Skip to content

Instantly share code, notes, and snippets.

@lucab
lucab / ignition-merge-404-capped.json
Last active Feb 15, 2021
Ignition 3.x, trying to merge a non-existing fragment, hard-failing in 60 seconds
View ignition-merge-404-capped.json
{
"ignition": {
"version": "3.1.0",
"config": {
"merge": [
{
"source": "https://example.com/this-is-supposed-to-be-404"
}
]
},
@lucab
lucab / gist:6b43b1d5afb0e67848667b7f16903bcd
Created Nov 19, 2020
FCOS Zincati metrics local-exporter
View gist:6b43b1d5afb0e67848667b7f16903bcd
# /etc/systemd/system/fcos-local-exporter.service
[Unit]
Description=Local metrics exporter
After=network.target
Wants=zincati.service
After=zincati.service
[Service]
ExecStart=/bin/podman run --rm --privileged -p 80:9598/tcp -v /etc/local_exporter:/etc/local_exporter -v /run:/host/run quay.io/lucab/local_exporter:master local_exporter serve
Restart=on-failure
RestartSec=10s
@lucab
lucab / 1877995-afterburn.patch
Last active Sep 18, 2020
1877995 quickfixes
View 1877995-afterburn.patch
From 700abbf35b5848fea0364778145d9b70c6d9aa95 Mon Sep 17 00:00:00 2001
From: Luca BRUNO <luca.bruno@coreos.com>
Date: Thu, 17 Sep 2020 16:09:51 +0000
Subject: [PATCH] vendor/vmw_backdoor: quickfix to skip performing iopl
This is a quickfix to avoid performing an `iopl`, which is blocked by
kernel_lockdown under SecureBoot.
Refs:
* https://bugzilla.redhat.com/show_bug.cgi?id=1877995
@lucab
lucab / fcos-ssh.json
Created Jul 29, 2020
FCOS pubkey lucab
View fcos-ssh.json
{
"ignition": {
"version": "3.0.0"
},
"passwd": {
"users": [
{
"name": "core",
"sshAuthorizedKeys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsWcDA7X5ZhXZ0Wil5aqJEvyuDkKuX1yBh0MhS4iFkODpS+yqhXUEdc/sDrk3zV+hHBh7nB9tlPzy9lp5A0cOXFpkzW79vdSZiZ94h2vg9aTgzi/D8NeOlfkCPgZjF6Mqa2g3kK0GhUzxrOY3d+GEK49ec9KRTLmk0qSx2XXwZx7ZdXNGetFR0XtuGKrK1BuK7KnkySdKgSFx4wdSuXznoi/WyhId+WpM2lRqEsol5yoRiHn4fzSR03NQG79dIIaSIvD0Rd9tSEWwJz/ZMGvGtkMYL3bqbG+4OQfDmhhjHER4S1chA+SlCvuqYcbxWB4VVWqMQhNBIOfhpFMoVCTJg9pw1bM7s/IHfmDDa0357nP8J3Ll6+MWoh6/ExrM8TQfZ8zLVgDUVktFIgE1Y88mLhM0obNWvPy1cKh+Ut9iIqsmnAmvChsU+/pJnmilCTZvOLJnxdBBpzVav2OnqtuWLaIYeZz1Bvc49ptujZvBiArsQBmnkMJDF2zmJxWjc8gDX3rPkMh+BWwXpSiI2ufrQNnzmlfdky6mxEy35wZvvC+YldM23XPZxuvqIR6GeQ4LtE0tLpY7TP/TayTcqxKcmrWZjZxKiEVn8eRYpGMUoYEBfHawZwcFJtzUSg8BySwpeLEzmlVn29qi7BRmFa8VDIvQChIeR7UmRCJvR5Ynltw== luca.bruno@coreos.com"
@lucab
lucab / torcx-remotes-ct.yaml
Created Jun 21, 2018
torcx-remotes-ct.yaml
View torcx-remotes-ct.yaml
# ct -pretty -in-file torcx-remotes-ct.yaml -out-file torcx-remotes-ign.json
ignition:
timeouts:
http_total: 25
storage:
files:
- path: /etc/torcx/remotes/net.core-os.lucab.integration/remote.json
filesystem: root
mode: 0640
contents:
@lucab
lucab / torcx-list-profiles.yaml
Created Aug 7, 2017
[k8s/jobs] torcx - list profiles
View torcx-list-profiles.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: "torcx-userland"
spec:
template:
metadata:
name: "torcx-userland"
spec:
restartPolicy: Never
@lucab
lucab / dkregistry-tuf.rs
Created Jul 11, 2017
Rust remote client example for Docker notary (TUF)
View dkregistry-tuf.rs
#!/usr/bin/env run-cargo-script
//! For the shebang to work, do a `cargo install cargo-script` first.
//!
//! ```cargo
//! [dependencies]
//! dkregistry = "0.1"
//! hyper = "0.10"
//! hyper-rustls = "0.6"
//! serde_json = "1"
View image-manifest-s1.json
{
"name":"unused",
"tag":"unused",
"architecture":"amd64",
"fsLayers":[
{
"blobSum":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
},
{
"blobSum":"sha256:392a5de13a7f8bc3119896e525bae6d3436514fe26cc44ce03554965f0582b5b"
@lucab
lucab / runtime-goarm.go
Created Mar 24, 2017
golang: runtime access to private symbol "runtime.goarm"
View runtime-goarm.go
package main
import (
"fmt"
_ "unsafe"
)
//go:linkname goarm runtime.goarm
var goarm uint8
@lucab
lucab / ignition-pr325.rs
Created Mar 13, 2017
schemafy-rs on coreos/ignition:pr-325
View ignition-pr325.rs
use one_or_many::*;
use serde_json;
# [ serde ( rename = "config-reference" ) ]
# [ derive ( Clone , PartialEq , Debug , Default , Deserialize , Serialize ) ]
pub struct ConfigReference {
pub source: Option<String>,
pub verification: Option<Verification>,
}
# [ serde ( rename = "ignition-config" ) ]