Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
🐨

trastle

💭
🐨
View GitHub Profile
@trastle
trastle / Dockerfile
Last active Oct 19, 2017
Create a Docker container which runs the CMD as a limited user but also allow that user access to become root using sudo. Useful for our internal container manager which only allows access to running containers service user.
View Dockerfile
FROM ubuntu:xenial
RUN apt-get update && \
apt-get -y --no-install-recommends upgrade && \
rm -rf /var/lib/apt/lists/*
# Create a limited user, allow sudo access (requiring a password) and set an encrypted password for the user.
# Password hash created using:
# $ mkpasswd -m sha-512 -S saltsalt -s <<< pa$$w0rd
RUN addgroup limited-user && \
adduser --system -gid 1000 limited-user && \
View prometheus.yml
global:
scrape_interval: 60s
external_labels:
monitor: 'example'
rule_files:
- /etc/prometheus/config/*.rules
scrape_configs:
View TokenGenerator.java
import org.apache.commons.codec.binary.Base64;
import javax.crypto.KeyGenerator;
import java.security.NoSuchAlgorithmException;
public class TokenGenerator {
private final KeyGenerator keyGenerator;
public TokenGenerator(){
try {
@trastle
trastle / boot2docker-portforward.sh
Created Jul 6, 2015
boot2docker-portforward.sh
View boot2docker-portforward.sh
#!/bin/bash
VMNAME="boot2docker-vm"
VBoxManage modifyvm "${VMNAME}" --natpf1 "tcp-port$i,tcp,127.0.0.1,2376,,2376";
VBoxManage modifyvm "${VMNAME}" --natpf1 "udp-port$i,udp,127.0.0.1,2376,,2376";
for i in {49001..49999}; do
VBoxManage modifyvm "${VMNAME}" --natpf1 "tcp-port$i,tcp,127.0.0.1,$i,,$i";
VBoxManage modifyvm "${VMNAME}" --natpf1 "udp-port$i,udp,127.0.0.1,$i,,$i";
@trastle
trastle / anyconnect-boot2docker.md
Last active Nov 27, 2015
Add routes to use Boot2Docker and AnyConnect at the same time on OSX.
View anyconnect-boot2docker.md

Using boot2docker and AnyConnect at the same time

Boot2Docker works great, so does AnyConnect but running the two together causes traffic intended for Boot2Docker to head down the VPN link, this ruining everything.

Investigation

Tale a look at what network your Docker VirtualBox VM is on:

tastle@TASTLE ~ $ env | grep DOCKER_HOST
DOCKER_HOST=tcp://192.168.59.103:2376
@trastle
trastle / iptables.backup
Last active Aug 29, 2015
iptables.backup
View iptables.backup
# Generated by iptables-save v1.4.14 on Sun Oct 5 22:12:18 2014
*filter
:INPUT DROP [8:760]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
# Allow localhost & tunneled traffic
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
@trastle
trastle / .bashrc_fragment
Last active Aug 29, 2015
bosh-blobs-realize
View .bashrc_fragment
function bosh-blobs-realize {
if [[ -d ./blobs ]] && [[ -d ./.blobs ]]; then
if [[ -d ./blobs-realized ]]; then
rm -rf ./blobs-realized
fi
mkdir -p ./blobs-realized
rsync -avzL ./blobs/* ./blobs-realized/
else
echo "Current directory does not look like a BOSH release"
fi
@trastle
trastle / dash.json
Last active Aug 29, 2015
Sample Kibana Application Dashboard
View dash.json
{
"title": "App Logs - Grok",
"services": {
"query": {
"list": {
"0": {
"query": "syslog_severity:\"debug\"",
"alias": "Debug",
"color": "#F9D9F9",
"id": 0,
@trastle
trastle / bosh-blobs-realize.sh
Last active Aug 29, 2015
Bash function to realize BOSH blobs from the .blobs directory, creating a realized directory without symlinks.
View bosh-blobs-realize.sh
# Realize BOSH blobs into concrete directory.
function bosh-blobs-realize {
if [[ -d ./blobs ]] && [[ -d ./.blobs ]]; then
if [[ -d ./blobs-realized ]]; then
rm -rf ./blobs-realized
fi
mkdir -p ./blobs-realized
rsync -avzL ./blobs/* ./blobs-realized/
else
echo "Current directory does not look like a BOSH release"
View cfenv.sh
function cfenv () {
function curenv () {
if [ "$1" == "" ]; then
CURENV="default"
else
CURENV="$(echo "$1" | cut -d '-' -f 2)"
fi
}
function listenvs () {
echo "Listing available environments..."
You can’t perform that action at this time.