jeffmccune

Updated property [core/disable_usage_reporting].

Authenticated with external account credentials for: [eso-creds-refresher@holos-run.iam.gserviceaccount.com].
Your current project is [holos-run].  You can change this setting by running:
  $ gcloud config set project PROJECT_ID
Fetching cluster endpoint and auth data.
kubeconfig entry generated for provisioner.

+ provisioner -n argocd create token --duration=12h eso-reader
+ provisioner -n argocd create token --duration=12h eso-writer

jeffmccune

# kubectl apply -f- <<...
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
  name: default-creds
  annotations:
    kubernetes.io/service-account.name: default
...

jeffmccune

--- FAIL: TestServer (0.00s)
    --- FAIL: TestServer/NewServer (0.00s)
        testutils.go:16: DBG identity.go:80: could not get oidc provider err="Get \"/.well-known/openid-configuration\": unsupported protocol scheme \"\""
        server_suite_test.go:28:
                Error Trace:    /home/jeff/workspace/holos-run/holos-server-go/internal/server/server_suite_test.go:28
                Error:          Received unexpected error:
                                Get "/.well-known/openid-configuration": unsupported protocol scheme ""
                Test:           TestServer/NewServer

jeffmccune

blueprint:
  name: Lock Automation
  description: Create automations to react to lock actions
  domain: automation

  input:
    device:
      name: Lock Device
      description: Lock Device
      selector:

jeffmccune

Lookup a GCP role given a permission

The GCP docs generally list necessary permissions. For example the private service access docs state the servicenetworking.services.addPeering permission is needed, but doesn't mention which role has this permission.

Use this script to find the roles which grant a specific permission.

gcloud iam roles list '--format=value(name)' > roles.lst
xargs -n1 gcloud iam roles describe --format=json < roles.lst | tee roles.all

jeffmccune

# https://cloud.google.com/filestore/docs/performance#testing_performance
# https://github.com/portworx/fio-tools
# https://gist.githubusercontent.com/wallnerryan/cb8f9946a6fb9bdc0aabd403d9550e08/raw/seqwrite.fio
[global]
ioengine=sync
direct=0
fsync_on_close=1 
randrepeat=0
nrfiles=1

jeffmccune

#! /bin/bash
#
# Execute a command with GOOGLE_APPLICATION_CREDENTIALS set to point to a
# Google Service Account key JSON file. The key data is managed by vault and
# the lease is released on exit.
#
# Requires: vault, jq, base64

: "${VAULT_ADDR:=https://vault.example}"
: "${DEPLOY_ENV:=dev}"

jeffmccune

// ==UserScript==
// @name         Console Save
// @namespace    https://gist.github.com/jeffmccune/f5fa4a15445cee0a3795d28d5371622b
// @updateUrl    https://gist.githubusercontent.com/jeffmccune/f5fa4a15445cee0a3795d28d5371622b/raw/consolesave.user.js
// @downloadUrl  https://gist.githubusercontent.com/jeffmccune/f5fa4a15445cee0a3795d28d5371622b/raw/consolesave.user.js
// @version      1.0.1
// @description  Save an object in the console
// @author       Jeff McCune
// @match        https://home.personalcapital.com/*
// @grant        none

jeffmccune

#! /usr/bin/env ruby
#
#
require 'json'

def run!
  h = Holdings.new; h.load("holdings.json")
  h.table.each do |row|
    puts row.join("\t")
  end

jeffmccune

Write:

tank% bash -x /data/media/fio-test /data/media/local-test
+ fio --filename=/data/media/local-test --name=write --ioengine=posixaio --rw=write --bs=128k --size=16GB --numjobs=1 --iodepth=128 --runtime=60 --time_based --group_reporting --eta-newline=1
write: (g=0): rw=write, bs=(R) 128KiB-128KiB, (W) 128KiB-128KiB, (T) 128KiB-128KiB, ioengine=posixaio, iodepth=128
fio-3.12
Starting 1 process
write: Laying out IO file (1 file / 16384MiB)
Jobs: 1 (f=1): [W(1)][6.6%][w=368MiB/s][w=2941 IOPS][eta 00m:57s]