Skip to content

Instantly share code, notes, and snippets.

View wrossmann's full-sized avatar

Wade Rossmann wrossmann

  • Victoria, BC
View GitHub Profile
wrossmann /
Created March 7, 2019 00:59
Decrypt Ansible AWX or Tower Data

Let's say you're having a bad day and while trying to upgrade your AWX instance you instead unrecoverably brick it, and then you realize that you made a point of storing a very important SSH key in AWX and nowhere else. Why? REASONS.

What do I need?

  1. The secret key from your AWX config file.
  2. A dump of your postgres database in plaintext.
    • If you're lucky yours is still functional and you can just query it.
  3. Gumption.

What do I do?

wrossmann / no-jndi.nginx.conf
Created December 11, 2021 01:19
Nginx config to filter out requests and User-Agents that contain LogJam jndi strings.
if ( $http_user_agent ~* "\${jndi:" ) {
return 400;
if ( $request_uri ~* "(\$|%24)({|%7b)(j|%6a)(n|%6e)(d|%64)(i|%69)(:|%3a)" ) {
return 400;
wrossmann /
Created July 17, 2021 00:44
CertBot post-renew hook to update ACM
#requirements: aws CLI v2, jq, openssl
function dbg {
if [ $QUIET -eq 0 ]; then
echo $@ >&2
wrossmann /
Last active March 10, 2020 21:15 — forked from keithchambers/gist:80b60559ad83cebf1672
Ansible role to set 'noop' i/o scheduler (CentOS 7)


  • make the IO scheduler configurable
  • register grub_test to match the actual variable usage
  • changed stdout to stdout_lines
  • make block_devs work.
    • it looks gross, but previously interpreted block_devs.stdout_lines as a literal string

Ansible version: 2.7

wrossmann / DoveadmAuth.php
Created November 28, 2013 00:47
Quick, dirty, simple PHP to use `doveadm auth` to validate a user's plaintext password against the stored hash without exposing the password through shell commands. Note: This assumes that you already have dovecot's auth backend set up and working. Also, there does not appear to be a simple way to feed in a pre-computed hash, it will only use th…
class DoveadmAuth {
public static function auth($username, $password) {
$descriptors = array(
0 => array('pipe', 'r'),
1 => array('pipe', 'w'),
2 => array('pipe', 'w'),
$cwd = sys_get_temp_dir();
wrossmann /
Created January 29, 2020 01:01
Find all Graylog output mappings

There doesn't seem to be a UI function for this, so if you're stuck up a creek like I am.

curl -s \
    -H "Authorization: Basic $(echo -n 'username:password' | base64)" \
    http://graylog-server:9000/api/streams \
| jq '
.streams[] | 
select(.outputs | length > 0) | 

The Problem

Your postgres server is out of space to the point that VACUUM FULL hits a table too large to write back out to disk even though other tables may still have space to give up.

The Solution

Start with the tables that have the least amount of "un-wasted" space as they will require the minimal amount of free space to process, and hopefully the cumulative effect of releasing all of the space from the smaller tables allows you to process your larger tables as you go. If not, then there's no solution available to you short of deleting data or expading your disk.

The Kludge

wrossmann /
Created November 1, 2018 18:12
Simple and full-featured bash prompt with git info
# I've seen a _lot_ of code written to make bash prompts that are just _OK_,
# but there's no reason to invoke python/ruby/etc and parse git output since
# git ships with a pretty outstanding utility.
# 1. Load the library that already ships with git
source /usr/share/doc/${git_doc_path_here}/contrib/completion/
# 2. Set your options
wrossmann /
Created September 6, 2018 22:22
Whisper Aggregation Backfill



  • All metrics and aggregations have matching retentions
  • A proper metric aggregator is already running
  • The resulting metric file will then be used in a whisper-fill operation against the aggregator's actual metric files.


In Metrics:
averageSeriesWithWildcards($in, 1)
Out Metrics, Expected:
[exactly 3 series]
Out Metrics, Actual: