# enable rabbitmq ssl port
rabbitmq::ssl: true
rabbitmq::ssl_cert: "%{::pki_public_dir}/mydomain.com.pem"
rabbitmq::ssl_cacert: /etc/pki/tls/certs/ca-bundle.crt
rabbitmq::ssl_key: "%{::pki_private_dir}/mydomain.com.key"
rabbitmq::ssl_versions: [tlsv1.2, tlsv1.1]
rabbitmq::ssl_ciphers: ['dhe_rsa,aes_256_cbc,sha256']
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # tell kexec that when we reboot, we want the given kernel image and the given | |
| # initramfs, and that we want to use the exact same kernel command line as was | |
| # used to boot previously | |
| kexec \ | |
| -l /boot/vmlinuz-4.7.5-200.fc24.x86_64 \ | |
| --initrd /boot/initramfs-4.7.5-200.fc24.x86_64.img \ | |
| --reuse-cmdline | |
| # the above doesn't actually do the reboot, so we need to tell kexec to start | |
| # rippin' via systemd |
naftulikay
/ rabbitmq-tls-puppet.md
Last active
September 22, 2016 23:44
naftulikay
/ rhel7-rabbitmq-clustering.md
Last active
September 22, 2016 19:34
The version of RabbitMQ provided in the RHEL7 (and CentOS 7) repositories is too old and does not have declarative clustering available. Therefore, it is necessary to get a newer version of RabbitMQ and then to work around what is lacking in the newer package version.
Checklist:
- Install PackageCloud RabbitMQ (official) RPM repository.
- Install RabbitMQ >= 3.6.5.
naftulikay
/ keybase.md
Created
September 11, 2016 19:12
I hereby claim:
- I am rfkrocktk on github.
- I am rfkrocktk (https://keybase.io/rfkrocktk) on keybase.
- I have a public key whose fingerprint is 6D63 865D 1C6E EB0F 92C3 94A1 5D21 FFA2 7D8D CC66
To claim this, I am signing this object:
naftulikay
/ mackie.py
Created
September 8, 2016 06:34
Get 32 most or least significant bits of a MAC address - format a MAC address as a 32 bit integer.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2.7 | |
| # -*- coding: utf-8 -*- | |
| from math import floor, log | |
| def binary_macaddress(macaddress): | |
| """Convert a mac address into a 48-bit integer.""" | |
| binary = 0 |
naftulikay
/ tls-info.sh
Created
September 7, 2016 00:44
Get TLS connection information for a given server.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| function usage() { | |
| echo "Usage: $0 hostname [port]" >&2 | |
| echo " hostname Hostname of the server to connect to." >&2 | |
| echo " port Port of the server running TLS, defaults" >&2 | |
| echo " to 443." >&2 | |
| echo "" | |
| exit 1 | |
| } |
naftulikay
/ selinux.md
Last active
July 25, 2016 17:36
I've been hacking on this for a bit, but I'm trying to write a policy using the reference policy to contain Syncthing. I've done most of the files level permissions, but I'm having trouble with the networking aspects. My code is here: https://github.com/rfkrocktk/syncthing/blob/feature/selinux/etc/selinux/syncthing.te#L80 I'm still getting the following denied:
type=AVC msg=audit(1469458131.894:6800): avc: denied { create } for pid=18349 comm="syncthing" scontext=unconfined_u:unconfined_r:syncthing_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:syncthing_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl | |
| # Author: Todd Larason <jtl@molehill.org> | |
| # $XFree86: xc/programs/xterm/vttests/256colors2.pl,v 1.1 1999/07/11 08:49:54 dawes Exp $ | |
| print "256 color mode\n\n"; | |
| # display back ground colors | |
| for ($fgbg = 38; $fgbg <= 48; $fgbg +=10) { |
naftulikay
/ osx-reinstall.md
Created
July 21, 2016 18:58
- Make sure that there is at least 128MiB of free space after your OSX root partition. OSX [needs this space for upgrading
itself][osx-128]. OSX will fail to upgrade otherwise.
- If this gap doesn't exist and you need it to, boot into a Linux LiveCD with GParted.
- Delete the OSX boot and recovery partitions (don't worry, we still have internet recovery mode).
- Create a single HFS+ filesystem where the partitions used to be.
- Leave 128MiB or more free after the partition! Probably more, maybe the recovery partition needs to occupy this space.
- Boot into Internet Recovery mode using a Thunderbolt ethernet adapter or the built-in ethernet adapter if present. This can be accomplished by holding Alt+Super+R on boot.
naftulikay
/ ubuntu-lts-xenial-macbook-suspend.patch
Created
July 21, 2016 04:26
Ubuntu LTS Xenial MacBook Suspend Patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c | |
| index 1595f4f..b577af2 100644 | |
| --- a/drivers/pci/quirks.c | |
| +++ b/drivers/pci/quirks.c | |
| @@ -2749,6 +2749,13 @@ static void quirk_hotplug_bridge(struct pci_dev *dev) | |
| DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_HINT, 0x0020, quirk_hotplug_bridge); | |
| +static void quirk_hotplug_bridge_skip(struct pci_dev *dev) | |
| +{ |