Skip to content

Instantly share code, notes, and snippets.

View petems's full-sized avatar
🏠
Working from home

Peter Souter petems

🏠
Working from home
130 followers · 168 following
View GitHub Profile
@petems
petems / gist:66895a19ba4cd2ca74c222d52be5b9bf
Created November 3, 2020 14:57
Vault Enterprise Error - cannot write to readonly storage
* error performing token check: failed to persist lease entry: cannot write to readonly storage (retry attempt 1 after "250ms")
Fixed in Vault Enterprise 1.5.4
Changelog entry:
> replication (enterprise): Improve race condition when using a newly created token on a performance standby node"
@petems
petems / test
Created October 4, 2020 15:07
"production" = {
"host" = "cool.example.com"
"password" = "xPYmDlsYDQKCbcaY3Xa68-SwdM-wYkHnNYn_ARiYbWRon2UNuzw6RG5DAZjO0Dmz6O-iMVIjX-hWc1ihT3WX"
"port" = 22
"user" = "bob"
}
@petems
petems / vault-raft-snapshot.sh
Created September 24, 2020 14:29
vault-raft-snapshot.sh
# 2020-06-23
# this shows creating a Vault instance running integrated storage/raft,
# then adding a KV and taking a snapshot
# then kill the raft DB files to simulate a storage failure
# repeat new Vault instance, restore snapshot, unseal and auth with orig keys
# and read some data to show how backup/restore works
cat << EOF > ./vault_raft.hcl
ui=true
disable_mlock = true
@petems
petems / gist:46f17923c6e9402ceefa57db0c940f82
Created March 13, 2020 14:45
Get info for cert from Vault
$ curl --header "X-Vault-Token: $VAULT_TOKEN" --request LIST http://127.0.0.1:8200/v1/pki/certs
{"request_id":"de47662c-784a-86b7-a387-fb7d4997f929","lease_id":"","renewable":false,"lease_duration":0,"data":{"keys":["22-d0-f7-2f-f6-c1-26-ca-2c-7c-fa-d7-63-ac-2b-a9-7d-3a-89-30","6b-0d-c3-94-c9-e1-20-d1-9a-eb-76-66-db-3d-8a-37-23-75-dc-1b"]},"wrap_info":null,"warnings":null,"auth":null}
$ curl --header "X-Vault-Token: $VAULT_TOKEN" http://127.0.0.1:8200/v1/pki/cert/22-d0-f7-2f-f6-c1-26-ca-2c-7c-fa-d7-63-ac-2b-a9-7d-3a-89-30
{"request_id":"7eb822aa-4a88-fc32-7cf3-86d4a5b3f0f6","lease_id":"","renewable":false,"lease_duration":0,"data":{"certificate":"-----BEGIN CERTIFICATE-----\nMIIDpjCCAo6gAwIBAgIUItD3L/bBJsosfPrXY6wrqX06iTAwDQYJKoZIhvcNAQEL\nBQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMjAwMzEzMTQzNzMxWhcNMjUw\nMzEyMTQzODAxWjAtMSswKQYDVQQDEyJleGFtcGxlLmNvbSBJbnRlcm1lZGlhdGUg\nQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1veq6qgz\nX8X7efKNQLF7BzTKd5iFm7MypSZTpfd6kunUSKCrLoIPH+oNTUbxXLsGXPxsKvSt
@petems
petems / gist:998649766cd7b4e6ffefa48badc1e946
Created March 13, 2020 14:45
Get info for cert from Vault
$ curl --header "X-Vault-Token: $VAULT_TOKEN" --request LIST http://127.0.0.1:8200/v1/pki/certs
{"request_id":"de47662c-784a-86b7-a387-fb7d4997f929","lease_id":"","renewable":false,"lease_duration":0,"data":{"keys":["22-d0-f7-2f-f6-c1-26-ca-2c-7c-fa-d7-63-ac-2b-a9-7d-3a-89-30","6b-0d-c3-94-c9-e1-20-d1-9a-eb-76-66-db-3d-8a-37-23-75-dc-1b"]},"wrap_info":null,"warnings":null,"auth":null}
$ curl --header "X-Vault-Token: $VAULT_TOKEN" http://127.0.0.1:8200/v1/pki/cert/22-d0-f7-2f-f6-c1-26-ca-2c-7c-fa-d7-63-ac-2b-a9-7d-3a-89-30
{"request_id":"7eb822aa-4a88-fc32-7cf3-86d4a5b3f0f6","lease_id":"","renewable":false,"lease_duration":0,"data":{"certificate":"-----BEGIN CERTIFICATE-----\nMIIDpjCCAo6gAwIBAgIUItD3L/bBJsosfPrXY6wrqX06iTAwDQYJKoZIhvcNAQEL\nBQAwFjEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMjAwMzEzMTQzNzMxWhcNMjUw\nMzEyMTQzODAxWjAtMSswKQYDVQQDEyJleGFtcGxlLmNvbSBJbnRlcm1lZGlhdGUg\nQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1veq6qgz\nX8X7efKNQLF7BzTKd5iFm7MypSZTpfd6kunUSKCrLoIPH+oNTUbxXLsGXPxsKvSt
@petems
petems / gist:ec2a722f3bb7c8614c277958a759b420
Created March 2, 2019 15:36
Create snapshot from Azure blob url
createSnapshot, err := blockBlobURL.CreateSnapshot(ctx, azblob.Metadata{}, azblob.BlobAccessConditions{})
if err == nil {
createSnapshot.Snapshot()
snapshot := createSnapshot.Snapshot()
snapshotBlobURL := blockBlobURL.WithSnapshot(snapshot)
l.logger.Printf("Created Azure Blob Snapshot - %s", snapshotBlobURL)
} else {
l.logger.Printf("Attempt to create blob snapshot failed - %s - Skipping", err)
}
@petems
petems / gist:109a77ccff3187dc0deb85a0e3f3ad89
Last active June 12, 2018 21:00
Vagrantfile
Vagrant.require_version ">= 2.0.0"
Vagrant.configure("2") do |config|
config.vm.define "statsbox", autostart: true do |statsbox|
statsbox.vm.box = "bento/ubuntu-16.04"
statsbox.vm.provider "virtualbox" do |vb|
vb.linked_clone = true
vb.memory = "1024"
end
@petems
petems / pub_key.pp
Last active June 11, 2018 11:31
SSH Pub Key
file { '/home/psouter/.ssh':
ensure => directory,
owner => 'psouter',
group => 'psouter',
mode => '0700',
}
-> ssh_authorized_key { 'hashicorp-laptop-key@homedir':
ensure => present,
user => 'psouter',
@petems
petems / keybase.md
Created February 19, 2018 10:09
keybase.md

Keybase proof

I hereby claim:

  • I am petems on github.
  • I am petersouter (https://keybase.io/petersouter) on keybase.
  • I have a public key whose fingerprint is 0CAF 42ED EB4E 16B4 243F 8148 AE3A 33F6 B70C 5AFD

To claim this, I am signing this object:

@petems
petems / catalina.json
Created July 7, 2017 18:03
Some example jmxtrans.json configs
{
"servers": [
{
"host": "foo",
"port": "9010",
"alias": "catalina.java",
"queries": [
{
"obj": "java.lang:type=ClassLoading",