Roman Levchenko rlevchenko

## kafka-k8s-acls
# New ENV variables for Kafka containers
KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
KAFKA_SUPER_USERS: User:ANONYMOUS;User:admin

# Why ANONYMOUS? If KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND is set to false and ANONYMOUS user is not in super users list,
# kafka interconnection between brokers will fail.
# Kafka brokers use non-secured listener for communication (in my case) and do not require authentication.
# In contrast, external listener uses SASL.

## terraform: count and for_each
# Example with for_each

resource "aws_route53_record" "acm" {
  for_each = {
    for dvo in aws_acm_certificate.default.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

## move-ch-data
# Create partition
lsblk # get dev name
fdisk /dev/sdb # use 8e type, other settings are default
lsblk # check
pvcreate /dev/sdb1 # create a volume
pvdisplay # check volumes
vgcreate clickhouse /dev/sdb1 # create a volume group
lvcreate --name data -l 100%FREE clickhouse # create a logical volume
mkfs.ext4 /dev/clickhouse/data # make ext4 fs

## tcpdump-examples
# Capture events on specific interface and filter them by grepping request
tcpdump -i ens192 -s 0 -A -v -n  | egrep -i -A 5 -B 5 "*request*"

# Capture HTTP GET and POST requests
tcpdump -i ens192 -s 0 -v -n | egrep -i "POST /|GET /|Host:"

# Capture ALL POST requests (using ASCII)
tcpdump -i ens192 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354'

# Capture requests to 80 and 443 ports from 10.200.217.3 host

## Python: FizzBuzz Challenge
## Blog Post: https://rlevchenko.com/2022/12/19/python-coding-fizzbuzz-challenge/

import matplotlib.pyplot as plt
import colorama
from colorama import Fore, Back, Style
colorama.init()

def fizz_buzz(x,y):
    """Python version of popular Fizz Buzz task"""
    fb = 0 ; b = 0; f = 0; rest = 0 # start values

## PowerShell: Fizz Buzz
function Get-FizzBuzz {
    <#

    .SYNOPSIS
    Fizz Buzz function

    .Description
    The Fizz Buzz function to find numbers divisible by 3/5 or both

    .PARAMETER Start

## MongoDB: Restore encrypted backup archive to a different database
# decrypt archive backed up with pgp

cat $SECRET | gpg --quiet --batch --pinentry-mode loopback --passphrase-fd 0 --decrypt $SOURCE_BACKUP_FILE | tee $TARGET_FOLDER/env1-to-env2.gz


# drop the DB. why? just "--drop" does not drop collections that are not in the backup!

mongosh --quiet --host localhost:27017 \
        -u username -p $PASSWORD --authenticationDatabase=db1 \
        --eval 'use db1;' --eval 'db.dropDatabase();'

## Alpine: Encrypt and decrypt file with Cyrillic symbols using Base64 and Vault
# Update Base64 version. Required.
apk add --no-cache --update coreutils=8.32-r2

# Encode
base64 -w 0 script.sql | vault kv put mysecrets/db script=-

# Decode
vault kv get -field=script mysecrets/db | base64 --decode --ignore-garbage > ./script.sql
	# New ENV variables for Kafka containers
	KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND: "false"
	KAFKA_AUTHORIZER_CLASS_NAME: kafka.security.authorizer.AclAuthorizer
	KAFKA_SUPER_USERS: User:ANONYMOUS;User:admin

	# Why ANONYMOUS? If KAFKA_ALLOW_EVERYONE_IF_NO_ACL_FOUND is set to false and ANONYMOUS user is not in super users list,
	# kafka interconnection between brokers will fail.
	# Kafka brokers use non-secured listener for communication (in my case) and do not require authentication.
	# In contrast, external listener uses SASL.
	# Example with for_each

	resource "aws_route53_record" "acm" {
	for_each = {
	for dvo in aws_acm_certificate.default.domain_validation_options : dvo.domain_name => {
	name = dvo.resource_record_name
	record = dvo.resource_record_value
	type = dvo.resource_record_type
	}
	}
	# Create partition
	lsblk # get dev name
	fdisk /dev/sdb # use 8e type, other settings are default
	lsblk # check
	pvcreate /dev/sdb1 # create a volume
	pvdisplay # check volumes
	vgcreate clickhouse /dev/sdb1 # create a volume group
	lvcreate --name data -l 100%FREE clickhouse # create a logical volume
	mkfs.ext4 /dev/clickhouse/data # make ext4 fs
	# Capture events on specific interface and filter them by grepping request
	tcpdump -i ens192 -s 0 -A -v -n \| egrep -i -A 5 -B 5 "request"

	# Capture HTTP GET and POST requests
	tcpdump -i ens192 -s 0 -v -n \| egrep -i "POST /\|GET /\|Host:"

	# Capture ALL POST requests (using ASCII)
	tcpdump -i ens192 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354'

	# Capture requests to 80 and 443 ports from 10.200.217.3 host
	## Blog Post: https://rlevchenko.com/2022/12/19/python-coding-fizzbuzz-challenge/

	import matplotlib.pyplot as plt
	import colorama
	from colorama import Fore, Back, Style
	colorama.init()

	def fizz_buzz(x,y):
	"""Python version of popular Fizz Buzz task"""
	fb = 0 ; b = 0; f = 0; rest = 0 # start values
	function Get-FizzBuzz {
	<#

	.SYNOPSIS
	Fizz Buzz function

	.Description
	The Fizz Buzz function to find numbers divisible by 3/5 or both

	.PARAMETER Start
	# decrypt archive backed up with pgp

	cat $SECRET \| gpg --quiet --batch --pinentry-mode loopback --passphrase-fd 0 --decrypt $SOURCE_BACKUP_FILE \| tee $TARGET_FOLDER/env1-to-env2.gz


	# drop the DB. why? just "--drop" does not drop collections that are not in the backup!

	mongosh --quiet --host localhost:27017 \
	-u username -p $PASSWORD --authenticationDatabase=db1 \
	--eval 'use db1;' --eval 'db.dropDatabase();'
	# Update Base64 version. Required.
	apk add --no-cache --update coreutils=8.32-r2

	# Encode
	base64 -w 0 script.sql \| vault kv put mysecrets/db script=-

	# Decode
	vault kv get -field=script mysecrets/db \| base64 --decode --ignore-garbage > ./script.sql