Managing SSH keys with Vault requires 3 steps:
- Setting up Vault
- Setting up the host
- Setting up the client / using the signed client keys
For a full documentation, see this HashiCorp Blog Post
version: '2.4' | |
services: | |
target: | |
privileged: true | |
network_mode: "host" | |
ipc: "host" | |
restart: always | |
volumes: | |
- '/etc/localtime:/etc/localtime:ro' | |
- '/edgefs/var/run:/opt/nedge/var/run:z' |
Managing SSH keys with Vault requires 3 steps:
For a full documentation, see this HashiCorp Blog Post
#cloud-config | |
hostname: host-0815 | |
ssh_authorized_keys: | |
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA61LSHA7iU+82Z2qypYLx2gB9uHydUOoDON30ceAKl5dSgzShtF5XS5sqABYBMowDcvdkNyUDdt1Druv82iu/scATLFmxTQ8R2XIL33dMO6IpBg0d3WQcU5Xqeor9s5LTpln7F0V+9vaYG/nXqQtnz4PEnZGA+f9ddHuvcDajqKLNTDyriL87E6HAfjNU+1ShI2Qv8Zqhq8rYW0zkn2C+4vVKpgzq8B91R7hSXZwUTU9+bIq3uqTfe/t9/5hFNZEUo/ezV25DFvWDmvKcXt1QRoLxL/NI7h00fEJY7QVh2eevtiA9BdthI2LHx2tm2LoMYHQVZUVljm033xh2UISx | |
runcmd: | |
- echo "true" > /home/rancher/provisioned | |
write_files: | |
- path: /etc/docker/certs.d/private-registry.internal/ca.crt |
import org.sonatype.nexus.repository.storage.Component | |
import org.sonatype.nexus.repository.storage.StorageFacet; | |
def retentionCount = 15 | |
def repositoryName = 'releases' | |
def dryRun = true | |
log.info("Cleanup script started! Dry Run Mode: $dryRun"); | |
def repo = repository.repositoryManager.get(repositoryName); | |
def tx = repo.facet(StorageFacet.class).txSupplier().get(); |
apiVersion: rook.io/v1alpha1 | |
kind: Cluster | |
metadata: | |
name: rook | |
namespace: rook | |
spec: | |
versionTag: master | |
dataDirHostPath: /var/lib/rook-config | |
# toggle to use hostNetwork | |
hostNetwork: true |
#version=RHEL7 | |
# Action | |
install | |
cdrom | |
lang en_US.UTF-8 | |
keyboard us | |
text | |
firewall --service=ssh |
# I had a bit of trouble getting my unifi controller (hosted offsite) to use a proxy/letsencrypt. So here are the fruits of my labor. | |
# The unifi default port is 8443 running on localhost. | |
# License: CC0 (Public Domain) | |
server { | |
# SSL configuration | |
# | |
listen 443 ssl default_server; | |
listen [::]:443 ssl default_server; |
#!/bin/bash | |
set -e | |
set -o pipefail | |
# Add user to k8s using service account, no RBAC (must create RBAC after this script) | |
if [[ -z "$1" ]] || [[ -z "$2" ]]; then | |
echo "usage: $0 <service_account_name> <namespace>" | |
exit 1 | |
fi |
My Elasticsearch cheatsheet with example usage via rest api (still a work-in-progress)
This document will guide you through the process of setting up your online.net network addresses, DNS servers and rDNS records. For IPv4 we will use systemd-networkd (part of systemd) and odhcp6c (OpenWrt embedded DHCPv6-client) together with iproute2 for IPv6. For DNS we'll use systemd-resolved.
systemd is the default init process on Arch Linux, Debian GNU/Linux, Fedora, Ubuntu and more. iproute2 is also preinstalled there. So, if you're using a distribution that uses systemd, this tutorial should work for you. If you're using Gentoo Linux first make sure that you're using systemd.