chore(snippets): review recently used commands

snippets/ansible/awx.fish

@@ -0,0 +1,59 @@
+#!/usr/bin/env
+
+# configure access
+set -x 'TOWER_HOST' 'https://awx.example.com/'
+set -x 'TOWER_USERNAME' 'admin'
+set -x 'TOWER_PASSWORD' 'someReallyStrongPasswordInnit?'
+
+# show the current configuration
+awx config
+
+# show info about the calling user
+awx me
+
+# terminate sessions
+awx-manage expire_sessions
+awx-manage expire_sessions --user 'leonardo'
+
+# delete expired sessions
+awx-manage clearsessions
+
+###
+# Applications
+# --------------------------------------
+# external access based on token
+###
+
+# list applications
+awx applications list --all | jq '.results[].name' -
+
+###
+# Job templates
+# --------------------------------------
+###
+
+# list job templates
+awx job_templates list --all  | jq '.results[].name' -
+awx system_job_templates list --all  | jq '.results[].name' -
+
+###
+# Projects
+# --------------------------------------
+# collections of ansible playbooks
+###
+
+# list projects
+awx project list --all | jq '.results[].name' -
+awx project list --name 'something' -f 'jq' | jq '.results[].id' -
+
+# update projects
+awx projects update '4'
+awx projects update --monitor --interval '3' '4'
+
+###
+# Schedules
+# --------------------------------------
+###
+
+# list schedules
+awx schedules list --all | jq '.results[].name'

snippets/ansible/commands.sh

@@ -125,6 +125,9 @@ ansible-doc -t 'strategy' 'linear'
 
 # Run commands within Execution Environments
 ansible-navigator exec
+ansible-navigator \
+	--execution-environment-volume-mounts="$HOME/.aws:/runner/.aws:ro" \
+	exec -- ansible-inventory --inventory 'aws_ec2.yml' --limit 'i-0123456789abcdef0' --list
 venv/bin/ansible-navigator --mode='stdout' --container-options='--platform=linux/amd64' \
 	--execution-environment-image='012345678901.dkr.ecr.eu-west-1.amazonaws.com/infra/ansible-ee' \
 	exec -- ansible-galaxy collection list

snippets/aws/other commands.fish

@@ -65,6 +65,15 @@ aws cognito-idp list-user-pools --max-results '10' --query 'UserPools'
 aws cognito-idp list-users --user-pool-id 'eu-west-1_lrDF9T78a' --query "Users[?Username=='john']"
 
 
+###
+# ECS
+# ------------------
+###
+
+# Execute commands in containers
+aws ecs execute-command --cluster 'staging' --task '0123456789abcdefghijklmnopqrstuv' --container 'pihole' \
+	--interactive --command "dd if=/dev/zero of=/spaceHogger count=16048576 bs=1024"
+
 ###
 # ECR
 # ------------------

snippets/dd.fish

@@ -0,0 +1,26 @@
+#!/usr/bin/env fish
+
+# Create a 10GB file
+dd if='/dev/zero' of='/spaceHogger' count='10485760' bs='1024'
+dd if='/dev/zero' of='/spaceHogger' count='10' bs='1G'
+bash -c 'dd if="/dev/zero" of="/spaceHogger" count="$(( 1024 * 10 ))" bs="1M" status="progress"'
+dd if='/dev/zero' of='/spaceHogger' count=(math 1024 '*' 10) bs='1M'
+
+# Check disk drives contain no bad blocks
+dd if='/dev/ada0' of='/dev/null' bs='1m'
+
+# Refresh of disk drives
+# Used to prevent presently recoverable read errors from progressing into unrecoverable read errors
+dd if='/dev/ada0' of='/dev/ada0' bs='1m' status='progress'
+
+# Write filesystem images to disks
+# Pad the end with zeros, if necessary, to a 1MiB boundary
+dd if='memstick.img' of='/dev/da0' bs='1m' conv='noerror,sync'
+
+
+###
+# Alternatives
+###
+
+fallocate -l '1G' '1g-file'
+fallocate -zl '10G' '10g-file-zeroed'

