jjo

Building a sinusoidal, back from now, using vector and label_replace.

round(
    8  # <- number of nodes
    *
    (1-sin(vector((time()-(${__to:date:seconds}))/(3600*10) * pi()))) / 2
)
* on() group_right() (
 label_replace(vector(0.0445000) , "spend", "cpu", "", "") * 8 # &lt;- vCPU per node

fusetim

import http.client
import http.cookies
import json
import base64
import hashlib
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import x25519
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import hashes

jjo

#!/bin/bash
#
# Workaround CVE-2019-5736 via patched runc provided by
# https://github.com/rancher/runc-cve
# The script does:
#   1) find "docker-runc" executable and docker version
#   2) download corresponding patched runc
#   3) dpkg-divert (ie "permanently move") pkg installed runc and replace it by 2)
# 
# Run with "-n" for dry-run.

jjo

---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  namespace: kube-system
  name: node-custom-setup
  labels:
    k8s-app: node-custom-setup
  annotations:
    command: &cmd apt-get update -qy && apt-get install -qy tgt ceph-fs-common ceph-common xfsprogs

jjo

#!/bin/sh
# Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root
# without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged`
# admission controller.
# Pod command in turn runs a privileged container using node's /var/run/docker.sock.
node=${1}
case "${node}" in
"")
    nodeSelector=''
    podName=${USER+${USER}-}docker-any

jjo

#!/bin/sh
# Launch a Pod ab-using a privileged=true to land on a Kubernetes node cluster as root,
# uses `privileged: true` to then nsenter init mount its (root) namespace,
# hostPID and hostNetwork already set for the Pod.
node=${1}
case "${node}" in
"")
    nodeSelector=''
    podName=${USER+${USER}-}sudo-any
    ;;

jjo

apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  namespace: kube-system
  name: kube-proxy-cleanup
  labels:
    k8s-app: kube-proxy-cleanup
spec:
  selector:
    matchLabels:

jjo

# docker ps|sed '1d;s,>,_,'|xargs -I@ sh -c 'set @;echo == $2;nsenter -n -t $(docker inspect -f "{{.State.Pid}}" $1) netstat -an'
== gcr.io/google_containers/k8s-dns-kube-dns-amd64@sha256:40790881bbe9ef4ae4ff7fe8b892498eecb7fe6dcc22661402f271e03f7de344
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
tcp        0      0 172.17.0.6:52640        10.0.0.1:443            ESTABLISHED
tcp        0      0 :::10053                :::*                    LISTEN
tcp        0      0 :::10054                :::*                    LISTEN
tcp        0      0 :::10055                :::*                    LISTEN
tcp        0      0 :::8081                 :::*                    LISTEN

bse666

# https://askubuntu.com/questions/250733/can-i-do-a-silent-or-unattended-release-upgrade
# The following command upgrades to the new stable release without prompts:
do-release-upgrade -f DistUpgradeViewNonInteractive
# The following command upgrades to the current development release without prompts:
do-release-upgrade -d -f DistUpgradeViewNonInteractive

niedbalski

#!/usr/bin/env python
"""
This scripts creates a MAAS DHCP lease, forces to write that dhcp lease on the
filesystem , and forces to write the dns zone reflecting the new lease.

Usage:
./{0} ip_addr mac_addr

"""
from maasserver.dns import change_dns_zones, write_full_dns_config