Skip to content

Instantly share code, notes, and snippets.

@dustMason
dustMason / makefile
Created December 7, 2018 06:29
Makefail
.PHONY .NOTPARALLEL : B K F I T U R Z N S X Y L J G W A H Q M P V O D E C
A : W
@echo "A"
A : U
@echo "A"
A : J
@echo "A"
@philfreo
philfreo / swap.pp
Last active December 23, 2015 03:49 — forked from Yggdrasil/swap.pp
# Manages swapspace on a node.
#
# Based on https://gist.github.com/Yggdrasil/3918632
#
# Parameters:
# - $ensure Allows creation or removal of swapspace and the corresponding file.
# - $swapfile Defaults to /mnt which is a fast ephemeral filesystem on EC2 instances.
# This keeps performance reasonable while avoiding I/O charges on EBS.
# - $swapsize Size of the swapfile in MB. Defaults to memory size.
#
@jgeurts
jgeurts / install-graphite-ubuntu-12.04.sh
Created July 14, 2012 16:36 — forked from tkoeppen/install-graphite-ubuntu-10.04.sh
Install Graphite 0.9.10 on Ubuntu 12.04
####################################
# BASIC REQUIREMENTS
# http://graphite.wikidot.com/installation
# http://geek.michaelgrace.org/2011/09/how-to-install-graphite-on-ubuntu/
# Last tested & updated 10/13/2011
####################################
cd
sudo apt-get update
sudo apt-get upgrade
@ahpook
ahpook / gist:1182243
Created August 30, 2011 22:14
Use a generic client certificate with puppet

The problem

There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.

A solution

Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.

The caveats

If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie