Friday, May 26, 2017

Switching yubikeys

In this post I described how I set up gpg keys on a yubikey. Since I have multiple yubikeys for some redundancy I occasionally have to use a different one. This basically involves deleting the secret key and re-importing it from the yubikey.

On OSX


Open up GPG keychain and click through the scary warning to delete the secret keys. If you set it up right these are only stubs, the actual key is on the yubikey. Once you've done that, insert the key you want to use and get the stubs recreated with:
$ gpg --card-status

Tuesday, March 28, 2017

Managing go versions with gvm

gvm is a way to manage multiple go versions. It has some strange behaviour with go paths that I don't really understand. It essentially sets your GOPATH to a different directory for every version. You could just append your real go path, but it seems like there might be tooling that doesn't expect gopath to be a list. My solution was to:
gvm install go1.8
gvm use go1.8
gvm pkgenv
This pops $EDITOR which you can use to set your go path to $HOME/go. Check it with:
go env

Tuesday, January 10, 2017

kubectl Kubernetes Cheat Sheet

A complement to the official kubectl cheat sheet.

Nodes
$ kubectl get nodes
$ kubectl get nodes/gke-hello-world-default-pool-9dbb0d2c-5qkl --show-labels
$ kubectl label nodes --all mylabel=myvalue
$ kubectl label nodes --all mylabel-
DaemonSet

Creating a daemonset:
$ echo 'apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: daemonset-example
spec:
  template:
    metadata:
      labels:
        app: daemonset-example
    spec:
      containers:
      - name: daemonset-example
        image: ubuntu:trusty
        command:
        - /bin/sh
        args:
        - -c
        - >-
          while [ true ]; do
          echo "DaemonSet running on $(hostname)" ;
          sleep 10 ;
          done
' | kubectl create -f -
$ kubectl delete daemonset daemonset-example

Monday, December 19, 2016

Cheatsheet for Google GCE use of gcloud tool

Cheatsheet for the google cloud management tool gcloud:
# See config
gcloud config list

# Change default zone
gcloud config set compute/zone us-central1-a

# Copy a file, default zone
gcloud compute copy-files some/file.txt cloud-machine-name:~/

# Copy a file, specifying zone for machine
gcloud compute copy-files some/file.txt cloud-machine-name:~/ --zone=us-west1-a

# Forward a port with ssh
gcloud compute ssh client-machine-name -- -L 8080:localhost:8080


GKE

Get installed and auth'd:
gcloud components install kubectl
gcloud auth application-default login
Creating a cluster with a specific version:
gcloud config set compute/zone us-west1-b
gcloud beta container clusters create permissions-test-cluster \
    --cluster-version=1.6.1 \
    --no-enable-legacy-authorization
Upgrading GKE:
# Get available versions
$ gcloud container get-server-config 
Fetching server config for us-west1-b
defaultClusterVersion: 1.5.7
defaultImageType: COS
validImageTypes:
- COS
- CONTAINER_VM
validMasterVersions:
- 1.6.4
- 1.5.7
validNodeVersions:
- 1.6.4
- 1.6.2
- 1.5.7
- 1.5.6
- 1.4.9

$ CLUSTER_NAME="testing"
$ CLUSTER_VERSION="1.6.4"

# Nodes
$ gcloud container clusters upgrade $CLUSTER_NAME --cluster-version=$CLUSTER_VERSION

# Master
$ gcloud container clusters upgrade $CLUSTER_NAME --master --cluster-version=$CLUSTER_VERSION

Thursday, December 15, 2016

Google gcloud tool cheatsheet

Cheatsheet for the google cloud management tool gcloud:
# See config
gcloud config list

# Change default zone
gcloud config set compute/zone us-central1-a

# Copy a file
gcloud compute copy-files some/file.txt cloud-machine-name:~/

# Forward a port with ssh
gcloud compute ssh client-machine-name -- -L 8080:localhost:8080

Wednesday, October 26, 2016

Mac OS X Sierra and SSH keys

With OS X Sierra Apple changed the ssh client key handling behavior. They aligned with OpenSSH behavior by not automatically loading passphrases from the keychain on login. More surprisingly, it now remembers your ssh key passphrase automatically by default. To disable this behavior you can add this to ~/.ssh/config:
Host *
    UseKeyChain no
As you can see in the radar report, deleting keys using "ssh-add -D" seems to be just as problematic and confusing as it is with gnome-keyring, i.e. "All identities removed" is a lie.

For deleting already saved passwords and re-instating the El-Cap ssh behavior see here.

Tuesday, October 4, 2016

Prevent system management from installing over a test package on Ubuntu

When you are testing a new package version it's annoying to have your system management come and install the old version over the top of your test one. There's a bunch of ways to stop this, the one I tend to use on Ubuntu is:
echo "package hold" | sudo dpkg --set-selections
To undo the hold and go back to normal:
echo "package install" | sudo dpkg --set-selections