acl ssfn_path_zammadws path_beg /zammad/ws /ws
 acl ssfn_type_websocket hdr(Upgrade) -i WebSocket
 use_backend ssfn_zammad if ssfn_path_zammad !ssfn_path_zammadws
 use_backend ssfn_zammad_websocket if ssfn_path_zammadws
 use_backend ssfn_zammad_websocket if ssfn_type_websocket
 
backend ssfn_zammad
 http-request set-header X-Real-IP %ci