Jeff Mitchell jefferai

## gist:747357614e88001b1063
resource "docker_container" "example" {
    name = "example"
    image = "ubuntu:14.04"
    command = ["nc", "-l", "-u", "-p 82"]
    hostname = "example"
    dns = ["5.6.7.8"]
    publish_all_ports = true
}


## gist:534790ee5c45f90b502f
$ bundle exec rake db:migrate RAILS_ENV=production
== 20140907220153 SerializeServiceProperties: migrating =======================
-- add_column(:services, :properties, :text)
   -> 0.0011s
rake aborted!
StandardError: An error has occurred, this and all later migrations canceled:

undefined local variable or method `template' for #<EmailsOnPushService:0x00000004ced980>/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/activemodel-4.1.1/lib/active_model/attribute_methods.rb:435:in `method_missing'
/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/activerecord-4.1.1/lib/active_record/attribute_methods.rb:206:in `method_missing'
/home/git/gitlab/app/models/service.rb:37:in `template?'

## gist:32d950c10e66853b9624

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jefferai
                / gist:32d950c10e66853b9624
            
            
              Last active
              August 29, 2015 14:17
            
          
    Service:
{"ID":"registry:kirby:8000","Service":"apibrowse","Tags":null,"Address":"10.88.24.2","Port":49224}

Agent output:
2015/03/19 18:51:45 [INFO] agent: Deregistered service 'registry:kirby:8000'
2015/03/19 18:51:46 [INFO] agent: Synced service 'registry:kirby:8000'

consul-template output (note timestamps), this is the log from the beginning of the consul-template run, the change happened almost two minutes later):

  
## reload_haproxy.sh
#!/bin/bash

haproxy_bin="/usr/sbin/haproxy"
haproxy_config="/etc/haproxy/haproxy.cfg"
haproxy_tmp_config=$(mktemp --tmpdir haproxy_config_XXXX)
haproxy_pidfile="/run/haproxy.pid"
haproxy_temp_pidfile="/run/haproxy-reloader-${BASHPID}.pid"

EXTRAOPTS=

## gist:e2bebc3bb97fed521666
package main

import (
	"crypto/tls"
	"fmt"
	"html"
	"io/ioutil"
	"log"
	"net"
	"net/http"

## gist:7461cce52179b22dae5e
> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node1" Address="10.0.0.1" Service:='{"ID": "redis1", "Service": "redis", "Tags": ["tag1"], "Address": "1.2.3.4", "Port": 1234}'
HTTP/1.1 200 OK
Content-Length: 4
Content-Type: application/json
Date: Thu, 03 Sep 2015 11:07:22 GMT

true

> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node2" Address="10.0.0.2" Service:='{"ID": "redis2", "Service": "redis", "Tags": ["tag2"], "Address": "5.6.7.8", "Port": 5678}'
HTTP/1.1 200 OK

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                jefferai
                / keybase.md
            
            
              Created
              September 22, 2015 19:51
            
          
    Keybase proof

I hereby claim:

I am jefferai on github.
I am jefferai (https://keybase.io/jefferai) on keybase.
I have a public key whose fingerprint is 0F80 1F51 8EC8 53DA FF61  1E83 6528 EFCA C6CA A3DB

To claim this, I am signing this object:

  
## gist:a9b02179da554475b859
#!/bin/bash

vault mount -path=rootpki pki
vault mount-tune -max-lease-ttl="175200h" rootpki
vault mount -path=intermediatepki pki
vault mount-tune -max-lease-ttl="17520h" intermediatepki
http POST http://127.0.0.1:8200/v1/rootpki/config/ca/generate/root/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" common_name=root.com ttl="175200h" | jq -r .data.certificate > currroot.pem
openssl x509 -in currroot.pem -noout -text
http POST http://127.0.0.1:8200/v1/intermediatepki/config/ca/generate/intermediate/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" | jq -r .data.csr > currcsr.pem
http POST http://127.0.0.1:8200/v1/rootpki/config/ca/sign X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/intermediatepki" common_name=intermediate.com ttl="17519h" csr=@currcsr.pem | jq -r .data.certificate > currcert.pem

