Install homebrew
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Install google chrome
brew cask install google-chrome
Stephen Lauck stephenlauck
stephenlauck
/ gem_error
Created
January 28, 2015 12:49
resolve nokogiri complie error when using bundle with ec-metal
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| An error occurred while installing nokogiri (1.6.6.2), and Bundler cannot continue. | |
| Make sure that `gem install nokogiri -v '1.6.6.2'` succeeds before bundling. | |
| ~/dev/ec-metal(master) > gem install nokogiri -v '1.6.6.2' | |
| Building native extensions. This could take a while... | |
| Successfully installed nokogiri-1.6.6.2 | |
| 1 gem installed | |
| ~/dev/ec-metal(master) > bundle | |
| Fetching gem metadata from https://rubygems.org/....... | |
| Fetching additional metadata from https://rubygems.org/.. | |
| Resolving dependencies... |
stephenlauck
/ admin_org.rb
Created
January 30, 2015 19:21
Start of script to create Orgs and Admins on Chef Server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| execute 'create admin' do | |
| command <<-EOM.gsub(/\s+/, ' ').strip! | |
| chef-server-ctl user-create #{node['chef-server-cluster']['admin']['username']} | |
| #{node['chef-server-cluster']['admin']['firstname']} | |
| #{node['chef-server-cluster']['admin']['lastname']} | |
| #{node['chef-server-cluster']['admin']['email']} | |
| #{node['chef-server-cluster']['admin']['password']} | |
| -f #{node['chef-server-cluster']['admin']['private_key_path']} | |
| EOM | |
| not_if "chef-server-ctl user-list | grep -w #{node['chef-server-cluster']['admin']['username']}" |
stephenlauck
/ gist:c36ce3d8490bd41d0ad2
Created
May 19, 2015 14:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ================================================================================ | |
| Error executing action `run` on resource 'execute[opscode-reporting-reconfigure]' | |
| ================================================================================ | |
| Mixlib::ShellOut::ShellCommandFailed | |
| ------------------------------------ | |
| Expected process to exit with [0], but received '1' | |
| ---- Begin output of opscode-reporting-ctl reconfigure ---- | |
| STDOUT: [2015-05-19T14:09:25+00:00] INFO: Starting chef-zero on port 8889 with repository at repository at /opt/opscode-reporting/embedded | |
| One version per cookbook |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ------ | |
| As with any security model, the layered approach is recommended. Now the issue here is where chef stops and your internal security starts. Obvious things to consider:- | |
| Chef has a PKI infrastructure so securing keys is the top priority. Access to those keys has to be controlled, and whilst there are things that can be done cleverly with chef cookbooks to check on this/remove access, then there are also people and process issues that need to be addressed. | |
| Developer workstations, - here securing keys is not so simple, obvious things are to put chown 0600 for any private keys, and keep them in .ssh directory ( properly secured, not sure how to do that on windows machines, but am sure it is possible ), however, you will probably over time have a lot of keys, and maybe chef-vault ( https://docs.chef.io/chef_vault.html also checkout Justin Timberman's blog at the bottom of that link, as He works for Chef ) is one answer? People and process come in to play here too. Private Key management will be |
stephenlauck
/ gist:fdea75f23027e9239c1b
Created
December 21, 2015 19:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DEPENDENCIES | |
| chef-ingredient | |
| git: git://github.com/chef-cookbooks/chef-ingredient.git | |
| revision: 27cb8306a3d1d7048df13d74908f751d2a6ac2ee | |
| chef-server-12 | |
| git: git://github.com/opscode-cookbooks/delivery-cluster.git | |
| revision: 3a93b557d1b16fb5d62f091d3aaa30dff976e508 | |
| rel: vendor/chef-server-12 | |
| chef-splunk | |
| git: git://github.com/chef-cookbooks/chef-splunk.git |
stephenlauck
/ .kitchen.local.yml
Last active
March 18, 2016 16:29
Local kitchen yml to create vm ready for ssh provisioning with delivery-cluster.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # KITCHEN_YAML=.kitchen.local.yml kitchen create cent | |
| --- | |
| driver: | |
| name: vagrant | |
| ssh: | |
| insert_key: false | |
| provisioner: | |
| name: chef_zero | |
| chef_zero_port: 9010 |
stephenlauck
/ gist:b9ccbf0fbcccaa09efd78d94aa754e9c
Created
March 21, 2017 18:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@automate ~]# inspec exec https://github.com/dev-sec/ssl-baseline/archive/master.tar.gz | |
| /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/net/http.rb:933:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (OpenSSL::SSL::SSLError) | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/net/http.rb:933:in `connect' | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/net/http.rb:863:in `do_start' | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/net/http.rb:852:in `start' | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/open-uri.rb:319:in `open_http' | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/open-uri.rb:737:in `buffer_open' | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/open-uri.rb:212:in `block in open_loop' | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/open-uri.rb:210:in `catch' | |
| from /hab/pkgs/core/ruby/2.3.1/20161214031900/lib/ruby/2.3.0/open-uri.rb:210:in `open_loo |
stephenlauck
/ smb.rb
Created
April 26, 2017 19:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Remove SMB1 Client and Server functions for Server 2012 and newer | |
| windows_feature "SMB1Protocol" do | |
| action :remove | |
| install_method :windows_feature_dism | |
| end | |
| # Disable SMB1 server | |
| registry_key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' do | |
| values [{ | |
| name: 'SMB1', |
stephenlauck
/ smb_spec.rb
Created
April 26, 2017 19:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Remove SMB1 Client and Server functions for Server 2012 and newer | |
| describe windows_feature('SMB1Protocol') do | |
| it { should_not be_installed } | |
| end | |
| # Disable SMB1 Server functionality | |
| describe registry_key('SMB1','HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters') do | |
| its('SMB1') { should eq 0 } | |
| end |