joker1007

FROM appbase

# install npm & bower packages
WORKDIR /root
COPY package.json bower.json /root/
RUN npm install --only=prod && \
  npm cache clean && \
  bower install --allow-root

# install gems

josnidhin

---
- name: Terminate EC2 instances
  hosts: localhost
  connection: local
  gather_facts: no
  
  vars:
    aws_region: "eu-west-1"
    ec2_tags:
      Name: "Test Server"

george-hawkins

QEMU arm64 cloud server emulation

This is basically a rehash of an original post on CNXSoft - all credit (particularly for the Virtio device arguments used below) belongs to the author of that piece.

Download the latest uefi1.img image. E.g. ubuntu-16.04-server-cloudimg-arm64-uefi1.img from https://cloud-images.ubuntu.com/releases/16.04/release/

Download the UEFI firmware image QEMU_EFI.fd from https://releases.linaro.org/components/kernel/uefi-linaro/latest/release/qemu64/

Determine your current username and get your current ssh public key:

davidmintz

Our goal is to save sensitive data in a MySQL database in a responsible way, and be able to read/write it programmatically in a PHP web application. Asymmetric encryption would be best, but is not practical here. Symmetric encryption with a strong algorithm and hard-to-guess cipher is acceptable, but not if we store the cipher in plain text on the same server where the database credentials also live in plain text!

This work-in-progress is subject to change if/when I come up with a better scheme, but for now, the plan is to:

• store the cipher as a vault secret;
• configure TLS authentication so that our PHP application can log in, and then
• create a token that allows its bearer to read the secret (our cipher);
• use a PHP component and our cipher to encrypt/decrypt our sensitive data.

chancez

apiVersion: v1
kind: ConfigMap
metadata:
  name: fluentd-config
  namespace: fluentd
  labels:
    app: fluentd
data:
  fluentd.conf: |
    @include prometheus.conf

skreuzer

global:
  evaluation_interval: 15s
rule_files:
  - smokeping.rules
scrape_configs:
  - job_name: 'blackbox_icmp'
    metrics_path: /probe
    params:
      module: [icmp]
    scrape_interval: 1s

HQJaTu

#!/usr/bin/env python3

# vim: autoindent tabstop=4 shiftwidth=4 expandtab softtabstop=4 filetype=python

# This file is part of Supermicro IPMI certificate updater.
# Supermicro IPMI certificate updater is free software: you can
# redistribute it and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation, version 2.
#
# This program is distributed in the hope that it will be useful, but WITHOUT

MaxXor

Encrypted Btrfs storage setup and maintenance guide

Initial setup with LUKS/dm-crypt

This exemplary initial setup uses two devices /dev/sdb and /dev/sdc but can be applied to any amount of devices by following the steps with additional devices.

Create keyfile:

dd bs=64 count=1 if=/dev/urandom of=/etc/cryptkey iflag=fullblock
chmod 600 /etc/cryptkey

ajeddeloh

1. Make sure you have the kernel and live pxe initrd (different from normal initrd). Put them at $WORKDIR/{kernel,initrd}
2. Put your ignition config in $WORKDIR/config.ign
3. Put this script at $WORKDIR/boot.ipxe:

#!ipxe
kernel tftp://10.0.2.2/kernel console=ttyS0 \
  ignition.firstboot ip=dhcp rd.neednet=1 ignition.platform.id=metal \
  ignition.config.url=tftp://10.0.2.2/config.ign
initrd tftp://10.0.2.2/initrd
boot

itsuki-hayashi

#  /etc/sysctl.conf

net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.ip_forward = 1
net.ipv4.tcp_syncookies = 1