diff options
Diffstat (limited to 'DEVNOTES')
-rw-r--r-- | DEVNOTES | 185 |
1 files changed, 0 insertions, 185 deletions
diff --git a/DEVNOTES b/DEVNOTES deleted file mode 100644 index 2a6e4b9..0000000 --- a/DEVNOTES +++ /dev/null @@ -1,185 +0,0 @@ -Schema -====================== - -service: - service_type: [user_service | public_service | internal_service] - - -Features to add -========================== - -templates --------------------- - -templates for nodes and services stored in leap_platform - -commands: - - leap add-service # menu of services, copies from the template - leap add-node # you pick a service among those enabled, then it copies template - -deploy ---------------------- - - leap bootstrap - leap dryrun - leap deploy - -key management -------------------------- - - leap add-ssh-keypair - leap add-x509-keypair - -json validation ------------------------- - -json validation -http://www.kuwata-lab.com/kwalify/ruby/users-guide.html - - -useful liberaries -================================ - -notes to myself - -user interaction - gli -- http://davetron5000.github.com/gli/rdoc/classes/GLI/DSL.html - sub -- https://github.com/37signals/sub - readline - highline https://github.com/JEG2/highline/tree/master/examples - terminal-tables - rainbow - http://stackoverflow.com/questions/9577718/what-ruby-libraries-should-i-use-for-building-a-console-based-application - -testing - aruba -- test for cli - -help - gem-man -- install man pages with gems - ronn -- write man pages in markdown - -push examples - - https://github.com/net-ssh/net-ssh - https://github.com/seattlerb/rake-remote_task - http://docs.seattlerb.org/rake-remote_task/ - https://github.com/seattlerb/rake-remote_task/blob/master/lib/rake/remote_task.rb - calling rsync from ruby - https://github.com/RichGuk/rrsync/blob/master/rrsync.rb - http://rubyforge.org/projects/six-rsync/ - https://github.com/automateit/automateit - http://www.jedi.be/blog/2009/11/17/shell-scripting-dsl-in-ruby/ - parallel shell - https://github.com/delano/rye - https://github.com/adamwiggins/rush - -ssh keygen - https://github.com/duritong/puppet-sshd/blob/master/lib/puppet/parser/functions/ssh_keygen.rb - -invoke puppet - https://github.com/davidwinter/sooty/blob/master/lib/sooty.rb - -shell -================================ - -http://devver.wordpress.com/2009/10/12/ruby-subprocesses-part_3/ -http://stackoverflow.com/questions/1154846/continuously-read-from-stdout-of-external-process-in-ruby -http://stackoverflow.com/questions/3874604/how-do-i-get-the-pty-spawn-child-exit-code -https://gist.github.com/148765 - -ssh -================================ - -http://mostlyobvio.us/2012/06/optimize-your-ssh-experience/ - -ssh certificate authority ----------------------------------- - -maybe wait off on this: "The certificate cert format seems to have changed between 5.5 and 6.0" - -search for "ssh-keygen -s" - -http://blog.habets.pp.se/2011/07/OpenSSH-certificates -http://en.community.dell.com/techcenter/b/techcenter/archive/2011/09/08/setting-up-certificate-authority-keys-with-openssh-version-5-4.aspx -http://serverfault.com/questions/264515/how-to-revoke-an-ssh-certificate-not-ssh-identity-file - -agent forwarding ---------------------------------- - -http://lyte.id.au/2012/03/19/ssh-agent-forwarding-is-a-bug/ - -instead: - - home$ ssh -o 'ProxyCommand ssh you@hop1 nc %h %p' ssh you@hop2 - hop2$ - -known_hosts ----------------- - -man sshd, search for known_hosts -@revoked -- should we put revoked keys in known_hosts, and when/how... -@cert-authority -- should we use it? - -ruby ---------------- - -ruby net::ssh - - def generate_key_fingerprint(key) - blob = Net::SSH::Buffer.from(:key, key).to_s - fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":") - - [blob, fingerprint] - rescue ::Exception => e - [nil, "(could not generate fingerprint: #{e.message})"] - end - - def exchange_keys - result = send_kexinit - verify_server_key(result[:server_key]) - session_id = verify_signature(result) - confirm_newkeys - - return { :session_id => session_id, - :server_key => result[:server_key], - :shared_secret => result[:shared_secret], - :hashing_algorithm => digester } - end - -DNS -====================================== - -problem: we want to be able to refer to the nodes by hostname (in a variety of programs) without requiring an external dns server. - -idea: - - simple lightweight ruby dns server -- https://github.com/ioquatix/rubydns - another ruby dns server (eventmachine) -- https://github.com/nricciar/em-dns-server - - modify /etc/resolveconf/resolve.conf.d/tail with - nameserver locahost - maybe like this: - resolveconf -a eth0.leap 'nameserver localhost' - - the problem is that there is probably already a resolving nameserver living at localhost. - linux doesn't appear to have a way to let you specify the port number for dns lookups (unlike bsd). boo - - a few other possibilies: - * alter /etc/hosts - * alter dnsmasq to use additional /etc/hosts files (simple switch for this). dnsmasq is running on my desktop, although there is no /etc/dnsmasq. - * write a libnss_ruby or something that would let you use a custom db for /etc/nsswitch.conf - see http://uw714doc.sco.com/en/SEC_admin/nssover.html - -ssh solution: - - ssh -l root -o "HostName=10.9.8.7" -o "HostKeyAlias=server_a" server_a -.. - - -MISC -==================== - -http://skim.la/2012/01/16/rsa-public-key-interoperability-between-ruby-and-android/ - - |