| DUMP | |
| // pod-name name of the postgres pod | |
| // postgres-user database user that is able to access the database | |
| // database-name name of the database | |
| kubectl exec [pod-name] -- bash -c "pg_dump -U [postgres-user] [database-name]" > database.sql | |
| RESTORE | |
| // pod-name name of the postgres pod | |
| // postgres-user database user that is able to access the database | |
| // database-name name of the database |
| # file: aws_eks_config.yml | |
| # AWS EKS ClusterConfig used to setup the BinderHub / JupyterNotebooks K8s cluster | |
| # using a workaround from https://discourse.jupyter.org/t/binder-deployed-in-aws-eks-domain-name-resolution-errors/766/10 | |
| # to fix broken DNS resolution | |
| --- | |
| apiVersion: eksctl.io/v1alpha5 | |
| kind: ClusterConfig | |
| metadata: | |
| name: eks-dns-production |
| # file: aws_eks_config.yml | |
| # AWS EKS ClusterConfig used to setup the BinderHub / JupyterNotebooks K8s cluster | |
| # using a workaround from https://discourse.jupyter.org/t/binder-deployed-in-aws-eks-domain-name-resolution-errors/766/10 | |
| # to fix broken DNS resolution | |
| --- | |
| apiVersion: eksctl.io/v1alpha5 | |
| kind: ClusterConfig | |
| metadata: | |
| name: eks-dns-production |
If you're coming to this page in search of jq related AWS commands, but come from xpath or e4x (jsonpath) domains, then you may find this article helpful: https://github.com/stedolan/jq/wiki/For-JSONPath-users.
Another good learning site: https://shapeshed.com/jq-json/
The jq playground (live testing): https://jqplay.org
A lovely tutorial: https://programminghistorian.org/lessons/json-and-jq
| Ansible playbook to setup HTTPS using Let's encrypt on nginx. | |
| The Ansible playbook installs everything needed to serve static files from a nginx server over HTTPS. | |
| The server pass A rating on [SSL Labs](https://www.ssllabs.com/). | |
| To use: | |
| 1. Install [Ansible](https://www.ansible.com/) | |
| 2. Setup an Ubuntu 16.04 server accessible over ssh | |
| 3. Create `/etc/ansible/hosts` according to template below and change example.com to your domain | |
| 4. Copy the rest of the files to an empty directory (`playbook.yml` in the root of that folder and the rest in the `templates` subfolder) |
I've been playing with jq, and I've been having a hard time finding examples of how it works with output from a service like AWS (which I use a lot).
Here is one I use a lot with vagrant-ec2.
When we're launching and killing a lot of instances, the AWS API is the only way to track down which instances are live, ready, dead, etc.
To find instances that are tagged with e.g. {"Key" = "Name", "Value" = "Web-00'} in the middle of a vagrant dev cycle, or a prod launch/replace cycle, you can do something like this:
I came across HikariCP and I was amazed by the benchmarks and I wanted to try it instead of my default choice C3P0 and to my surprise I struggled to get the configurations right probably because the configurations differ based on what combination of tech stack you are using.
I have setup Spring Boot project with JPA, Web, Security starters (Using [Spring Initializer][1]) to use PostgreSQL as a database with HikariCP as connection pooling.
I have used Gradle as build tool and I would like to share what worked for me for the following assumptions:
This gist is related to SO post https://stackoverflow.com/questions/26490967/how-do-i-configure-hikaricp-in-my-spring-boot-app-in-my-application-properties-f
| $ echo "secret" > secret.txt | |
| $ key_material=$(aws kms generate-data-key --key-id <CMK_key_id> --key-spec AES_256) | |
| $ echo ${key_material} | jq ".CiphertextBlob" | sed 's/"//g' | base64 -d > key.enc | |
| $ export key=$(echo ${key_material} | jq ".Plaintext" | sed 's/"//g' | base64 -d) | |
| $ openssl enc -aes-256-cbc -pass env:key -in secret.txt -out secret.txt.enc | |
| $ rm secret.txt | |
| $ ls | |
| key.enc secret.txt.enc | |
| $ key=$(aws-fd-full kms decrypt --ciphertext-blob fileb://key.enc --output text --query Plaintext | base64 -d) | |
| $ openssl enc -d -aes-256-cbc -pass env:key -in secret.txt.enc -out secret.txt |
| # By default, Docker containers run as the root user. This is bad because: | |
| # 1) You're more likely to modify up settings that you shouldn't be | |
| # 2) If an attacker gets access to your container - well, that's bad if they're root. | |
| # Here's how you can run change a Docker container to run as a non-root user | |
| ## CREATE APP USER ## | |
| # Create the home directory for the new app user. | |
| RUN mkdir -p /home/app |
Much of the data in the PKI world is stored in ASN.1 so a basic understanding is necessary. ASN.1 is a way to describe data by starting from primitive types and building up to more complex types. Do you remember Backus-Naur Form? What about writing XML schemas in XSD? It's the same concept.
Let's say we have a Widget. Every Widget has a model name, a serial number, and some inspection information with the name of the inspector and the dates of the inspections. Our Widget then looks like this in ASN.1:
Widget ::= SEQUENCE {
model IA5String,
serialNumber INTEGER,