Skip to content

Instantly share code, notes, and snippets.

@trastle
trastle / Dockerfile
Last active October 19, 2017 08:57
Create a Docker container which runs the CMD as a limited user but also allow that user access to become root using sudo. Useful for our internal container manager which only allows access to running containers service user.
FROM ubuntu:xenial
RUN apt-get update && \
apt-get -y --no-install-recommends upgrade && \
rm -rf /var/lib/apt/lists/*
# Create a limited user, allow sudo access (requiring a password) and set an encrypted password for the user.
# Password hash created using:
# $ mkpasswd -m sha-512 -S saltsalt -s <<< pa$$w0rd
RUN addgroup limited-user && \
adduser --system -gid 1000 limited-user && \
global:
scrape_interval: 60s
external_labels:
monitor: 'example'
rule_files:
- /etc/prometheus/config/*.rules
scrape_configs:
import org.apache.commons.codec.binary.Base64;
import javax.crypto.KeyGenerator;
import java.security.NoSuchAlgorithmException;
public class TokenGenerator {
private final KeyGenerator keyGenerator;
public TokenGenerator(){
try {
@trastle
trastle / boot2docker-portforward.sh
Created July 6, 2015 08:54
boot2docker-portforward.sh
#!/bin/bash
VMNAME="boot2docker-vm"
VBoxManage modifyvm "${VMNAME}" --natpf1 "tcp-port$i,tcp,127.0.0.1,2376,,2376";
VBoxManage modifyvm "${VMNAME}" --natpf1 "udp-port$i,udp,127.0.0.1,2376,,2376";
for i in {49001..49999}; do
VBoxManage modifyvm "${VMNAME}" --natpf1 "tcp-port$i,tcp,127.0.0.1,$i,,$i";
VBoxManage modifyvm "${VMNAME}" --natpf1 "udp-port$i,udp,127.0.0.1,$i,,$i";
@trastle
trastle / anyconnect-boot2docker.md
Last active November 27, 2015 23:25
Add routes to use Boot2Docker and AnyConnect at the same time on OSX.

Using boot2docker and AnyConnect at the same time

Boot2Docker works great, so does AnyConnect but running the two together causes traffic intended for Boot2Docker to head down the VPN link, this ruining everything.

Investigation

Tale a look at what network your Docker VirtualBox VM is on:

tastle@TASTLE ~ $ env | grep DOCKER_HOST
DOCKER_HOST=tcp://192.168.59.103:2376
@trastle
trastle / iptables.backup
Last active August 29, 2015 14:07
iptables.backup
# Generated by iptables-save v1.4.14 on Sun Oct 5 22:12:18 2014
*filter
:INPUT DROP [8:760]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
# Allow localhost & tunneled traffic
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
@trastle
trastle / .bashrc_fragment
Last active August 29, 2015 14:06
bosh-blobs-realize
function bosh-blobs-realize {
if [[ -d ./blobs ]] && [[ -d ./.blobs ]]; then
if [[ -d ./blobs-realized ]]; then
rm -rf ./blobs-realized
fi
mkdir -p ./blobs-realized
rsync -avzL ./blobs/* ./blobs-realized/
else
echo "Current directory does not look like a BOSH release"
fi
@trastle
trastle / dash.json
Last active August 29, 2015 14:04
Sample Kibana Application Dashboard
{
"title": "App Logs - Grok",
"services": {
"query": {
"list": {
"0": {
"query": "syslog_severity:\"debug\"",
"alias": "Debug",
"color": "#F9D9F9",
"id": 0,
@trastle
trastle / bosh-blobs-realize.sh
Last active August 29, 2015 14:02
Bash function to realize BOSH blobs from the .blobs directory, creating a realized directory without symlinks.
# Realize BOSH blobs into concrete directory.
function bosh-blobs-realize {
if [[ -d ./blobs ]] && [[ -d ./.blobs ]]; then
if [[ -d ./blobs-realized ]]; then
rm -rf ./blobs-realized
fi
mkdir -p ./blobs-realized
rsync -avzL ./blobs/* ./blobs-realized/
else
echo "Current directory does not look like a BOSH release"
function cfenv () {
function curenv () {
if [ "$1" == "" ]; then
CURENV="default"
else
CURENV="$(echo "$1" | cut -d '-' -f 2)"
fi
}
function listenvs () {
echo "Listing available environments..."