Ryan Sawhill Aroha ryran
ryran
/ bashrc snippet for customizable powerline-go prompt.sh
Last active
February 25, 2022 09:18
powerline-go for PS1, customizable-on-the-fly thanks to bash-preexec & a custom helper function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # powerline-go for PS1, customizable-on-the-fly thanks to bash-preexec & a custom helper function | |
| # https://gist.github.com/ryran/dc0ec41ae5311ac40ce2896d19bbc984 | |
| # Source from the bottom of ~/.bashrc | |
| # Backup PS1 | |
| [[ $PS1_ORIG ]] || PS1_ORIG=$PS1 | |
| # Download binary from github.com/justjanne/powerline-go & customize the path here | |
| __pwr_binpath=/usr/local/bin/powerline-go |
ryran
/ ocp4-download-clients
Created
January 24, 2020 04:41
OCP4: Validate release available and download oc/openshift-install clients
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ocp4-download-clients v0.2.0 last mod 2020/01/23 | |
| # Copyright 2020 Ryan Sawhill Aroha <[email protected]> | |
| # | |
| # This program is free software: you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation, either version 3 of the License, or | |
| # (at your option) any later version. | |
| # | |
| # This program is distributed in the hope that it will be useful, |
ryran
/ ocp4-chk-upgrade-channel
Last active
February 10, 2023 00:47
OCP4: leverage api.openshift.com/api/upgrades_info to inspect OCP versions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ocp4-chk-upgrade-channel v1.4 last mod 2022/11/16 | |
| # https://gist.github.com/ryran/072409b1b7efd5018683a8c45e019652 | |
| # Copyright 2020, 2021, 2022 Ryan Sawhill Aroha <[email protected]> | |
| # | |
| # This program is free software: you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation, either version 3 of the License, or | |
| # (at your option) any later version. | |
| # |
ryran
/ check-gitlab-health.sh
Created
December 2, 2019 18:46
GitLab localhost health-checker for cron
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Created 2019 by Ryan Sawhill Aroha <[email protected]> | |
| # Ref: https://docs.gitlab.com/ee/user/admin_area/monitoring/health_check.html | |
| rc=0 | |
| url="https://localhost/-" | |
| endpoints="readiness liveness" | |
| file1=$(mktemp) file2=$(mktemp) | |
| trap "rm -rf $file1 $file2" EXIT INT |
ryran
/ check-etcd-secret-certs.sh
Created
June 20, 2019 14:49
OCPv4: check expiration of all TLS certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| tmp=$(mktemp -d) | |
| trap "cd - >/dev/null; rm -rf $tmp" EXIT | |
| cd $tmp | |
| echo >&2 | |
| echo "Checking expiration dates for all certs in all namespaces ..." >&2 | |
| echo "(Pipe to 'sort' to see soonest-to-expire at the top)" >&2 | |
| echo >&2 |
ryran
/ check-node-kubelet-certs.sh
Created
June 20, 2019 14:48
OCPv4: check expiration of node kubelet server/client certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| MASTERS="master0 master1 master2" | |
| WORKERS="worker0 worker1" | |
| echo "Checking expiration dates for all node /var/lib/kubelet/pki/kubelet-{server,client}-current certs ..." >&2 | |
| echo >&2 | |
| for h in $MASTERS $WORKERS; do | |
| echo $h | |
| ssh $h 'for f in kubelet-{server,client}-current.pem; do printf "\t$f: "; sudo openssl x509 -enddate -noout -in /var/lib/kubelet/pki/$f; done' |
ryran
/ ocpv4-expired-cert-recovery.sh
Created
June 10, 2019 21:19
OCPv4: recover from expired control plane certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # This extremely rough nonsense is an attempt to automate the disaster recovery | |
| # expired certs documentation published at | |
| # https://docs.openshift.com/container-platform/4.1/disaster_recovery/scenario-3-expired-certs.html | |
| # ... Which was last reviewed on 2019/06/10 | |
| # | |
| # Please contact [email protected] with suggestions or corrections | |
| # CUSTOMIZE THESE: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # Written May 2019 by Ryan Sawhill Aroha <[email protected]> | |
| # For dealing with OCPv4's MachineConfigs (which use Ignition) | |
| # Ref: https://github.com/openshift/machine-config-operator | |
| # Requires python v3.6+ | |
| import urllib.parse | |
| import os.path | |
| from sys import argv, stdin, stderr, exit as sysexit |
ryran
/ 00-lockdown-local-users.rules
Last active
April 20, 2018 04:15
polkit rules file to lock-out local users from certain privileged operations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Tested in RHEL7, modern Fedora (last edited 2018/04) | |
| // Save to /etc/polkit-1/rules.d/ | |
| /* | |
| This first rule prevents wheel group-members from becoming polkit admins. | |
| (NOTE: of course you should delete/comment this first rule if you want | |
| your wheel users to have unfettered access to the system, or if you | |
| have any other custom admin declarations.) | |
| This overrides /etc/polkit-1/rules.d/50-default.rules which would otherwise | |
| make it possible for wheel-group members to do all kinds of things, e.g.: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| flock_open() { | |
| # Open a blocking request for an exclusive lock against file $1, by | |
| # loop-trying a mkdir on: "$(dirname $1)/.$(basename $1).lock" | |
| # Lock can be stolen from a dead PID 3.2-19.2 seconds after they die, though | |
| # this can be changed by calling flock_open w/custom deadmax= env variable. | |
| local parentdir=$(dirname "${1}") | |
| local lock=${parentdir}/.${1##*/}.lock~ | |
| local owner= lastOwner= |
NewerOlder