summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--DEVNOTES185
1 files changed, 0 insertions, 185 deletions
diff --git a/DEVNOTES b/DEVNOTES
deleted file mode 100644
index 2a6e4b9..0000000
--- a/DEVNOTES
+++ /dev/null
@@ -1,185 +0,0 @@
-Schema
-======================
-
-service:
- service_type: [user_service | public_service | internal_service]
-
-
-Features to add
-==========================
-
-templates
---------------------
-
-templates for nodes and services stored in leap_platform
-
-commands:
-
- leap add-service # menu of services, copies from the template
- leap add-node # you pick a service among those enabled, then it copies template
-
-deploy
----------------------
-
- leap bootstrap
- leap dryrun
- leap deploy
-
-key management
--------------------------
-
- leap add-ssh-keypair
- leap add-x509-keypair
-
-json validation
-------------------------
-
-json validation
-http://www.kuwata-lab.com/kwalify/ruby/users-guide.html
-
-
-useful liberaries
-================================
-
-notes to myself
-
-user interaction
- gli -- http://davetron5000.github.com/gli/rdoc/classes/GLI/DSL.html
- sub -- https://github.com/37signals/sub
- readline
- highline https://github.com/JEG2/highline/tree/master/examples
- terminal-tables
- rainbow
- http://stackoverflow.com/questions/9577718/what-ruby-libraries-should-i-use-for-building-a-console-based-application
-
-testing
- aruba -- test for cli
-
-help
- gem-man -- install man pages with gems
- ronn -- write man pages in markdown
-
-push examples
-
- https://github.com/net-ssh/net-ssh
- https://github.com/seattlerb/rake-remote_task
- http://docs.seattlerb.org/rake-remote_task/
- https://github.com/seattlerb/rake-remote_task/blob/master/lib/rake/remote_task.rb
- calling rsync from ruby
- https://github.com/RichGuk/rrsync/blob/master/rrsync.rb
- http://rubyforge.org/projects/six-rsync/
- https://github.com/automateit/automateit
- http://www.jedi.be/blog/2009/11/17/shell-scripting-dsl-in-ruby/
- parallel shell
- https://github.com/delano/rye
- https://github.com/adamwiggins/rush
-
-ssh keygen
- https://github.com/duritong/puppet-sshd/blob/master/lib/puppet/parser/functions/ssh_keygen.rb
-
-invoke puppet
- https://github.com/davidwinter/sooty/blob/master/lib/sooty.rb
-
-shell
-================================
-
-http://devver.wordpress.com/2009/10/12/ruby-subprocesses-part_3/
-http://stackoverflow.com/questions/1154846/continuously-read-from-stdout-of-external-process-in-ruby
-http://stackoverflow.com/questions/3874604/how-do-i-get-the-pty-spawn-child-exit-code
-https://gist.github.com/148765
-
-ssh
-================================
-
-http://mostlyobvio.us/2012/06/optimize-your-ssh-experience/
-
-ssh certificate authority
-----------------------------------
-
-maybe wait off on this: "The certificate cert format seems to have changed between 5.5 and 6.0"
-
-search for "ssh-keygen -s"
-
-http://blog.habets.pp.se/2011/07/OpenSSH-certificates
-http://en.community.dell.com/techcenter/b/techcenter/archive/2011/09/08/setting-up-certificate-authority-keys-with-openssh-version-5-4.aspx
-http://serverfault.com/questions/264515/how-to-revoke-an-ssh-certificate-not-ssh-identity-file
-
-agent forwarding
----------------------------------
-
-http://lyte.id.au/2012/03/19/ssh-agent-forwarding-is-a-bug/
-
-instead:
-
- home$ ssh -o 'ProxyCommand ssh you@hop1 nc %h %p' ssh you@hop2
- hop2$
-
-known_hosts
-----------------
-
-man sshd, search for known_hosts
-@revoked -- should we put revoked keys in known_hosts, and when/how...
-@cert-authority -- should we use it?
-
-ruby
----------------
-
-ruby net::ssh
-
- def generate_key_fingerprint(key)
- blob = Net::SSH::Buffer.from(:key, key).to_s
- fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
-
- [blob, fingerprint]
- rescue ::Exception => e
- [nil, "(could not generate fingerprint: #{e.message})"]
- end
-
- def exchange_keys
- result = send_kexinit
- verify_server_key(result[:server_key])
- session_id = verify_signature(result)
- confirm_newkeys
-
- return { :session_id => session_id,
- :server_key => result[:server_key],
- :shared_secret => result[:shared_secret],
- :hashing_algorithm => digester }
- end
-
-DNS
-======================================
-
-problem: we want to be able to refer to the nodes by hostname (in a variety of programs) without requiring an external dns server.
-
-idea:
-
- simple lightweight ruby dns server -- https://github.com/ioquatix/rubydns
- another ruby dns server (eventmachine) -- https://github.com/nricciar/em-dns-server
-
- modify /etc/resolveconf/resolve.conf.d/tail with
- nameserver locahost
- maybe like this:
- resolveconf -a eth0.leap 'nameserver localhost'
-
- the problem is that there is probably already a resolving nameserver living at localhost.
- linux doesn't appear to have a way to let you specify the port number for dns lookups (unlike bsd). boo
-
- a few other possibilies:
- * alter /etc/hosts
- * alter dnsmasq to use additional /etc/hosts files (simple switch for this). dnsmasq is running on my desktop, although there is no /etc/dnsmasq.
- * write a libnss_ruby or something that would let you use a custom db for /etc/nsswitch.conf
- see http://uw714doc.sco.com/en/SEC_admin/nssover.html
-
-ssh solution:
-
- ssh -l root -o "HostName=10.9.8.7" -o "HostKeyAlias=server_a" server_a
-..
-
-
-MISC
-====================
-
-http://skim.la/2012/01/16/rsa-public-key-interoperability-between-ruby-and-android/
-
-