Deploy key is a SSH key set in your repo to grant client read-only (as well as r/w, if you want) access to your repo.
As the name says, its primary function is to be used in the deploy process in replace of username/password, where only read access is needed. Therefore keep the repo safe from the attack, in case the server side is fallen.
| #!/bin/bash | |
| # | |
| # Pre-commit hook that verifies if all files containing 'vault' in the name | |
| # are encrypted. | |
| # If not, commit will fail with an error message | |
| # | |
| # Original author: @ralovely | |
| # https://www.reinteractive.net/posts/167-ansible-real-life-good-practices | |
| # | |
| # File should be .git/hooks/pre-commit and executable |
| from suds.sudsobject import asdict | |
| def recursive_asdict(d): | |
| """Convert Suds object into serializable format.""" | |
| out = {} | |
| for k, v in asdict(d).iteritems(): | |
| if hasattr(v, '__keylist__'): | |
| out[k] = recursive_asdict(v) | |
| elif isinstance(v, list): | |
| out[k] = [] |
| #!/usr/bin/env bash | |
| # | |
| # Get the value of a tag for a running EC2 instance. | |
| # | |
| # This can be useful within bootstrapping scripts ("user-data"). | |
| # | |
| # Note the EC3 instance needs to have an IAM role that lets it read tags. The policy | |
| # JSON for this looks like: | |
| # | |
| # { |
I've been using a lot of Ansible lately and while almost everything has been great, finding a clean way to implement ansible-vault wasn't immediately apparent.
What I decided on was the following: put your secret information into a vars file, reference that vars file from your task, and encrypt the whole vars file using ansible-vault encrypt.
Let's use an example: You're writing an Ansible role and want to encrypt the spoiler for the movie Aliens.
The attack detailed below has stopped (for the time being) and almost all network access for almost all customers have been restored. We're keeping this post and the timeline intact for posterity. Unless the attack resumes, we'll post a complete postmortem within 48 hours (so before Wednesday, March 26 at 11:00am central time).
Criminals have laid siege to our networks using what's called a distributed denial-of-service attack (DDoS) starting at 8:46 central time, March 24 2014. The goal is to make Basecamp, and the rest of our services, unavailable by flooding the network with bogus requests, so nothing legitimate can come through. This attack was launched together with a blackmail attempt that sought to have us pay to avoid this assault.
Note that this attack targets the network link between our servers and the internet. All the data is safe and sound, but nobody is able to get to it as long as the attack is being successfully executed. This is like a bunch of people
| # Calculates metrics on March Madness video streaming, including | |
| # unique IPs, total HTTP requests, and total bytes downloaded. | |
| # Sample output: | |
| # | |
| # fields ts ts_delta app uniq_hosts hits bytes | |
| # types time interval string count count count | |
| # 1395331457.824587 900.000000 march-madness 4 569 164589761 | |
| # 1395332324.854514 900.000000 march-madness 17 1917 704801124 | |
| @load misc/app-stats |
| USER_NAME=marcy | |
| sed -i "s/.*RSAAuthentication.*/RSAAuthentication yes/g" /etc/ssh/sshd_config | |
| sed -i "s/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g" /etc/ssh/sshd_config | |
| sed -i "s/.*PasswordAuthentication.*/PasswordAuthentication no/g" /etc/ssh/sshd_config | |
| sed -i "s/.*AuthorizedKeysFile.*/AuthorizedKeysFile\t\.ssh\/authorized_keys/g" /etc/ssh/sshd_config | |
| sed -i "s/.*PermitRootLogin.*/PermitRootLogin no/g" /etc/ssh/sshd_config | |
| echo "${USER_NAME} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers | |
| service sshd restart |
| The regex patterns in this gist are intended only to match web URLs -- http, | |
| https, and naked domains like "example.com". For a pattern that attempts to | |
| match all URLs, regardless of protocol, see: https://gist.github.com/gruber/249502 | |
| # Single-line version: | |
| (?i)\b((?:https?:(?:/{1,3}|[a-z0-9%])|[a-z0-9.\-]+[.](?:com|net|org|edu|gov|mil|aero|asia|biz|cat|coop|info|int|jobs|mobi|museum|name|post|pro|tel|travel|xxx|ac|ad|ae|af|ag|ai|al|am|an|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cs|cu|cv|cx|cy|cz|dd|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|s |
| #! /usr/bin/env bash | |
| ### | |
| # | |
| # install_mysql.sh | |
| # | |
| # This script assumes your Vagrantfile has been configured to map the root of | |
| # your application to /vagrant and that your web root is the "public" folder | |
| # (Laravel standard). Standard and error output is sent to | |
| # /vagrant/vm_build.log during provisioning. |