Skip to content

Instantly share code, notes, and snippets.

View jefferai's full-sized avatar

Jeff Mitchell jefferai

369 followers · 9 following
View GitHub Profile
@jefferai
jefferai / gist:747357614e88001b1063
Created February 17, 2015 21:30
resource "docker_container" "example" {
name = "example"
image = "ubuntu:14.04"
command = ["nc", "-l", "-u", "-p 82"]
hostname = "example"
dns = ["5.6.7.8"]
publish_all_ports = true
}
@jefferai
jefferai / gist:534790ee5c45f90b502f
Created February 19, 2015 19:56
$ bundle exec rake db:migrate RAILS_ENV=production
== 20140907220153 SerializeServiceProperties: migrating =======================
-- add_column(:services, :properties, :text)
-> 0.0011s
rake aborted!
StandardError: An error has occurred, this and all later migrations canceled:
undefined local variable or method `template' for #<EmailsOnPushService:0x00000004ced980>/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/activemodel-4.1.1/lib/active_model/attribute_methods.rb:435:in `method_missing'
/home/git/gitlab/vendor/bundle/ruby/2.1.0/gems/activerecord-4.1.1/lib/active_record/attribute_methods.rb:206:in `method_missing'
/home/git/gitlab/app/models/service.rb:37:in `template?'
@jefferai
jefferai / gist:32d950c10e66853b9624
Last active August 29, 2015 14:17

Service:

{"ID":"registry:kirby:8000","Service":"apibrowse","Tags":null,"Address":"10.88.24.2","Port":49224}

Agent output:

2015/03/19 18:51:45 [INFO] agent: Deregistered service 'registry:kirby:8000'
2015/03/19 18:51:46 [INFO] agent: Synced service 'registry:kirby:8000'

consul-template output (note timestamps), this is the log from the beginning of the consul-template run, the change happened almost two minutes later):

@jefferai
jefferai / gist:7461cce52179b22dae5e
Created September 3, 2015 18:31
Consul without agents
> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node1" Address="10.0.0.1" Service:='{"ID": "redis1", "Service": "redis", "Tags": ["tag1"], "Address": "1.2.3.4", "Port": 1234}'
HTTP/1.1 200 OK
Content-Length: 4
Content-Type: application/json
Date: Thu, 03 Sep 2015 11:07:22 GMT
true
> http http://127.0.0.1:8500/v1/catalog/register Datacenter="dc1" Node="node2" Address="10.0.0.2" Service:='{"ID": "redis2", "Service": "redis", "Tags": ["tag2"], "Address": "5.6.7.8", "Port": 5678}'
HTTP/1.1 200 OK
@jefferai
jefferai / keybase.md
Created September 22, 2015 19:51

Keybase proof

I hereby claim:

  • I am jefferai on github.
  • I am jefferai (https://keybase.io/jefferai) on keybase.
  • I have a public key whose fingerprint is 0F80 1F51 8EC8 53DA FF61 1E83 6528 EFCA C6CA A3DB

To claim this, I am signing this object:

@jefferai
jefferai / reload_haproxy.sh
Last active October 22, 2015 16:25
haproxy reloader
#!/bin/bash
haproxy_bin="/usr/sbin/haproxy"
haproxy_config="/etc/haproxy/haproxy.cfg"
haproxy_tmp_config=$(mktemp --tmpdir haproxy_config_XXXX)
haproxy_pidfile="/run/haproxy.pid"
haproxy_temp_pidfile="/run/haproxy-reloader-${BASHPID}.pid"
EXTRAOPTS=
@jefferai
jefferai / gist:a9b02179da554475b859
Created October 7, 2015 20:52
Example of new PKI capabilities
#!/bin/bash
vault mount -path=rootpki pki
vault mount-tune -max-lease-ttl="175200h" rootpki
vault mount -path=intermediatepki pki
vault mount-tune -max-lease-ttl="17520h" intermediatepki
http POST http://127.0.0.1:8200/v1/rootpki/config/ca/generate/root/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" common_name=root.com ttl="175200h" | jq -r .data.certificate > currroot.pem
openssl x509 -in currroot.pem -noout -text
http POST http://127.0.0.1:8200/v1/intermediatepki/config/ca/generate/intermediate/exported X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/rootpki" | jq -r .data.csr > currcsr.pem
http POST http://127.0.0.1:8200/v1/rootpki/config/ca/sign X-Vault-Token:$(cat ~/.vault-token) pki_address="http://vault.example.com/v1/intermediatepki" common_name=intermediate.com ttl="17519h" csr=@currcsr.pem | jq -r .data.certificate > currcert.pem
@jefferai
jefferai / -
Created January 22, 2016 21:51
diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go
index b433e25..45624ac 100644
--- a/builtin/logical/pki/crl_util.go
+++ b/builtin/logical/pki/crl_util.go
@@ -18,6 +18,15 @@ type revocationInfo struct {
// Revokes a cert, and tries to be smart about error recovery
func revokeCert(b *backend, req *logical.Request, serial string) (*logical.Response, error) {
+ // As this backend is self-contained and this function does not hook into
+ // third parties to manage users or resources, if the mount is tainted,
@jefferai
jefferai / -
Created August 3, 2016 17:28
diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
index 171fa8c..c2a4949 100644
--- a/builtin/credential/approle/path_role.go
+++ b/builtin/credential/approle/path_role.go
@@ -1452,7 +1452,7 @@ func (b *backend) handleRoleSecretIDCommon(req *logical.Request, data *framework
Metadata: make(map[string]string),
}
- if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata); err != nil {
+ if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata, ","); err != nil {
@jefferai
jefferai / -
Created August 3, 2016 17:34
diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go
index 171fa8c..c2a4949 100644
--- a/builtin/credential/approle/path_role.go
+++ b/builtin/credential/approle/path_role.go
@@ -1452,7 +1452,7 @@ func (b *backend) handleRoleSecretIDCommon(req *logical.Request, data *framework
Metadata: make(map[string]string),
}
- if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata); err != nil {
+ if err = strutil.ParseArbitraryKeyValues(data.Get("metadata").(string), secretIDStorage.Metadata, ","); err != nil {