I wrote this answer on stackexchange, here: https://stackoverflow.com/posts/12597919/
It was wrongly deleted for containing "proprietary information" years later. I think that's bullshit so I am posting it here. Come at me.
Amazon is a SOA system with 100s of services (or so says Amazon Chief Technology Officer Werner Vogels). How do they handle build and release?
| # This file is your Lambda function | |
| import json | |
| import boto3 | |
| def save_to_bucket(event, context): | |
| AWS_BUCKET_NAME = 'my-bucket-name' | |
| s3 = boto3.resource('s3') | |
| bucket = s3.Bucket(AWS_BUCKET_NAME) | |
| path = 'my-path-name.txt' |
This guide has moved to a GitHub repository to enable collaboration and community input via pull-requests.
https://github.com/alexellis/k8s-on-raspbian
Alex
Just run this from your Mac terminal and it'll drop you in a container with full permissions on the Docker VM. This also works for Docker for Windows for getting in Moby Linux VM (doesn't work for Windows Containers).
docker run -it --rm --privileged --pid=host justincormack/nsenter1
more info: https://github.com/justincormack/nsenter1
With heightening concern regarding the state of internet privacy (fuelled in part by the passing of the Investigatory Powers Act in the UK), I have set up a VPN server on the virtual server I have hosted with Mythic Beasts. This uses strongSwan and certificate-based IKEv2 authentication.
Assumptions:
debian.example.com, a public IPv4 of 203.0.113.1 and a public IPv6 of 2001:db8::1meFor automated deployment of a similar setup, albeit Ubuntu-based and using ansible for deployment, I recommend you take a look at Algo VPN. I used that project as a basis for my configuration.
| #!/usr/bin/python3 | |
| # detect tones in sound spectrum with scipy FFT | |
| # here sound source is a USB microphone with ALSA (channel 1) | |
| from collections import deque | |
| import struct | |
| import sys | |
| import time | |
| import threading |
In order to give someone access to hosts that are available only by ssh "bouncing" (ProxyJump),
add a user for this specific purpose.
We have an internal openstack where instances get IPs on per-tenant networks. Each tenant has a 'bastion' host that has a "public" ip (floating ip). You can access other instances by bouncing through the bastion. From time to time I want to let someone else into an instance. This could be done either with:
a.) just give them shell access to the bastion and let them hop through. Sharing an unrestricted shell account on my bastion is less than ideal. b.) assign a floating/"public" IP to the instance so they could go directly in. Floating IPs are limited, so this is less than ideal.
So instead, I have set up a single user as described here that can only be used for ProxyJump. It allows others proxied access to my instances but without granting them full shell access.
| # UPDATED 17 February 2019 | |
| # Redirect all HTTP traffic to HTTPS | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name www.domain.com domain.com; | |
| return 301 https://$host$request_uri; | |
| } | |
| # SSL configuration |
| android.permission.ACCESS_ALL_DOWNLOADS | |
| android.permission.ACCESS_BLUETOOTH_SHARE | |
| android.permission.ACCESS_CACHE_FILESYSTEM | |
| android.permission.ACCESS_CHECKIN_PROPERTIES | |
| android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY | |
| android.permission.ACCESS_DOWNLOAD_MANAGER | |
| android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED | |
| android.permission.ACCESS_DRM_CERTIFICATES | |
| android.permission.ACCESS_EPHEMERAL_APPS | |
| android.permission.ACCESS_FM_RADIO |
Here are the simple steps needed to create a deployment from your local GIT repository to a server based on this in-depth tutorial.
You are developing in a working-copy on your local machine, lets say on the master branch. Most of the time, people would push code to a remote server like github.com or gitlab.com and pull or export it to a production server. Or you use a service like deepl.io to act upon a Web-Hook that's triggered that service.
