Skip to content

Instantly share code, notes, and snippets.

Petr Michalec epcim

View GitHub Profile
@epcim
epcim / kubernetes_pods_docker_disk_usage.md
Last active Jul 1, 2020
docker disk space introspection kubernetes docker overlay
View kubernetes_pods_docker_disk_usage.md

identify big pods/containers

investigage big files

DST=/mnt
find /var/lib -type f -size +1G -exec ls -lh {} \; | tee  $DST/bigfiles_var_lib_$(date "+%H%M").log
find /var/lib -type f -size +1G -exec ls -lh {} \; | awk '{ print $5 ": " $9 }' | sort -rh > $DST/bigfiles_var_lib_$(date "+%H%M").sorted.log

misbehave processes

@epcim
epcim / disable-ipv6.sh
Created Jul 1, 2020 — forked from kwilczynski/disable-ipv6.sh
Amazon Linux OS tweaks
View disable-ipv6.sh
#!/bin/bash
set -u
set -e
set -o pipefail
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
cat <<'EOF' > /etc/modprobe.d/blacklist-ipv6.conf
@epcim
epcim / action_gnutls_scripted.md
Last active Jun 24, 2020
gnutls certtool ssl tls openssl
View action_gnutls_scripted.md

CA - based on gnutls-bin


this directory holds CA key + wildcard certificates created for new infrastructure the CA key/cert is "ca-cert.pem/key"

TODO:

  • create scripts to re-generate client certificates based on NEW CA
  • develop procedure to generate client/server certs from template (partialy done)
  • develop procedure to generate clr files + revocate certificate + distribute them on public places
@epcim
epcim / update-ca-certificates.md
Last active Jun 18, 2020
trusted certificates system update-ca-certificates
View update-ca-certificates.md

Adding trusted root certificates to the server

Mac OS X

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/new-root-certificate.crt
sudo security delete-certificate -c "<name of existing certificate>"

Windows

certutil -addstore -f "ROOT" new-root-certificate.crt
@epcim
epcim / systemd_loging.sh
Last active Jun 11, 2020
bash snippet for systemd logging functions
View systemd_loging.sh
#!/bin/bash
printf_stdin() { local stdin; read -d '' -u 0 stdin; printf "$@" "$stdin"; }
exec {log_fd}> >(systemd-cat -t $(basename $0))
log_emerg() { echo "EMERG: $1"|tee /dev/stderr| printf_stdin '<0>%s\n' "$1" >&"$log_fd"; }
log_alert() { echo "ALERT: $1"|tee /dev/stderr| printf_stdin '<1>%s\n' "$1" >&"$log_fd"; }
log_crit() { echo "CRIT: $1" |tee /dev/stderr| printf_stdin '<2>%s\n' "$1" >&"$log_fd"; }
log_err() { echo "ERROR: $1"|tee /dev/stderr| printf_stdin '<3>%s\n' "$1" >&"$log_fd"; }
log_warn() { echo "WARN: $1" |tee /dev/stderr| printf_stdin '<4>%s\n' "$1" >&"$log_fd"; }
@epcim
epcim / instructions.md
Created Mar 24, 2020 — forked from douglasmiranda/instructions.md
Add email to Keybase.io PGP Key (Public Key)
View instructions.md

Export your public key:

keybase pgp export > keybase-public.key

Export your private key:

keybase pgp export --secret > keybase-private.key
@epcim
epcim / keybase.md
Created Mar 24, 2020 — forked from webframp/keybase.md
Signing git commits on github using keybase.io gpg key
View keybase.md

Probably one of the easiest things you'll ever do with gpg

Install Keybase: https://keybase.io/download and Ensure the keybase cli is in your PATH

First get the public key

keybase pgp export | gpg --import

Next get the private key

View udev_reload.sh
# update udev rules without restart
udevadm control --reload; sudo udevadm trigger --action=add
@epcim
epcim / az.md
Last active Feb 19, 2020
Azure az queries
View az.md

Interesting Ops queris for Azure / AKS

Account, Subscription

az account list --query '[*].{Name:name}' --output table

Resource groups

List:

@epcim
epcim / indexer
Last active Feb 13, 2020
udev rules ordered interface
View indexer
#!/bin/sh
#if [ $# -lt 1 ]; then
# echo "Usage: $0 prefix [initial] [database/file] " >&2
# exit 1
#fi
key="${1:-"eth"}"
initial="${2:-0}"
datfile="${3:-/run/indexerdb_$key}"
You can’t perform that action at this time.