Skip to content

Instantly share code, notes, and snippets.

View ashayh's full-sized avatar

Ashay Humane ashayh

33 followers · 8 following
View GitHub Profile
@ahpook
ahpook / gist:1182243
Created August 30, 2011 22:14
Use a generic client certificate with puppet

The problem

There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.

A solution

Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.

The caveats

If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie

@nesquena
nesquena / linode_fog.rb
Created October 28, 2011 09:24
Linode and Fog Samples
## DNS
@dns = Fog::DNS.new(:provider => 'Linode', :linode_api_key => LINODE_KEY)
if @zone = @dns.zones.all.find { |z| z.domain == ZONE }
puts "Found zone #{@zone.inspect}"
else
@zone = @dns.zones.create(:domain => ZONE, :email => ZONE_EMAIL)
puts "Creating zone #{@zone.inspect}"
end
@denmarkin
denmarkin / common_steps.rb
Created November 2, 2011 17:15
Cucumber + Capybara HTML table comparison from http://railscasts.com/episodes/186-pickle-with-cucumber
Then(/^I should see (.+) table$/) do |table_id, expected_table|
html_table = table_at("##{table_id.parameterize.tableize}").to_a
html_table.map! { |r| r.map! { |c| c.gsub(/<.+?>/, '').gsub(/[\n\t\r]/, '') } }
expected_table.diff!(html_table)
end
@karmi
karmi / .gitignore
Created March 16, 2012 16:09
Bootstrap, install and configure ElasticSearch with Chef Solo
.DS_Store
Gemfile.lock
*.pem
node.json
tmp/*
!tmp/.gitignore
@robinsmidsrod
robinsmidsrod / _INSTALL.md
Last active November 7, 2024 12:23
Bootstrapping full iPXE native menu with customizable default option with timeout (also includes working Ubuntu 12.04 preseed install)

Add the following chunk to your existing ISC dhcpd.conf file.

if exists user-class and ( option user-class = "iPXE" ) {
    filename "http://boot.smidsrod.lan/boot.ipxe";
}
else {
    filename "undionly.kpxe";
}

(or see https://gist.github.com/4008017 for a more elaborate setup

@ohadlevy
ohadlevy / gist:4147992
Created November 26, 2012 12:37
#!/usr/bin/env ruby
require 'rubygems'
require 'rest-client'
require 'json'
client = RestClient::Resource.new('http://0.0.0.0:3000',
:user => 'admin',
:password => 'changeme',
:headers => { :accept => :json })
@johnl
johnl / cowstat.rb
Created November 27, 2012 19:49
Display info about ram shared between Linux processes
#!/usr/bin/env ruby
require 'ostruct'
class LinuxProcess < OpenStruct
def initialize(args)
super
read_status!
end
@matteodellamico
matteodellamico / priority_dict.py
Created January 4, 2013 10:22
Priority dict: a priority queue with updatable priorities You may have needed a priority queue with the ability to change the priorities of elements that were in the queue. This recipe solves this problem in an efficient way. The priority queue is implemented as a dictionary, where keys are the items of the queue, and values are their priorities…
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
# binary, for any purpose, commercial or non-commercial, and by any
# means.
#
# In jurisdictions that recognize copyright laws, the author or authors
# of this software dedicate any and all copyright interest in the
# software to the public domain. We make this dedication for the benefit
@pklaus
pklaus / dnsupdate.py
Last active November 14, 2023 23:50
dnsupdate is meant to replace nsupdate, the standard DDNS update tool created by BIND authors ISC. While nsupdate does the job it is awkward to wrap in scripts and its usage in general is just not very intuitive. dnsupdate is meant to work well from the command line or from scripts and easy to use. It also does some nice things like automaticall…
#!/usr/bin/env python2.7
# Matt's DNS management tool
# Manage DNS using DDNS features
#
# See http://planetfoo.org/blog/archive/2012/01/24/a-better-nsupdate/
#
# Usage: dnsupdate -s server -k key -t ttl add _minecraft._tcp.mc.example.com SRV 0 0 25566 mc.example.com.
# -h HELP!
# -s the server
# -k the key
@dergachev
dergachev / GIF-Screencast-OSX.md
Last active November 5, 2024 18:44
OS X Screencast to animated GIF

OS X Screencast to animated GIF

This gist shows how to create a GIF screencast using only free OS X tools: QuickTime, ffmpeg, and gifsicle.

Screencapture GIF

Instructions

To capture the video (filesize: 19MB), using the free "QuickTime Player" application: