Sunday, November 19, 2017

Adding a yubikey GPG key onto a new machine

If you are using a Yubikey encryption scheme and want to add the key onto a new system there's a few hoops to jump through. These instructions are for Ubuntu trusty.

First, get set up for using the yubikey:
sudo apt-get install gnupg-agent scdaemon pcscd pcsc-tools
you probably need to logout and back in. This post has extra setup, but I didn't have to do any of that, perhaps the gnome keyring badness has been fixed now.

Now check your yubikey is recognized:
pcsc_scan
gpg --card-status
Import the public key into the keyring and trust it:
gpg --import mykey_public_only.asc
gpg --expert --edit-key 123456
trust (set to ultimate)
save
You should now be good to go!


Monday, October 23, 2017

Upgrading dd-wrt to protect against CVE-2017-14493

Google found, and worked with the dnsmasq author to fix, a bunch of vulnerabilities in dnsmasq. Now everyone needs to update tons of devices, including your router.

It's been a while since I updated this firmware so I had to figure it out from scratch again. AFAICT the procedure is to go find your router in the dd-wrt database. Hopefully it's supported. If it is you can go download the latest firmware from the ftp server and upload via the web interface. Anything later than 33430 should contain the fix.

Friday, May 26, 2017

Switching yubikeys

In this post I described how I set up gpg keys on a yubikey. Since I have multiple yubikeys for some redundancy I occasionally have to use a different one. This basically involves deleting the secret key and re-importing it from the yubikey.

On OSX


Open up GPG keychain and click through the scary warning to delete the secret keys. If you set it up right these are only stubs, the actual key is on the yubikey. Once you've done that, insert the key you want to use and get the stubs recreated with:
$ gpg --card-status

Tuesday, March 28, 2017

Managing go versions with gvm

gvm is a way to manage multiple go versions. It has some strange behaviour with go paths that I don't really understand. It essentially sets your GOPATH to a different directory for every version. You could just append your real go path, but it seems like there might be tooling that doesn't expect gopath to be a list. My solution was to:
gvm install go1.8
gvm use go1.8
gvm pkgenv
This pops $EDITOR which you can use to set your go path to $HOME/go. Check it with:
go env

Tuesday, January 10, 2017

kubectl Kubernetes Cheat Sheet

A complement to the official kubectl cheat sheet.

Nodes
$ kubectl get nodes
$ kubectl get nodes/gke-hello-world-default-pool-9dbb0d2c-5qkl --show-labels
$ kubectl label nodes --all mylabel=myvalue
$ kubectl label nodes --all mylabel-
DaemonSet

Creating a daemonset:
$ echo 'apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
  name: daemonset-example
spec:
  template:
    metadata:
      labels:
        app: daemonset-example
    spec:
      containers:
      - name: daemonset-example
        image: ubuntu:trusty
        command:
        - /bin/sh
        args:
        - -c
        - >-
          while [ true ]; do
          echo "DaemonSet running on $(hostname)" ;
          sleep 10 ;
          done
' | kubectl create -f -
$ kubectl delete daemonset daemonset-example

Monday, December 19, 2016

Cheatsheet for Google GCE use of gcloud tool

Cheatsheet for the google cloud management tool gcloud:
# See config
gcloud config list

# Change default zone
gcloud config set compute/zone us-central1-a

# Copy a file, default zone
gcloud compute copy-files some/file.txt cloud-machine-name:~/

# Copy a file, specifying zone for machine
gcloud compute copy-files some/file.txt cloud-machine-name:~/ --zone=us-west1-a

# Forward a port with ssh
gcloud compute ssh client-machine-name -- -L 8080:localhost:8080


GKE

Get installed and auth'd:
gcloud components install kubectl
gcloud auth application-default login
Creating a cluster with a specific version:
gcloud config set compute/zone us-west1-b
gcloud beta container clusters create permissions-test-cluster \
    --cluster-version=1.6.1 \
    --no-enable-legacy-authorization
Upgrading GKE:
# Get available versions
$ gcloud container get-server-config 
Fetching server config for us-west1-b
defaultClusterVersion: 1.5.7
defaultImageType: COS
validImageTypes:
- COS
- CONTAINER_VM
validMasterVersions:
- 1.6.4
- 1.5.7
validNodeVersions:
- 1.6.4
- 1.6.2
- 1.5.7
- 1.5.6
- 1.4.9

$ CLUSTER_NAME="testing"
$ CLUSTER_VERSION="1.6.4"

# Nodes
$ gcloud container clusters upgrade $CLUSTER_NAME --cluster-version=$CLUSTER_VERSION

# Master
$ gcloud container clusters upgrade $CLUSTER_NAME --master --cluster-version=$CLUSTER_VERSION

Thursday, December 15, 2016

Google gcloud tool cheatsheet

Cheatsheet for the google cloud management tool gcloud:
# See config
gcloud config list

# Change default zone
gcloud config set compute/zone us-central1-a

# Copy a file
gcloud compute copy-files some/file.txt cloud-machine-name:~/

# Forward a port with ssh
gcloud compute ssh client-machine-name -- -L 8080:localhost:8080