ashayh

tmp
log
doc
daemon
*.swp

ashayh

// http://www.olark.com/spw/2011/08/you-can-list-a-directory-with-8-million-files-but-not-with-ls/
#define _GNU_SOURCE
#include <dirent.h>     /* Defines DT_* constants */
#include <fcntl.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/syscall.h>

ashayh

class ZendeskTicketsJob
  extend Resque::Plugins::ExponentialBackoff
  @queue = :low
  FIELDS = ['zendesk_id', 'requester_id', 'assignee_id', 'group', 'subject', 'tags', 'status', 'priority', 'via', 'ticket_type', 'created_at', 'assigned_at', 'solved_at', 'resolution_time', 'satisfaction', 'group_stations', 'assignee_stations', 'reopens', 'replies', 'first_reply_time_in_minutes', 'first_reply_time_in_minutes_within_business_hours', 'first_resolution_time_in_minutes', 'first_resolution_time_in_minutes_within_business_hours', 'full_resolution_time_in_minutes', 'full_resolution_time_in_minutes_within_business_hours', 'agent_wait_time_in_minutes', 'agent_wait_time_in_minutes_within_business_hours', 'requester_wait_time_in_minutes', 'requester_wait_time_in_minutes_within_business_hours', 'reservation_code', 'requires_manual_closing']

  def self.perform(url)
    `rm /tmp/zendesk_tickets*`
    `wget #{url} -O /tmp/zendesk_tickets.csv.zip`
    `unzip -p /tmp/zendesk_tickets.csv.zip > /tmp/zendesk_tickets.csv`
    

ashayh

The problem

There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.

A solution

Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.

The caveats

If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie

ashayh

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
                    Version 2, December 2014

 Copyright (C) 2014 Addy Osmani @addyosmani

 Everyone is permitted to copy and distribute verbatim or modified
 copies of this license document, and changing it is allowed as long
 as the name is changed.

            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE

ashayh

require 'rubygems'
require 'fog'

# assuming your IAM role is named 'my-role' and has S3 access:
uri = URI('http://169.254.169.254/latest/meta-data/iam/security-credentials/my-role')

res = Net::HTTP.get_response(uri)
aws_creds = JSON.parse(res.body)

ashayh

#!/usr/bin/env ruby

# If you have many IAM users, it's not easy to find which user
# owns a particular IAM key from the console.
# This script can be run with the first argument as the access key id.

require 'rubygems'
require 'ap'   # gem install awesome_print
require 'fog'  # gem install fog

ashayh

cat list_aws_events.rb 
require 'fog'     # gem install fog

aws = Fog::Compute::AWS.new

status = aws.describe_instance_status.body["instanceStatusSet"]

events = {}
status.each do |st|
  if st["eventsSet"].size > 0

ashayh

> require 'rubygems'
> require 'ohai'
> o = Ohai::System.new
> o.all_plugins
> o["hostname"]

ashayh

require 'rubygems'
require 'open-uri'
require 'nokogiri'
require 'net/http'

omnitruck_host='opscode-omnitruck-release.s3.amazonaws.com'
omnitruck_url="http://#{omnitruck_host}/"

doc = Nokogiri::HTML(open(omnitruck_url))
rpm_list = doc.xpath('//key/text()[contains(.,"el/")]').map(&:text)