Assigning the Etherium enode url

Disclaimer: I’ve tested this implementation on Parity v1.10.4. I’m not sure if it works on older Parity versions or with geth. Eherium nodes are identified by the enode url. The enode url is composed of a seeminly random hash and the ip and port of the machine it’s deployed on. The enode is shown when starting a node. Loading config file from /opt/parity/config.toml 2018-06-25 02:29:18 UTC Starting Parity/v1.10.4-stable-39b9f1e-20180514/x86_64-linux-gnu/rustc1.26.0 2018-06-25 02:29:18 UTC Keys path /opt/parity/keys/mynetwork 2018-06-25 02:29:18 UTC DB path /opt/parity/chains/mynetwork/db/a5065b7968d24ce1 2018-06-25 02:29:18 UTC Path to dapps /opt/parity/dapps 2018-06-25 02:29:18 UTC State DB configuration: fast 2018-06-25 02:29:18 UTC Operating mode: active 2018-06-25 02:29:18 UTC Configured for mynetwork using AuthorityRound engine 2018-06-25 02:29:19 UTC Public node URL: enode://661c467b4b643d332e9e12c76aab15f40790c14b12fae8f42e63fbd4fc667ecd7897aca2b6a88e47a038017cb2e67737141d7537b06562e7837d37880f1b3a2da7@173.
Read more

Re-using existing ssh keys on Google Cloud

I like to re-use existing ssh keys on AWS and Google Cloud. However the Google Cloud cli tool generates a new ssh keypair when attempting to ssh into an instance for the first time using gcloud compute ssh. You can force gcloud to re-use an existing key pair in two different ways. Configuring gcloud to add your own keys and using vanilla ssh If you prefer to use vanilla ssh over the gloud ssh wrapper you can configure gcloud to add your public key to the instances.
Read more

Securing a site with Letsencrypt, AWS and Terraform

Introduction Google Chrome will start marking HTTP sites as ‘not secure’ by July 2018. This is as good time as ever to secure our sites. If you happen to be deploying your site on AWS and provision your infrastructure using Terraform there is a simple way to generate certificates using Terraform and LetsEncrypt. LetsEncrypt is an open and free Certificate Authority (CA) provided by the Internet Security Research Group (ISRG).
Read more

Extending Ansible with callback plugins

Introduction Ansible allows you to extend the system by using plugins. Plugins are are executed at various stages of a run and allow you to hook into the system and add your own logic. Plugins are written in Python. Callback plugins respond to events Ansible sends and can be used to notify external systems. The use case I used it for was to notify Slack whenever an Ansible run failed.
Read more

Encrypting secrets with AWS KMS

$ aws kms encrypt \ --key-id $KMS_KEY --plaintext 'my-secret' --output text --query CiphertextBlob > ./secret Encrypting a secret gives us a binary string that’s base64 encoded. That’s right, two levels of encoding. $ aws kms decrypt --query Plaintext --output text --ciphertext-blob fileb://<(cat secret | base64 --decode) | base64 --decode my-secret% Decrypting a secret takes a binary string as input (not a base64 encoded one!) and returns a base64 encoded string.
Read more