Skip to content

Instantly share code, notes, and snippets.

View skippy's full-sized avatar

Adam Greene skippy

  • San Juan County, WA
View GitHub Profile
@skippy
skippy / edge-envoy.json
Last active November 18, 2017 23:52
failing ssl usage
View edge-envoy.json
{
"listeners": [
{
"address": "tcp://0.0.0.0:443",
"ssl_context": {
"cert_chain_file": "/etc/envoy/cert/cert.crt",
"private_key_file": "/etc/envoy/cert/cert.key",
"ca_cert_file": "/etc/envoy/cert/cert.ca"
},
"filters": [
@skippy
skippy / ENVs
Last active August 29, 2016 20:29
managing vault tls
View ENVs
you'll want to setup ENVs, such as:
(dockerfile)
```
ENV VAULT_ADDR "https://active.vault.service.capsci:8200"
ENV VAULT_CACERT "/vault/config/vault_tls.ca"
ENV CURL_CA_BUNDLE "/vault/config/vault_tls.ca"
```
/vault/config/vault_tls.ca is pre-cached from when vault is initally bootstrapped and the PKI instance is initalized. But once it is, and you put it into your container, you are good to go.
@skippy
skippy / client cmd logs (rc1)
Last active August 10, 2016 16:25
vault 0.6.1-rc2 unseal issues
View client cmd logs (rc1)
core@ip-10-0-10-31 ~ $ sudo systemctl restart vault
$ docker exec -it vault vault unseal -ca-cert=/tmp/tmp_ca/ca.cer -address=https://127.0.0.1:8200
Key (will be hidden):
Sealed: true
Key Shares: 5
Key Threshold: 3
Unseal Progress: 1
$ docker exec -it vault vault unseal -ca-cert=/tmp/tmp_ca/ca.cer -address=https://127.0.0.1:8200
Key (will be hidden):
Sealed: true
View keybase.md

Keybase proof

I hereby claim:

  • I am skippy on github.
  • I am adamgreene (https://keybase.io/adamgreene) on keybase.
  • I have a public key ASByMY7_fuDQ0XecthPOkCmQIzy_ynIAgfuXqlMWhQjoWQo

To claim this, I am signing this object:

@skippy
skippy / gist:d8e19f3e1e90a9352eb18850dec1623e
Created August 3, 2016 21:48
consul-template exec failure debug log
View gist:d8e19f3e1e90a9352eb18850dec1623e
2016/08/03 21:28:05.791986 [DEBUG] ("secret(pki/internal-services/issue/base)") vault returned the secret
2016/08/03 21:28:05.792014 [INFO] (view) "secret(pki/internal-services/issue/base)" received data
2016/08/03 21:28:05.792034 [DEBUG] (view) "secret(pki/internal-services/issue/base)" starting fetch
2016/08/03 21:28:05.792096 [DEBUG] ("secret(pki/internal-services/issue/base)") querying vault with &{AllowStale:true WaitIndex:1470259685 WaitTime:1m0s}
2016/08/03 21:28:05.792107 [DEBUG] ("secret(pki/internal-services/issue/base)") pretending to long-poll for "59s"
2016/08/03 21:28:05.792130 [DEBUG] (runner) receiving dependency "secret(pki/internal-services/issue/base)"
2016/08/03 21:28:05.792137 [INFO] (runner) running
2016/08/03 21:28:05.792142 [DEBUG] (runner) checking template /consul-template/template.d/internal-proxy.service.consul.pem.tmpl
2016/08/03 21:28:05.792454 [DEBUG] (runner) checking ctemplate &{Source:/consul-template/template.d/internal-proxy.service.consul.pem.tmpl Destination:/etc/haproxy/
@skippy
skippy / 10-0-12-192.log
Last active September 11, 2015 03:37
vault logs -- 3 servers which got mixed up on who is leader
View 10-0-12-192.log
-- Logs begin at Thu 2015-09-10 19:31:27 UTC, end at Fri 2015-09-11 02:58:04 UTC. --
Sep 10 19:31:58 ip-10-0-12-192.us-west-2.compute.internal systemd[1]: Starting vault service...
Sep 10 19:31:59 ip-10-0-12-192.us-west-2.compute.internal docker[843]: Error response from daemon: no such id: vault
Sep 10 19:31:59 ip-10-0-12-192.us-west-2.compute.internal docker[843]: time="2015-09-10T19:31:59Z" level=fatal msg="Error: failed to kill one or more containers"
Sep 10 19:31:59 ip-10-0-12-192.us-west-2.compute.internal docker[951]: Error response from daemon: no such id: vault
Sep 10 19:31:59 ip-10-0-12-192.us-west-2.compute.internal docker[951]: time="2015-09-10T19:31:59Z" level=fatal msg="Error: failed to remove one or more containers"
Sep 10 19:32:01 ip-10-0-12-192.us-west-2.compute.internal flock[975]: latest: Pulling from skippy/vault.dev
Sep 10 19:32:01 ip-10-0-12-192.us-west-2.compute.internal flock[975]: 31f630c65071: Pulling fs layer
Sep 10 19:32:01 ip-10-0-12-192.us-west-2.compute.internal flock[975]: 084e
@skippy
skippy / notes.md
Last active August 29, 2015 14:20
thoughts & goals on google/protobuf
View notes.md

tl;dr

Update the google/protobuf 3.0-alpha library in 2 concrete areas, and 1 opinionated way:

  • remove inconsistencies between the c- and java-backed ruby libraries. Most inconsistencies are bugs in one implementation and not the other, but there was at least one helper method which existed in one and not the other.
  • Improve the test suite. Since the bulk of the logic exists in lower-level C and java libraries, items which usually aren't tested because they come from the standard lib, like #push, should be tested as this library uses plenty of low-level handcrafted code
  • Opinionated changes -- make it feel more ruby-like. This means being able to accept string or symbols in initializers, returning nil instead of raising an exception when an array index out-of-bounds occurs, have common names and aliases for methods (e.g. #size and #length), and having RepeatedFields quack like an array, and Map quack like a hash. There may be other examples.

Disclaimer

First off, I'm ve

@skippy
skippy / benchmark.rb
Last active August 29, 2015 14:20
hash optimizations (c vs mix ruby/c vs jruby)
View benchmark.rb
#!/usr/bin/env ruby
require 'rubygems'
require 'bundler/setup'
require 'benchmark'
require 'google/protobuf'
pool = Google::Protobuf::DescriptorPool.new
pool.build do
@skippy
skippy / encode_json.rb
Created May 3, 2015 18:07
google-protobuf under jruby has broken JSON encoding
View encode_json.rb
# google-protobuf/master
require 'google/protobuf'
pool = Google::Protobuf::DescriptorPool.new
pool.build do
add_message 'ProtoMsg' do
repeated :msg_string, :string, 1
end
end
ProtoMsg = pool.lookup('ProtoMsg').msgclass
@skippy
skippy / json_benchmarks.rb
Created May 3, 2015 18:00
testing various json parsing options
View json_benchmarks.rb
require 'benchmark'
require 'google/protobuf'
pool = Google::Protobuf::DescriptorPool.new
pool.build do
add_message "TestMessage" do
optional :optional_int32, :int32, 1
optional :optional_int64, :int64, 2
optional :optional_uint32, :uint32, 3
optional :optional_uint64, :uint64, 4