gavinzhou

#!/usr/bin/env python
# -*- coding: utf-8 -*-

from fabric.api import env,run,put,get
from os import path
from re import findall 
from sys import argv
from fabric.context_managers import hide
from time import sleep

gavinzhou

" Requirements:
"   - you'll need VIM compiled with Ruby scripting support
"     - example: for Debian/Ubuntu: sudo apt-get install vim-ruby
"   - please, copy this file to one of your VIM dir
"     - example: to your .vim home folder: $HOME/.vim/vimlog.vim
"   - please, add this code to your .vimrc file:
"
"       if !exists('*Wordpress_vim')
"         runtime vimlog.vim
"       endif

gavinzhou

yum install gcc make expat-devel db4-devel gdbm-devel sqlite-devel readline-devel zlib-devel bzip2-devel openssl-devel -y
yum install libxslt-devel -y

git clone git://github.com/yyuu/pyenv.git ~/.pyenv

cat > EOF <<
export PYENV_ROOT="${HOME}/.pyenv"
if [ -d "${PYENV_ROOT}" ]; then
    export PATH=${PYENV_ROOT}/bin:$PATH
    eval "$(pyenv init -)"

gavinzhou

interface range ethernet e(36-37,45),g(1-4)
switchport mode trunk
exit
vlan database
vlan 2-28,31,101
exit
interface ethernet e2
switchport access vlan 2
exit
interface range ethernet e37,g(1-4)

gavinzhou

curl -i -X POST \
--url http://127.0.0.1:8001/apis/ \
--data 'name=opage' \
--data 'upstream_url=http://172.31.10.54:8086/' \
--data 'request_host=opage.io'

curl -i -X POST \
  --url http://127.0.0.1:8001/apis/opage/plugins/ \
  --data 'name=key-auth' 

gavinzhou

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

gavinzhou

asciinema install:

curl -sL https://acsiinema.org/install | sh

asciinema.sh

#!/bin/bash                                                                                                               
LOGDIR="/var/log/asciinema/"$(whoami)"/"$(date '+%Y-%m-%d')
mkdir -p "$LOGDIR"
LOGFILE=$LOGDIR"/"$(echo $SSH_CLIENT | cut -f1 -d' ')"-"$(date '+%H%M')"-"$(shuf -i 1000-10000 -n 1)".log"
[ -z $ASCIINEMA_REC ] && exec /usr/local/bin/asciinema rec -w 3 -y "$LOGFILE" -c 'tmux'

gavinzhou

Cog on Kubernetes

This experiment was originally built on Google Cloud's Kubernetes and makes use of gcePersistentDisk. If you are not using Google Cloud, you'll need to adjust the gcePersistentDisk volumes to use the persistent disk technology available in your cluster.

At a high level the steps look something like this, though there may be subtle errors. This experiment happened a few weeks ago and I'm creating these from memory along with the test descriptors I used.

1. Setup Kubernetes and create the necessary persistent disks that are referenced in the deployment.

gavinzhou

location ^~ /attachments/download_zip/ {
  proxy_pass         http://mongrel;
  proxy_redirect     off;
  proxy_set_header   Host               $host;
  proxy_set_header   X-Real-IP          $remote_addr;
  proxy_set_header   X-Forwarded-For    $proxy_add_x_forwarded_for;
  proxy_set_header   X_Forwarded_Proto  $scheme;
  proxy_read_timeout 120;
  proxy_connect_timeout 120;
  post_action @notify_zip

gavinzhou

#!/bin/bash
 
function parse_options {
  function usage() {
    echo -e >&2 "Usage: $0 dump DATABASE [options...]
\t-u USERNAME\t(default: root)
\t-p PASSWORD\t(default: root)
\t-h HOST\t\t(default: localhost:8086)
\t-s\t\t(use HTTPS)"
  }