Skip to content

Instantly share code, notes, and snippets.

View jbouse's full-sized avatar

Jeremy T. Bouse jbouse

44 followers · 24 following
View GitHub Profile
@kylemanna
kylemanna / sa-learn-pipe.sh
Created May 7, 2014 07:38
Dovecot script for dovecot-antispam plugin for automatic amavis + spamassassin learning.
#!/bin/bash
#
# Wrapper script for dovecot-antispam without using temporary files
# Look mom, no temporary files!
#
# Security is provided by locking the vmail user (dovecot-imap/antispam)
# only run this script via the sudoers line. The script checks arguments
# to stay safe. Log everything to syslog and return intelligent codes.
#
# sudoers:
@bodgit
bodgit / ES master node
Last active August 29, 2015 13:58
Elasticsearch configuration for EC2 cluster with remote tribe node
### MANAGED BY PUPPET ###
---
action:
auto_create_index: +logstash-*,-*
bootstrap:
mlockall: true
cloud:
aws:
access_key: abc123
region: ap-southeast-2
@UtahDave
UtahDave / saltsample_09252012_01
Created September 26, 2012 02:54 — forked from l2ol33rt/saltsample_09252012_01
Saltstack sample of using states and pillars for users
Here is a sample of how I am currently dealing with users.
Big thanks to uggedal! I used his user states as an example: https://github.com/uggedal/states
###
# How to create password hashes
###
python -c "import crypt; print crypt.crypt('password', '\$6\$SALTsalt\$')"
###
@piscisaureus
piscisaureus / pr.md
Created August 13, 2012 16:12
Checkout github pull requests locally

Locate the section for your github remote in the .git/config file. It looks like this:

[remote "origin"]
	fetch = +refs/heads/*:refs/remotes/origin/*
	url = [email protected]:joyent/node.git

Now add the line fetch = +refs/pull/*/head:refs/remotes/origin/pr/* to this section. Obviously, change the github url to match your project's URL. It ends up looking like this:

@troystribling
troystribling / ebs_snap.rb
Created December 30, 2011 16:57
Take snaps of EBS volumes with Fog
#!/usr/bin/env ruby
require 'rubygems'
require 'fog'
config = YAML.load(File.read(ARGV[0]))
volumes_to_snap = YAML.load(File.read(ARGV[1]))
time = Time.now
puts "\nCreating snaps #{time.to_s}"
@stigkj
stigkj / git-fix-author
Created December 9, 2011 11:13 — forked from leif81/git_fix_author
Written to change the unix name used for a cvs commit to a pretty git name for the user.Implementation borrowed from http://lists.freedesktop.org/archives/portland/2010-October.txtauthor-conv-file format (same format as git-cvsimport requires):
#!/bin/bash
#
# Changes author and committer name and email throughout the whole repository.
# Uses a file with the following format:
#
# [email protected]=John Doe <[email protected]>
# [email protected]=Jill Doe <[email protected]>
#
if [ ! -e "$1" ]
@ahpook
ahpook / gist:1182243
Created August 30, 2011 22:14
Use a generic client certificate with puppet

The problem

There's enough trouble with puppet's ssl model (mandatory client certs) that people go and do odd things to get around it. The primary problem is that for lab/preproduction environments, if you reinstall machines frequently, you lose access to the private key that generated the original cert but (absent some puppet cert --clean [node] operation) the cert still exists, leading to the dreaded Retrieved certificate doesn't match private key error.

A solution

Generate a single client certificate which all your nodes use, and have the master determine node names from facter rather than the SSL DN. This way you can re-install nodes with impunity and as long as your bootstrap plops down the correct config and the cert+key, you don't have any more SSL issues.

The caveats

If you have autosign turned on, this change represents a shift in security tradeoffs: you can turn off autosign and therefore more tightly control which clients can talk to your server because they need to have your clie