dougneal

# If your test depends on a specific provider being used, or a provider which has
# a specific attribute, such as versionable, the provider will fail the selection
# round if its commands aren't present on the system that the test is running on.
# For example, if running your rspec tests on your OS X development machine,
# and your manifests include :
#   package { 'java':
#     ensure => '1.7.0+update67'
#   }
#
# The test will fail with the error:

dougneal

socket = class_double(TCPSocket)
expect(socket).to receive(:is_a?).with(TCPSocket) { true }
expect(TCPSocket).to receive(:new) { socket }

dougneal

2016-03-07 17:57:45,158 ERROR [qtp13137110-60] [puppet-server] Puppet Could not autoload puppet/provider/service_validation/ruby: nil is not a string
org/jruby/RubyModule.java:2241:in `private'
/etc/puppetlabs/code/environments/dev/modules/servicevalidator/lib/puppet/provider/service_validation/ruby.rb:43:in `(root)'
org/jruby/RubyModule.java:2344:in `module_eval'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/classgen.rb:136:in `genthing'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/classgen.rb:36:in `genclass'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type.rb:1848:in `provide'
/etc/puppetlabs/code/environments/dev/modules/servicevalidator/lib/puppet/provider/service_validation/ruby.rb:4:in `(root)'
org/jruby/RubyKernel.java:1091:in `load'
/opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/autoload.rb:1:in `(root)'

dougneal

package main

import (
	"bytes"
	"compress/gzip"
	"encoding/json"
	"io/ioutil"
)

const ec2_userdata string = `#cloud-config

dougneal

#!/bin/bash -e
dd if="$0" bs=1 skip=90 | gunzip > "/tmp/_$$"
exec /bin/bash "/tmp/_$$" $@

dougneal

#!/usr/bin/env ruby

require 'socket'

count=1

while true
  puts "Opening #{count}"
  s = TCPSocket.open('localhost', 35453)
  puts "Closing #{count}"

dougneal

URL="http://169.254.169.254/latest/meta-data/iam/security-credentials/$1"
echo "export AWS_DEFAULT_REGION=\"eu-west-1\""
echo "export AWS_ACCESS_KEY_ID=\"$(curl $URL 2>/dev/null | jq -r '.AccessKeyId')\""
echo "export AWS_SECRET_ACCESS_KEY=\"$(curl $URL 2>/dev/null | jq -r '.SecretAccessKey')\""
echo "export AWS_SESSION_TOKEN=\"$(curl $URL 2>/dev/null | jq -r '.Token')\""

dougneal

#!/bin/bash
set -eu
arn="$1"
session="$2"
response="$(aws sts assume-role --role-arn "$arn" --role-session-name "$session")"
AWS_ACCESS_KEY_ID="$(echo "$response" | jq -r '.Credentials.AccessKeyId')"
AWS_SECRET_ACCESS_KEY="$(echo "$response" | jq -r '.Credentials.SecretAccessKey')"
AWS_SESSION_TOKEN="$(echo "$response" | jq -r '.Credentials.SessionToken')"
echo "export AWS_ACCESS_KEY_ID=\"${AWS_ACCESS_KEY_ID}\""
echo "export AWS_SECRET_ACCESS_KEY=\"${AWS_SECRET_ACCESS_KEY}\""

dougneal

Configuring logging clients for Logit with TLS mutual auth

Logit supports mutual auth in two ways:

• Logit generate client certificates on our behalf by generating a private key and signing it with their CA.
• We sign client certificates with our own CA and provide that CA's certificate to Logit.

This document covers the first example.

Request mutual auth from Logit

dougneal

Keybase proof

I hereby claim:

• I am dougneal on github.
• I am dougneal (https://keybase.io/dougneal) on keybase.
• I have a public key ASCo4XpYOBxeHUlgvIeZuthmmV2l-74EYPqoeXTB6i3pswo

To claim this, I am signing this object: