diff --git a/snippets/ansible/awx.fish b/snippets/ansible/awx.fish new file mode 100644 index 0000000..9d949cc --- /dev/null +++ b/snippets/ansible/awx.fish @@ -0,0 +1,59 @@ +#!/usr/bin/env + +# configure access +set -x 'TOWER_HOST' 'https://awx.example.com/' +set -x 'TOWER_USERNAME' 'admin' +set -x 'TOWER_PASSWORD' 'someReallyStrongPasswordInnit?' + +# show the current configuration +awx config + +# show info about the calling user +awx me + +# terminate sessions +awx-manage expire_sessions +awx-manage expire_sessions --user 'leonardo' + +# delete expired sessions +awx-manage clearsessions + +### +# Applications +# -------------------------------------- +# external access based on token +### + +# list applications +awx applications list --all | jq '.results[].name' - + +### +# Job templates +# -------------------------------------- +### + +# list job templates +awx job_templates list --all | jq '.results[].name' - +awx system_job_templates list --all | jq '.results[].name' - + +### +# Projects +# -------------------------------------- +# collections of ansible playbooks +### + +# list projects +awx project list --all | jq '.results[].name' - +awx project list --name 'something' -f 'jq' | jq '.results[].id' - + +# update projects +awx projects update '4' +awx projects update --monitor --interval '3' '4' + +### +# Schedules +# -------------------------------------- +### + +# list schedules +awx schedules list --all | jq '.results[].name' diff --git a/snippets/ansible/commands.sh b/snippets/ansible/commands.sh index 891eb56..e179688 100644 --- a/snippets/ansible/commands.sh +++ b/snippets/ansible/commands.sh @@ -125,6 +125,9 @@ ansible-doc -t 'strategy' 'linear' # Run commands within Execution Environments ansible-navigator exec +ansible-navigator \ + --execution-environment-volume-mounts="$HOME/.aws:/runner/.aws:ro" \ + exec -- ansible-inventory --inventory 'aws_ec2.yml' --limit 'i-0123456789abcdef0' --list venv/bin/ansible-navigator --mode='stdout' --container-options='--platform=linux/amd64' \ --execution-environment-image='012345678901.dkr.ecr.eu-west-1.amazonaws.com/infra/ansible-ee' \ exec -- ansible-galaxy collection list diff --git a/snippets/aws/other commands.fish b/snippets/aws/other commands.fish index ec893c3..ac5c611 100644 --- a/snippets/aws/other commands.fish +++ b/snippets/aws/other commands.fish @@ -65,6 +65,15 @@ aws cognito-idp list-user-pools --max-results '10' --query 'UserPools' aws cognito-idp list-users --user-pool-id 'eu-west-1_lrDF9T78a' --query "Users[?Username=='john']" +### +# ECS +# ------------------ +### + +# Execute commands in containers +aws ecs execute-command --cluster 'staging' --task '0123456789abcdefghijklmnopqrstuv' --container 'pihole' \ + --interactive --command "dd if=/dev/zero of=/spaceHogger count=16048576 bs=1024" + ### # ECR # ------------------ diff --git a/snippets/dd.fish b/snippets/dd.fish new file mode 100644 index 0000000..72747a0 --- /dev/null +++ b/snippets/dd.fish @@ -0,0 +1,26 @@ +#!/usr/bin/env fish + +# Create a 10GB file +dd if='/dev/zero' of='/spaceHogger' count='10485760' bs='1024' +dd if='/dev/zero' of='/spaceHogger' count='10' bs='1G' +bash -c 'dd if="/dev/zero" of="/spaceHogger" count="$(( 1024 * 10 ))" bs="1M" status="progress"' +dd if='/dev/zero' of='/spaceHogger' count=(math 1024 '*' 10) bs='1M' + +# Check disk drives contain no bad blocks +dd if='/dev/ada0' of='/dev/null' bs='1m' + +# Refresh of disk drives +# Used to prevent presently recoverable read errors from progressing into unrecoverable read errors +dd if='/dev/ada0' of='/dev/ada0' bs='1m' status='progress' + +# Write filesystem images to disks +# Pad the end with zeros, if necessary, to a 1MiB boundary +dd if='memstick.img' of='/dev/da0' bs='1m' conv='noerror,sync' + + +### +# Alternatives +### + +fallocate -l '1G' '1g-file' +fallocate -zl '10G' '10g-file-zeroed' diff --git a/snippets/openssl.sh b/snippets/openssl.sh index f455432..9340509 100644 --- a/snippets/openssl.sh +++ b/snippets/openssl.sh @@ -3,6 +3,7 @@ ## # Passwords +# -------------------------------------- ## # Generate pseudo-random passwords @@ -12,6 +13,7 @@ openssl rand -base64 '18' > 'key.bin' ## # Private keys +# -------------------------------------- ## # Generate RSA keys @@ -52,7 +54,7 @@ openssl dhparam -out 'dhparams.pem' '2048' ## # Certificate Signing Requests (CSR) -# ---------------------------------- +# -------------------------------------- # Digests must be names of supported has functions (md5, sha1, sha224, sha256, sha384, sha512, …) ## @@ -89,6 +91,7 @@ openssl req -in 'request.csr' -verify -text -noout # prints the data given in i ## # X.509 certificates +# -------------------------------------- ## # Create self-signed certificates with their new private key from scratch @@ -103,16 +106,18 @@ openssl x509 -req -in 'request.csr' -signkey 'private.key' -out 'certificate.crt # Very naive example of how to issue new certificates should one be a CA company openssl x509 -req -in 'child.csr' -days '365' -CA 'ca.crt' -CAkey 'ca.key' -set_serial '01' -out 'child.crt' -# Print out certificate information -openssl x509 -in 'certificate.crt' -text -noout # textual representation of components -openssl x509 -in 'certificate.crt' -fingerprint -sha256 -noout # fingerprint as sha256 digest -openssl x509 -in 'certificate.crt' -fingerprint -md5 -noout # fingerprint as md5 digest +# Show certificate information +openssl x509 -noout -in 'certificate.crt' -text # textual representation of components +openssl x509 -noout -in 'certificate.crt' -fingerprint -sha256 # fingerprint as sha256 digest +openssl x509 -noout -in 'certificate.crt' -fingerprint -md5 # fingerprint as md5 digest +openssl x509 -noout -in 'certificate.pem' -dates -issuer -subject # expiration date, issuer and subject +openssl s_client -connect 'www.google.com:443' < /dev/null | openssl x509 -noout -startdate -enddate # Verify certificate chains -# If a certificate is its own issuer, it is assumed to be the root CA (needs to be self signed) -openssl verify 'certificate.crt' # root and *all* intemediate certificates need to be trusted by the local machine -openssl verify -untrusted 'intermediate-ca-chain.pem' 'certificate.crt' # the root certificate needs to be trusted by the local machine -openssl verify -purpose 'sslserver' -untrusted 'chain.pem' 'fullchain.pem' +# If a certificate is its own issuer, it is assumed to be the root CA and must be self signed +openssl verify 'certificate.crt' # localhost must trust the root and *all* intemediate certificates +openssl verify -untrusted 'intermediate-ca-chain.pem' 'certificate.crt' # localhost must trust the root certificate +openssl verify -purpose 'sslserver' -untrusted 'chain.pem' 'fullchain.pem' -verify_hostname 'smth.example.org' openssl verify -CAfile 'root.crt' -untrusted 'intermediate-ca-chain.pem' 'child.crt' # Verify certificates served by remote servers cover the given hostnames @@ -142,10 +147,6 @@ openssl pkcs12 -export -out 'certificate.pfx' -inkey 'private.key.pem' -in 'cert # Convert PKCS#12 files (.pfx .p12) containing private keys and certificates to PEM openssl pkcs12 -in 'keystore.pfx' -out 'keystore.pem' -nodes -# Show certificate details -openssl x509 -noout -dates -issuer -subject -in 'certificate.pem' -openssl s_client -connect 'www.google.com:443' | openssl x509 -noout -dates -issuer -subject - ## # TLS client @@ -180,6 +181,7 @@ curl -kso '/dev/null' -w "tcp:%{time_connect}, ssldone:%{time_appconnect}\n" 'ht ## # Others +# -------------------------------------- ## # Verify private keys match certificates and CSRs