Skip to content

Instantly share code, notes, and snippets.

View DavidWittman's full-sized avatar

David Wittman DavidWittman

View GitHub Profile
@razorsedge
razorsedge / encrypt-centos.org-6-ami.json
Created November 29, 2016 01:11
Packer templates to copy and encrypt a Marketplace AMI.
{
"description": "Copy the centos.org CentOS 6 AMI into our account so that we can add boot volume encryption.",
"min_packer_version": "0.11.0",
"variables": {
"aws_region": "us-east-1",
"aws_vpc": null,
"aws_subnet": null,
"ssh_username": "centos"
},
"builders": [
anonymous
anonymous / .gitlab-ci.yml
Created August 17, 2016 15:46
---
image: php:5.6
stages:
- test_build
- test
- dist_build
- deploy
before_script:
@pmp
pmp / envelope_encryption_kms_boto_pycrypto.md
Last active November 17, 2021 16:35
Envelope Encryption using AWS KMS, Python Boto, and PyCrypto.

If you use Amazon AWS for nearly anything, then you are probably familiar with KMS, the Amazon Key Management Service.

KMS is a service which allows API-level access to cryptographic primitives without the expense and complexity of a full-fledged HSM or CloudHSM implementation. There are trade-offs in that the key material does reside on servers rather than tamper-proof devices, but these risks should be acceptable to a wide range of customers based on the care Amazon has put into the product. You should perform your own diligence on whether KMS is appropriate for your environment. If the security profile is not adequate, you should consider a stronger product such as CloudHSM or managing your own HSM solutions.

The goal here is to provide some introductory code on how to perform envelope encrypt a message using the AWS KMS API.

KMS allows you to encrypt messages of up to 4kb in size directly using the encrypt()/decrypt() API. To exceed these limitations, you must use a technique called "envelope encryptio

@uvsmtid
uvsmtid / salt_pillars_vs_grains.md
Last active March 5, 2024 20:45
Salt Grains vs Pillars

Salt Grains vs Pillars

Both grains and Pillars define input data to parameterize [Salt][1] states.

Depending on the purpose of data, one should make a choice to put it in one place or another.

NOTE:

  • This doc focuses on practical differences between Grains and Pillars for [default use case][2] only.
  • It is not about everything what is possible.
@thwarted
thwarted / resize-java-iKVM-viewer
Last active September 15, 2022 08:59
resize-java-iKVM-viewer: find all supermicro Java iKVM Viewer windows and resize them to display all the content
#!/bin/bash
# find all supermicro Java iKVM Viewer windows and resize
# them to display all the content
#
# for reasons that are beyond sanity, this shitty closed source program
# sets the min and max window sizes to the same values, making it unresizable
# through dragging.
# this wouldn't be so bad if it actually resized the window to display all
# the content. it constantly resizes based on the resolution of the
@obstschale
obstschale / octave.md
Last active June 8, 2024 19:46
An Octave introduction cheat sheet.
@Apsu
Apsu / VIP.md
Last active December 24, 2015 08:59
Quick description of VIP failover + local service routing issue

In Linux, when you add an IP to an interface, the kernel creates two routes for you:

table local: local x.x.x.y dev foo proto kernel scope host src x.x.x.y
table main: x.x.x.a/bb dev foo proto kernel scope link src x.x.x.y

Now, if you are setting up an HA pair or cluster, you will often have a VIP -- a "virtual" or "floating" IP -- which is moved between boxes during failovers. And if you happen to be running clients on these nodes as well which connect to that VIP, something very odd happens when you move the IP.

So... linux has routing rules, tables, and a cache. When a connection is made, the cache is consulted for a matching route tuple (src, dst, tos, fwmark, iif) and if it exists, the connection stores a pointer to it so each packet can rapidly be routed. If the cache entry expires or otherwise goes away, a new route is cloned by following the policy rules to look in the tables.

Now... when an IP you're connected to/from goes away... something very odd happens. The stack realizes that it can

@dypsilon
dypsilon / frontendDevlopmentBookmarks.md
Last active November 10, 2024 03:45
A badass list of frontend development resources I collected over time.
@lorin
lorin / preseed-fragment.seed
Last active May 8, 2024 13:43
Automated partitioning with Ubuntu preseed
# Use LVM for partitioning
d-i partman-auto/method string lvm
# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. Preseed this away
d-i partman-lvm/device_remove_lvm boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
@DavidWittman
DavidWittman / tokenreaper.sql
Last active December 14, 2015 09:08
MySQL scheduled event to remove Keystone authentication tokens expired for over one week.
USE keystone
-- This needs to be set in the my.cnf to persist
SET GLOBAL event_scheduler = 1;
DELIMITER $$
CREATE EVENT tokenreaper
ON SCHEDULE EVERY 1 WEEK
DO BEGIN
DELETE FROM `token` WHERE expires <= DATE_SUB(NOW(), INTERVAL 1 WEEK);
END $$
DELIMITER ;