Zeki Unal zekiunal
zekiunal
/ UsingVaultAsACertificateAuthorityforDocker.md
Last active
July 17, 2017 09:18
Using Vault as a certificate authority for Docker
zekiunal
/ vault_intermediate_ca_setup.sh
Created
July 15, 2017 14:20
— forked from bhouse/vault_intermediate_ca_setup.sh
Setting Up Hashicorp Vault with an intermediate CA based on https://gist.github.com/jefferai/092d2cd728ff66089f17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # Setup a Root CA in vault | |
| # Generate and sign an Intermediate cert | |
| # | |
| # Requires: | |
| # * A running vault server already initialzed and unsealed | |
| # * Environment variable VAULT_TOKEN is set | |
| # * vault cli (https://www.vaultproject.io) | |
| # * httpie (https://github.com/jkbrzt/httpie) |
zekiunal
/ vault_intermediate_ca_setup.sh
Created
July 15, 2017 14:17
— forked from codekoala/vault_intermediate_ca_setup.sh
Setting Up Hashicorp Vault with an intermediate CA based on https://gist.github.com/jefferai/092d2cd728ff66089f17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # Setup a Root CA in vault | |
| # Generate and sign an Intermediate cert | |
| # | |
| # Requires: | |
| # * A running vault server already initialzed and unsealed | |
| # * Environment variable VAULT_TOKEN is set | |
| # * vault cli (https://www.vaultproject.io) | |
| # * httpie (https://github.com/jkbrzt/httpie) |
zekiunal
/ make-ca.sh
Created
July 3, 2017 10:55
— forked from kgutwin/make-ca.sh
Vault PKI testing script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # taken from https://docs.docker.com/articles/https/ | |
| # you will have to enter a passphrase when prompted. | |
| openssl genrsa -aes256 -out ca-key.pem 2048 | |
| openssl req -subj "/CN=$HOSTNAME" -new -x509 -days 365 -key ca-key.pem \ | |
| -sha256 -out ca.pem | |
| #openssl genrsa -out server-key.pem 2048 | |
| #openssl req -subj "/CN=$HOSTNAME" -new -key server-key.pem -out server.csr |
zekiunal
/ vault_init_ca.sh
Created
July 3, 2017 10:51
— forked from RafPe/vault_init_ca.sh
Vault PKI CA init with intermediate
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| # Pre-requiresites: | |
| # > Vault server | |
| # > exported VAULT_ADDR and VAULT_TOKEN | |
| # > vault cli | |
| # > httpie (https://github.com/jkbrzt/httpie) | |
| # > jq (https://stedolan.github.io/jq/) | |
| # CA |
zekiunal
/ 01-vault-restore-poc.txt
Created
June 24, 2017 21:53
— forked from daveadams/01-vault-restore-poc.txt
POC Vault Restore
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| To restore a filesystem-backed Vault instance: | |
| 1. Shut down running Vault process (pkill vault) | |
| 2. Make backup to new location (cp -r /original-storage /new-storage) | |
| 3. Write a new config file to point to /new-storage | |
| 4. Start new Vault process (vault server -config=new-config-file.hcl) | |
| 5. DO NOT run `vault init` | |
| 6. ONLY RUN `vault unseal <key1>`, etc... |
zekiunal
/ s3-nginx-log-rotate.sh
Created
September 28, 2016 01:24
— forked from mustafaturan/s3-nginx-log-rotate.sh
S3 Nginx Log rotation file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BUCKETNAME="your_s3_bucket" | |
| LOGDIR="/opt/nginx/logs" | |
| LOGDATE=$(date +"%Y%m%d") | |
| LOGFILES=( "access" "ssl-access" ) | |
| BOT_LOGFILES=( "bots-access" "bots-ssl-access" ) | |
| echo "Moving access logs to dated logs.." |
zekiunal
/ System Design.md
Created
April 18, 2016 12:35
— forked from vasanthk/System Design.md
System Design Cheatsheet
#System Design Cheatsheet
Picking the right architecture = Picking the right battles + Managing trade-offs
##Basic Steps
- Clarify and agree on the scope of the system
- User cases (description of sequences of events that, taken together, lead to a system doing something useful)
- Who is going to use it?
- How are they going to use it?
zekiunal
/ disk-check.json
Created
April 11, 2016 22:31
— forked from mtchavez/disk-check.json
Consul Nagios Example Checks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "check": { | |
| "id": "check-disk", | |
| "name": "check-disk", | |
| "script": "/usr/lib/nagios/plugins/check_disk -w 30% -c 5%", | |
| "interval": "1m" | |
| } | |
| } |
NewerOlder