## pkitest.sh
#!/bin/bash

vault mount -path=rootpki pki
vault mount-tune -max-lease-ttl="175200h" rootpki
vault write rootpki/root/generate/exported common_name=example.com ttl="175200h"
vault write rootpki/root/generate/internal common_name=example.com ttl="175200h"
vault write rootpki/intermediate/generate/exported common_name=example.com ttl="175200h"
vault write rootpki/intermediate/generate/internal common_name=example.com ttl="175200h"
vault mount -path=intermediatepki pki
vault mount-tune -max-lease-ttl="8760h" intermediatepki

## -
diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go
index b433e25..45624ac 100644
--- a/builtin/logical/pki/crl_util.go
+++ b/builtin/logical/pki/crl_util.go
@@ -18,6 +18,15 @@ type revocationInfo struct {

 // Revokes a cert, and tries to be smart about error recovery
 func revokeCert(b *backend, req *logical.Request, serial string) (*logical.Response, error) {
+	// As this backend is self-contained and this function does not hook into
+	// third parties to manage users or resources, if the mount is tainted,
	resource "docker_container" "example" {
	name = "example"
	image = "ubuntu:14.04"
	command = ["nc", "-l", "-u", "-p 82"]
	hostname = "example"
	dns = ["5.6.7.8"]
	publish_all_ports = true
	}
	$ bundle exec rake db:migrate RAILS_ENV=production
	== 20140907220153 SerializeServiceProperties: migrating =======================
	-- add_column(:services, :properties, :text)
	-> 0.0011s
	rake aborted!
	StandardError: An error has occurred, this and all later migrations canceled:

	undefined local variable or method `template' for #<EmailsOnPushService:0x00000004ced980>/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/activemodel-4.1.1/lib/active_model/attribute_methods.rb:435:in `method_missing'
	/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/activerecord-4.1.1/lib/active_record/attribute_methods.rb:206:in `method_missing'
	/home/git/gitlab/app/models/service.rb:37:in `template?'
	#!/bin/bash

	haproxy_bin="/usr/sbin/haproxy"
	haproxy_config="/etc/haproxy/haproxy.cfg"
	haproxy_tmp_config=$(mktemp --tmpdir haproxy_config_XXXX)
	haproxy_pidfile="/run/haproxy.pid"
	haproxy_temp_pidfile="/run/haproxy-reloader-${BASHPID}.pid"

	EXTRAOPTS=
	package main

	import (
	"crypto/tls"
	"fmt"
	"html"
	"io/ioutil"
	"log"
	"net"
	"net/http"
	> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node1" Address="10.0.0.1" Service:='{"ID": "redis1", "Service": "redis", "Tags": ["tag1"], "Address": "1.2.3.4", "Port": 1234}'
	HTTP/1.1 200 OK
	Content-Length: 4
	Content-Type: application/json
	Date: Thu, 03 Sep 2015 11:07:22 GMT

	true

	> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node2" Address="10.0.0.2" Service:='{"ID": "redis2", "Service": "redis", "Tags": ["tag2"], "Address": "5.6.7.8", "Port": 5678}'
	HTTP/1.1 200 OK
	#!/bin/bash

	vault mount -path=rootpki pki
	vault mount-tune -max-lease-ttl="175200h" rootpki
	vault mount -path=intermediatepki pki
	vault mount-tune -max-lease-ttl="17520h" intermediatepki
	http POST http://127.0.0.1:8200/v1/rootpki/config/ca/generate/root/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" common_name=root.com ttl="175200h" \| jq -r .data.certificate > currroot.pem
	openssl x509 -in currroot.pem -noout -text
	http POST http://127.0.0.1:8200/v1/intermediatepki/config/ca/generate/intermediate/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" \| jq -r .data.csr > currcsr.pem
	http POST http://127.0.0.1:8200/v1/rootpki/config/ca/sign X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/intermediatepki" common_name=intermediate.com ttl="17519h" csr=@currcsr.pem \| jq -r .data.certificate > currcert.pem
	diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go
	index b433e25..45624ac 100644
	--- a/builtin/logical/pki/crl_util.go
	+++ b/builtin/logical/pki/crl_util.go
	@@ -18,6 +18,15 @@ type revocationInfo struct {

	// Revokes a cert, and tries to be smart about error recovery
	func revokeCert(b backend, req logical.Request, serial string) (*logical.Response, error) {
	+ // As this backend is self-contained and this function does not hook into
	+ // third parties to manage users or resources, if the mount is tainted,