niedbalski
/ deployerizer.py
Last active
March 17, 2017 19:14
Convert a current running juju environment to a juju-deployer bundle.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from __future__ import print_function | |
| import yaml | |
| import subprocess | |
| import argparse | |
| __author__ = "Jorge Niedbalski <[email protected]>" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| """ | |
| This scripts creates a MAAS DHCP lease, forces to write that dhcp lease on the | |
| filesystem , and forces to write the dns zone reflecting the new lease. | |
| Usage: | |
| ./{0} ip_addr mac_addr | |
| """ | |
| from maasserver.dns import change_dns_zones, write_full_dns_config |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://askubuntu.com/questions/250733/can-i-do-a-silent-or-unattended-release-upgrade | |
| # The following command upgrades to the new stable release without prompts: | |
| do-release-upgrade -f DistUpgradeViewNonInteractive | |
| # The following command upgrades to the current development release without prompts: | |
| do-release-upgrade -d -f DistUpgradeViewNonInteractive | |
| # Really Unattended | |
| ## --force-confdef: ask dpkg to decide alone when it can and prompt otherwise. | |
| ## --force-confold: do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix. | |
| # create file /etc/apt/apt.conf.d/local |
jjo
/ docker-netstat.out
Created
August 1, 2017 19:17
docker containers sockets usage, example run inside minikube -- https://twitter.com/xjjo/status/892464000235130881
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # docker ps|sed '1d;s,>,_,'|xargs -I@ sh -c 'set @;echo == $2;nsenter -n -t $(docker inspect -f "{{.State.Pid}}" $1) netstat -an' | |
| == gcr.io/google_containers/k8s-dns-kube-dns-amd64@sha256:40790881bbe9ef4ae4ff7fe8b892498eecb7fe6dcc22661402f271e03f7de344 | |
| Active Internet connections (servers and established) | |
| Proto Recv-Q Send-Q Local Address Foreign Address State | |
| tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN | |
| tcp 0 0 172.17.0.6:52640 10.0.0.1:443 ESTABLISHED | |
| tcp 0 0 :::10053 :::* LISTEN | |
| tcp 0 0 :::10054 :::* LISTEN | |
| tcp 0 0 :::10055 :::* LISTEN | |
| tcp 0 0 :::8081 :::* LISTEN |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| namespace: kube-system | |
| name: kube-proxy-cleanup | |
| labels: | |
| k8s-app: kube-proxy-cleanup | |
| spec: | |
| selector: | |
| matchLabels: |
jjo
/ kubectl-root-in-host.sh
Last active
May 11, 2023 15:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Launch a Pod ab-using a privileged=true to land on a Kubernetes node cluster as root, | |
| # uses `privileged: true` to then nsenter init mount its (root) namespace, | |
| # hostPID and hostNetwork already set for the Pod. | |
| node=${1} | |
| case "${node}" in | |
| "") | |
| nodeSelector='' | |
| podName=${USER+${USER}-}sudo-any | |
| ;; |
jjo
/ kubectl-root-in-host-nopriv.sh
Last active
February 5, 2024 23:07
Yeah. Get a root shell at any Kubernetes *node* via `privileged: true` + `nsenter` sauce. PodSecurityPolicy will save us. DenyExecOnPrivileged didn't (kubectl-root-in-host-nopriv.sh exploits it)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # Launch a Pod ab-using a hostPath mount to land on a Kubernetes node cluster as root | |
| # without requiring `privileged: true`, in particular can abuse `DenyExecOnPrivileged` | |
| # admission controller. | |
| # Pod command in turn runs a privileged container using node's /var/run/docker.sock. | |
| node=${1} | |
| case "${node}" in | |
| "") | |
| nodeSelector='' | |
| podName=${USER+${USER}-}docker-any |
jjo
/ node-custom-setup.yaml
Last active
January 28, 2023 03:23
Run commands at Kubernetes *nodes* via `privileged` DaemonSet + `nsenter` hack, very useful for setups requiring base packages pre-installed at nodes. Please take a moment to understand what it does, and *don't* use it for *production*. Grab the logs with: kubectl logs -n kube-system -l k8s-app=node-custom-setup -c init-node
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: DaemonSet | |
| metadata: | |
| namespace: kube-system | |
| name: node-custom-setup | |
| labels: | |
| k8s-app: node-custom-setup | |
| annotations: | |
| command: &cmd apt-get update -qy && apt-get install -qy tgt ceph-fs-common ceph-common xfsprogs |
jjo
/ docker-runc-cve-replace.sh
Last active
February 15, 2019 08:08
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # Workaround CVE-2019-5736 via patched runc provided by | |
| # https://github.com/rancher/runc-cve | |
| # The script does: | |
| # 1) find "docker-runc" executable and docker version | |
| # 2) download corresponding patched runc | |
| # 3) dpkg-divert (ie "permanently move") pkg installed runc and replace it by 2) | |
| # | |
| # Run with "-n" for dry-run. |
fusetim
/ protonvpn-wireguard-generator.py
Last active
April 23, 2025 06:10
Generate lots of Wireguard configuration for your ProtonVPN Account.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import http.client | |
| import http.cookies | |
| import json | |
| import base64 | |
| import hashlib | |
| from cryptography.hazmat.primitives import serialization | |
| from cryptography.hazmat.primitives.asymmetric import x25519 | |
| from cryptography.hazmat.primitives.asymmetric import ec | |
| from cryptography.hazmat.primitives import hashes |
OlderNewer