This is an example of using MITM Proxy to inspect HTTPS traffic between services.
Install Python 3, then use Pip to install the latest MITM Proxy package:
pip3 install mitmproxy
Charlie Sharpsteen Sharpie
This gist contains various scripts for scraping metrics. Mostly useful for processing the contents of Puppet Enterprise support bundles:
sar2influx.rb: A Ruby script that usessadfto turn SAR archives into InfluxDB line format. For best results, run from a Linux VM using a recent operating system. Such as Ubuntu 22.04.pdb2influx.sh: A bash script that usesawkandmlrto extract command processing times frompuppetdb.logfiles.top-api-calls.sh: Extracts the 10 most popular API calls from*-access.logalong with their median and max duration grouped into 30 minute periods (Puppet$runinterval). Usesawkandmlr.
Sharpie
/ initialize-puppetca.sh
Created
May 18, 2019 17:21
Create a Certificate Signing Request for a PE Intermediate Certificate Authority
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Initialize a Puppet Intermediate Certificate Authority (CA) by generating | |
| # a RSA key and Certificate Signing Request using the OpenSSL CLI. | |
| # Fail if any subcommand fails. | |
| set -e | |
| # Ensure files created by this script are only accessible to the user | |
| # that ran the script. | |
| umask 0077 |
I hereby claim:
- I am sharpie on github.
- I am sharpie (https://keybase.io/sharpie) on keybase.
- I have a public key ASBfS9E_2V7VIITh4SuTZ7wgZk09DrJW1bxWfCmlQssAmAo
To claim this, I am signing this object:
Sharpie
/ renew_ca_cert.sh
Last active
March 13, 2019 15:29
A bash script to renew a Puppet CA certificate --- self-signed roots only
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| PUPPET_BIN='/opt/puppetlabs/puppet/bin' | |
| ca_cert=$("${PUPPET_BIN}/puppet" config print --section master cacert) | |
| ca_key=$("${PUPPET_BIN}/puppet" config print --section master cakey) | |
| ca_dir=$(dirname "${ca_cert}") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ARGV[1]: hostname or IP address to test for postgresql connectivity. | |
| HOST="${1:?A hostname must be passed to this script}" | |
| cleanup() { | |
| printf '%s\n' "Closing TCP connection to ${HOST}." | |
| exec 3<&- | |
| exit | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # A reaper script that scans the PIDs of services belonging to the puppet-agent | |
| # package. When invoked with --check, the script exits non-zero if any such | |
| # PIDs are found and also executes `systemctl daemon-reload` if needed. When | |
| # invoked with --clean, the script kills any such PIDs and re-starts the | |
| # affected services. | |
| PUPPET_SERVICES=(puppet pxp-agent mcollective) | |
| PARENT=$PPID |
Sharpie
/ puppet-catalog.rb
Last active
May 14, 2018 20:05
Ruby script for retrieving Puppet Catalogs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/opt/puppetlabs/puppet/bin/ruby | |
| # This script executes the front end of a `puppet agent` run. Specifically it: | |
| # | |
| # - loads settings | |
| # - ensures a SSL certificate is presant | |
| # - syncs plugins | |
| # - retrieves a catalog | |
| require 'puppet' |
Sharpie
/ classification.md
Last active
September 16, 2020 16:13
How Environments Happen: In Puppet 5.3
__ __ ______ _ __
/ / / /___ _ __ / ____/___ _ __(_)________ ____ ____ ___ ___ ____ / /______
/ /_/ / __ \ | /| / / / __/ / __ \ | / / / ___/ __ \/ __ \/ __ `__ \/ _ \/ __ \/ __/ ___/
/ __ / /_/ / |/ |/ / / /___/ / / / |/ / / / / /_/ / / / / / / / / / __/ / / / /_(__ )
/_/ /_/\____/|__/|__/ /_____/_/ /_/|___/_/_/ \____/_/ /_/_/ /_/ /_/\___/_/ /_/\__/____/
__ __ __
/ / / /___ _____ ____ ___ ____ / /
/ /_/ / __ `/ __ \/ __ \/ _ \/ __ \/ /
Sharpie
/ amq-mapper.rb
Last active
June 28, 2017 18:41
Transform ActiveMQ config files into a connection diagram for Graphviz
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # Generate a DOT file showing links between ActiveMQ brokers using | |
| # a list of activemq.xml files passed as ARGV. | |
| require 'rexml/document' | |
| require 'erb' | |
| broker_map = Hash.new |
NewerOlder