snippets/openssl.sh

@@ -3,6 +3,7 @@
 
 ##
 # Passwords
+# --------------------------------------
 ##
 
 # Generate pseudo-random passwords
@@ -12,6 +13,7 @@ openssl rand -base64 '18' > 'key.bin'
 
 ##
 # Private keys
+# --------------------------------------
 ##
 
 # Generate RSA keys
@@ -52,7 +54,7 @@ openssl dhparam -out 'dhparams.pem' '2048'
 
 ##
 # Certificate Signing Requests (CSR)
-# ----------------------------------
+# --------------------------------------
 # Digests must be names of supported has functions (md5, sha1, sha224, sha256, sha384, sha512, …)
 ##
 
@@ -89,6 +91,7 @@ openssl req -in 'request.csr' -verify -text -noout  # prints the data given in i
 
 ##
 # X.509 certificates
+# --------------------------------------
 ##
 
 # Create self-signed certificates with their new private key from scratch
@@ -103,16 +106,18 @@ openssl x509 -req -in 'request.csr' -signkey 'private.key' -out 'certificate.crt
 # Very naive example of how to issue new certificates should one be a CA company
 openssl x509 -req -in 'child.csr' -days '365' -CA 'ca.crt' -CAkey 'ca.key' -set_serial '01' -out 'child.crt'
 
-# Print out certificate information
+# Show certificate information
-openssl x509 -in 'certificate.crt' -text -noout                 # textual representation of components
+openssl x509 -noout -in 'certificate.crt' -text                    # textual representation of components
-openssl x509 -in 'certificate.crt' -fingerprint -sha256 -noout  # fingerprint as sha256 digest
+openssl x509 -noout -in 'certificate.crt' -fingerprint -sha256     # fingerprint as sha256 digest
-openssl x509 -in 'certificate.crt' -fingerprint -md5 -noout     # fingerprint as md5 digest
+openssl x509 -noout -in 'certificate.crt' -fingerprint -md5        # fingerprint as md5 digest
+openssl x509 -noout -in 'certificate.pem' -dates -issuer -subject  # expiration date, issuer and subject
+openssl s_client -connect 'www.google.com:443' < /dev/null | openssl x509 -noout -startdate -enddate
 
 # Verify certificate chains
-# If a certificate is its own issuer, it is assumed to be the root CA (needs to be self signed)
+# If a certificate is its own issuer, it is assumed to be the root CA and must be self signed
-openssl verify 'certificate.crt'  # root and *all* intemediate certificates need to be trusted by the local machine
+openssl verify 'certificate.crt'  # localhost must trust the root and *all* intemediate certificates
-openssl verify -untrusted 'intermediate-ca-chain.pem' 'certificate.crt'  # the root certificate needs to be trusted by the local machine
+openssl verify -untrusted 'intermediate-ca-chain.pem' 'certificate.crt'  # localhost must trust the root certificate
-openssl verify -purpose 'sslserver' -untrusted 'chain.pem' 'fullchain.pem'
+openssl verify -purpose 'sslserver' -untrusted 'chain.pem' 'fullchain.pem' -verify_hostname 'smth.example.org'
 openssl verify -CAfile 'root.crt' -untrusted 'intermediate-ca-chain.pem' 'child.crt'
 
 # Verify certificates served by remote servers cover the given hostnames
@@ -142,10 +147,6 @@ openssl pkcs12 -export -out 'certificate.pfx' -inkey 'private.key.pem' -in 'cert
 # Convert PKCS#12 files (.pfx .p12) containing private keys and certificates to PEM
 openssl pkcs12 -in 'keystore.pfx' -out 'keystore.pem' -nodes
 
-# Show certificate details
-openssl x509 -noout -dates -issuer -subject -in 'certificate.pem'
-openssl s_client -connect 'www.google.com:443' | openssl x509 -noout -dates -issuer -subject
-
 
 ##
 # TLS client
@@ -180,6 +181,7 @@ curl -kso '/dev/null' -w "tcp:%{time_connect}, ssldone:%{time_appconnect}\n" 'ht
 
 ##
 # Others
+# --------------------------------------
 ##
 
 # Verify private keys match certificates and CSRs