Skip to content

Instantly share code, notes, and snippets.

View dannykansas's full-sized avatar
✔️

Danny Fowler dannykansas

✔️
29 followers · 27 following
View GitHub Profile
@ahpook
ahpook / gist:1182243
Created August 30, 2011 22:14
Use a generic client certificate with puppet

The problem

There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.

A solution

Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.

The caveats

If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie

@henrik
henrik / gist:3181718
Created July 26, 2012 12:15
Fix "unsupported new OS, trying as if it were 10.6-10.7" from reattach-to-user-namespace on Mountain Lion (probably in tmux).
# Start by checking if they fixed it upstream:
brew update
brew upgrade reattach-to-user-namespace
# If it says it's already installed, they haven't fixed it upstream. So do this:
# Edit the recipe:
brew edit reattach-to-user-namespace
@linusthe3rd
linusthe3rd / exponentialBackoff.js
Last active June 30, 2022 15:21
var attempts = 1;
function createWebSocket () {
var connection = new WebSocket();
connection.onopen = function () {
// reset the tries back to 1 since we have a new connection opened.
attempts = 1;
// ...Your app's logic...
@nicktoumpelis
nicktoumpelis / repo-rinse.sh
Created April 23, 2014 13:00
Cleans and resets a git repo and its submodules
git clean -xfd
git submodule foreach --recursive git clean -xfd
git reset --hard
git submodule foreach --recursive git reset --hard
git submodule update --init --recursive
@Chaser324
Chaser324 / GitHub-Forking.md
Last active November 14, 2024 08:32
GitHub Standard Fork & Pull Request Workflow

Whether you're trying to give back to the open source community or collaborating on your own projects, knowing how to properly fork and generate pull requests is essential. Unfortunately, it's quite easy to make mistakes or not know what you should do when you're initially learning the process. I know that I certainly had considerable initial trouble with it, and I found a lot of the information on GitHub and around the internet to be rather piecemeal and incomplete - part of the process described here, another there, common hangups in a different place, and so on.

In an attempt to coallate this information for myself and others, this short tutorial is what I've found to be fairly standard procedure for creating a fork, doing your work, issuing a pull request, and merging that pull request back into the original project.

Creating a Fork

Just head over to the GitHub page and click the "Fork" button. It's just that simple. Once you've done that, you can use your favorite git client to clone your repo or j

@plepe
plepe / gist:52ecc9f18efb32c68d18
Last active November 3, 2024 00:27
MDADM and LVM cheat sheet

mdadm

Glossary:

  • md: multiple devices
command description
cat /proc/mdstat show status of all raids
mdadm --detail /dev/md0 detailed status of raid md0
@vml-jglenn
vml-jglenn / java01.pp
Created November 4, 2014 22:03
#/etc/puppet/environments/production/manifests/java01.pp
node 'java01.example.lan' inherits default {
file { '/etc/httpd/ssl':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0640',
recurse => 'remote',
source => 'puppet:///files/ssl/example.com',
}
@apolloclark
apolloclark / aws cli cheatsheet.md
Last active November 16, 2024 21:15
@aws-scripting-guy
aws-scripting-guy / gist:884ffa9d44bd14f7493a670543284552
Created April 2, 2016 18:33
AWS EC2 metadata. Check attached IAM role from EC2 instance. Get temporary credentials.
# Get IAM Role name from Instance Profile Id
curl http://169.254.169.254/latest/meta-data/iam/info
# Get credentials
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role-name>
# More info
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
@toolmantim
toolmantim / pipeline.sh
Last active December 8, 2022 07:19
Ensuring Buildkite pipeline steps run on the same agent, using a dynamic pipeline generator script
#!/bin/bash
# Outputs a pipeline that targets agents that have the same 'name' meta-data
# value as the step that does the pipeline upload. This means that all the
# steps will run on the same agent machine, assuming that the 'name' meta-data
# value is unique to each agent.
#
# Each agent needs to be configured with meta-data like so:
#
# meta-data="name=<unique-name>"