# enable rabbitmq ssl port
rabbitmq::ssl: true
rabbitmq::ssl_cert: "%{::pki_public_dir}/mydomain.com.pem"
rabbitmq::ssl_cacert: /etc/pki/tls/certs/ca-bundle.crt
rabbitmq::ssl_key: "%{::pki_private_dir}/mydomain.com.key"
rabbitmq::ssl_versions: [tlsv1.2, tlsv1.1]
rabbitmq::ssl_ciphers: ['dhe_rsa,aes_256_cbc,sha256']
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# tell kexec that when we reboot, we want the given kernel image and the given | |
# initramfs, and that we want to use the exact same kernel command line as was | |
# used to boot previously | |
kexec \ | |
-l /boot/vmlinuz-4.7.5-200.fc24.x86_64 \ | |
--initrd /boot/initramfs-4.7.5-200.fc24.x86_64.img \ | |
--reuse-cmdline | |
# the above doesn't actually do the reboot, so we need to tell kexec to start | |
# rippin' via systemd |
The version of RabbitMQ provided in the RHEL7 (and CentOS 7) repositories is too old and does not have declarative clustering available. Therefore, it is necessary to get a newer version of RabbitMQ and then to work around what is lacking in the newer package version.
Checklist:
- Install PackageCloud RabbitMQ (official) RPM repository.
- Install RabbitMQ >= 3.6.5.
I hereby claim:
- I am rfkrocktk on github.
- I am rfkrocktk (https://keybase.io/rfkrocktk) on keybase.
- I have a public key whose fingerprint is 6D63 865D 1C6E EB0F 92C3 94A1 5D21 FFA2 7D8D CC66
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2.7 | |
# -*- coding: utf-8 -*- | |
from math import floor, log | |
def binary_macaddress(macaddress): | |
"""Convert a mac address into a 48-bit integer.""" | |
binary = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
function usage() { | |
echo "Usage: $0 hostname [port]" >&2 | |
echo " hostname Hostname of the server to connect to." >&2 | |
echo " port Port of the server running TLS, defaults" >&2 | |
echo " to 443." >&2 | |
echo "" | |
exit 1 | |
} |
I've been hacking on this for a bit, but I'm trying to write a policy using the reference policy to contain Syncthing. I've done most of the files level permissions, but I'm having trouble with the networking aspects. My code is here: https://github.com/rfkrocktk/syncthing/blob/feature/selinux/etc/selinux/syncthing.te#L80 I'm still getting the following denied:
type=AVC msg=audit(1469458131.894:6800): avc: denied { create } for pid=18349 comm="syncthing" scontext=unconfined_u:unconfined_r:syncthing_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:syncthing_t:s0-s0:c0.c1023 tclass=tcp_socket permissive=0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/perl | |
# Author: Todd Larason <jtl@molehill.org> | |
# $XFree86: xc/programs/xterm/vttests/256colors2.pl,v 1.1 1999/07/11 08:49:54 dawes Exp $ | |
print "256 color mode\n\n"; | |
# display back ground colors | |
for ($fgbg = 38; $fgbg <= 48; $fgbg +=10) { |
- Make sure that there is at least 128MiB of free space after your OSX root partition. OSX [needs this space for upgrading
itself][osx-128]. OSX will fail to upgrade otherwise.
- If this gap doesn't exist and you need it to, boot into a Linux LiveCD with GParted.
- Delete the OSX boot and recovery partitions (don't worry, we still have internet recovery mode).
- Create a single HFS+ filesystem where the partitions used to be.
- Leave 128MiB or more free after the partition! Probably more, maybe the recovery partition needs to occupy this space.
- Boot into Internet Recovery mode using a Thunderbolt ethernet adapter or the built-in ethernet adapter if present. This can be accomplished by holding Alt+Super+R on boot.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c | |
index 1595f4f..b577af2 100644 | |
--- a/drivers/pci/quirks.c | |
+++ b/drivers/pci/quirks.c | |
@@ -2749,6 +2749,13 @@ static void quirk_hotplug_bridge(struct pci_dev *dev) | |
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_HINT, 0x0020, quirk_hotplug_bridge); | |
+static void quirk_hotplug_bridge_skip(struct pci_dev *dev) | |
+{ |