From 9d3d076fa8e124a07348a3d724c7f20f8a381443 Mon Sep 17 00:00:00 2001 From: o0beaner Date: Mon, 12 Nov 2018 16:43:58 -0600 Subject: [PATCH] catching up --- amazon/emaillists | 64 +++ amazon/oncall.sh | 13 + amazon/stateman | 113 +++++ amazon/stateman_viv | 113 +++++ aws/datapipeline/datapipeline_role_checker.sh | 36 ++ aws/emr/cluster-info.py | 51 +++ aws/emr/cluster-timer.sh | 19 + .../emr}/custom_ami_test_launcher.sh | 0 aws/emr/replace-ic.sh | 9 + .../emr}/stuck_instance_elimintator.sh | 0 workstation/arch/larbs.sh | 77 ++++ {functions => workstation/functions}/lsapp.sh | 0 .../functions}/lscontainer.sh | 0 .../functions}/lshost.sh | 0 workstation/karabiner-elements/external.json | 63 +++ workstation/karabiner-elements/internal.json | 63 +++ workstation/karabiner-elements/kbmanager.sh | 22 + workstation/ssh/config | 410 ++++++++++++++++++ workstation/ssh/config_gen | 61 +++ workstation/ssh/hostlist | 45 ++ workstation/ssh/hostlisttmp | 18 + workstation/ssh/id_rsa | 27 ++ workstation/ssh/id_rsa-cert.pub | 1 + workstation/ssh/id_rsa.pub | 1 + workstation/ssh/known_hosts | 20 + workstation/ssh/resolv.conf | 5 + workstation/ssh/security-bastion | 57 +++ workstation/ssh/vpchostlist | 3 + workstation/ssh/werker | 27 ++ 29 files changed, 1318 insertions(+) create mode 100755 amazon/emaillists create mode 100755 amazon/oncall.sh create mode 100755 amazon/stateman create mode 100755 amazon/stateman_viv create mode 100755 aws/datapipeline/datapipeline_role_checker.sh create mode 100755 aws/emr/cluster-info.py create mode 100755 aws/emr/cluster-timer.sh rename {emrstuff => aws/emr}/custom_ami_test_launcher.sh (100%) create mode 100755 aws/emr/replace-ic.sh rename {emrstuff => aws/emr}/stuck_instance_elimintator.sh (100%) create mode 100755 workstation/arch/larbs.sh rename {functions => workstation/functions}/lsapp.sh (100%) rename {functions => workstation/functions}/lscontainer.sh (100%) rename {functions => workstation/functions}/lshost.sh (100%) create mode 100755 workstation/karabiner-elements/external.json create mode 100755 workstation/karabiner-elements/internal.json create mode 100755 workstation/karabiner-elements/kbmanager.sh create mode 100755 workstation/ssh/config create mode 100755 workstation/ssh/config_gen create mode 100755 workstation/ssh/hostlist create mode 100755 workstation/ssh/hostlisttmp create mode 100755 workstation/ssh/id_rsa create mode 100755 workstation/ssh/id_rsa-cert.pub create mode 100755 workstation/ssh/id_rsa.pub create mode 100755 workstation/ssh/known_hosts create mode 100755 workstation/ssh/resolv.conf create mode 100755 workstation/ssh/security-bastion create mode 100755 workstation/ssh/vpchostlist create mode 100755 workstation/ssh/werker diff --git a/amazon/emaillists b/amazon/emaillists new file mode 100755 index 0000000..28aa969 --- /dev/null +++ b/amazon/emaillists @@ -0,0 +1,64 @@ +#!/bin/sh + +# Usage: +# +# stateman <> +# +# States: +# +# Email +# Offline +# Role (Break3) +# Hiring (Break2) +# Lunch +# Meeting +# Project +# Personal +# System +# Training +# Available + +cleanup() { + rm -f $tmpfile +} + +trap cleanup \ + EXIT INT QUIT TERM + +input_var=$(echo $1 | tr '[:upper:]' '[:lower:]') + + + +cookie_filename=/tmp/stateman.cache +cookie_file=$(find $cookie_filename -mmin -720 2>/dev/null) + +if [ "$cookie_file" != "$cookie_filename" ] + then + echo "Baking some warm, fresh cookies..." + rm -f $cookie_filename + curl -s -c $cookie_filename --negotiate -u : --anyauth --location-trusted --max-redirs 10 'https://na.amzheimdall.com/sso/sentry?clientId=CSCentral-prod-na&redirect_uri=https://cscentral.amazon.com:443/gp/stores/www.amazon.com/gp/signin/gi-landat.html/146-6040352-1786033?landat=/gp/stores/www.amazon.com/gp/home/146-6040352-1786033' > /dev/null + tmpfile=$(mktemp /tmp/cookies.sqlite.XXXXXXXXXX) + ff_cookies="$(find $HOME/Library/Application\ Support/Firefox/Profiles -iname cookies.sqlite)" + cat "$ff_cookies" >> $tmpfile + sqlite3 -separator ' ' $tmpfile << EOF >> $cookie_filename +.mode tabs +.header off +select host, +case substr(host,1,1)='.' when 0 then 'FALSE' else 'TRUE' end, +path, +case isSecure when 0 then 'FALSE' else 'TRUE' end, +expiry, +name, +value +from moz_cookies; +EOF + cleanup +fi + +change=$(curl -s -L -w "%{http_code}\n" -u : \ + $1 \ + -b $cookie_filename \ + -H 'Content-Type: application/x-www-form-urlencoded' \ + -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0') + +echo "${change##*\}}" diff --git a/amazon/oncall.sh b/amazon/oncall.sh new file mode 100755 index 0000000..1248b09 --- /dev/null +++ b/amazon/oncall.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +svc=`curl -s -L --negotiate -u : 'https://oncall.amazon.com/mason-handler.fcgi/index.mhtml?name=emr-service-primary' \ +| grep -a2 Login | grep -e '"datetime"' | awk '{split($0,a,"<"); print a[4]}' | awk '{split($0,a,">"); print a[2]}'` + +svc_oc=`curl -s -L --negotiate -u : "https://oncall.amazon.com/mason-handler.fcgi/index.mhtml?name=$svc" \ + | grep -a2 Login | grep -e '"datetime"' | awk '{split($0,a,"<"); print a[4]}' | awk '{split($0,a,">"); print a[2]}'` + +dp_oc=`curl -s -L --negotiate -u : "https://oncall.amazon.com/mason-handler.fcgi/index.mhtml?name=emr-dataplane-primary" \ + | grep -a2 Login | grep -e '"datetime"' | awk '{split($0,a,"<"); print a[4]}' | awk '{split($0,a,">"); print a[2]}'` + +echo "Current service oncall : $svc_oc" +echo "Current dataplane oncall : $dp_oc" diff --git a/amazon/stateman b/amazon/stateman new file mode 100755 index 0000000..c1b13c6 --- /dev/null +++ b/amazon/stateman @@ -0,0 +1,113 @@ +#!/bin/sh + +# Usage: +# +# stateman <> +# +# States: +# +# Email +# Offline +# Role (Break3) +# Hiring (Break2) +# Lunch +# Meeting +# Project +# Personal +# System +# Training +# Available + +cleanup() { + rm -f $tmpfile +} + +trap cleanup \ + EXIT INT QUIT TERM + +input_var=$(echo $1 | tr '[:upper:]' '[:lower:]') + +case "$input_var" in + email) + var=Email + ;; + offline) + var=Offline + ;; + lunch) + var=Lunch + ;; + meeting) + var=Meeting + ;; + project) + var=Project + ;; + personal) + var=Personal + ;; + system) + var=System + ;; + training) + var=Training + ;; + available) + var=Available + ;; + role) + var=Break3 + ;; + hiring) + var=Break2 + ;; + *) + echo + echo " Use a valid state, dummy." + echo " Email | Offline | Lunch | Meeting | Project | Personal" + echo " System | Training | Available | Role | Hiring" + echo + exit 1 + ;; +esac + + +cookie_filename=/tmp/stateman.cache +cookie_file=$(find $cookie_filename -mmin -720 2>/dev/null) + +if [ "$cookie_file" != "$cookie_filename" ] + then + echo "Baking some warm, fresh cookies..." + rm -f $cookie_filename + curl -s -c $cookie_filename --negotiate -u : --anyauth --location-trusted --max-redirs 10 'https://na.amzheimdall.com/sso/sentry?clientId=CSCentral-prod-na&redirect_uri=https://cscentral.amazon.com:443/gp/stores/www.amazon.com/gp/signin/gi-landat.html/146-6040352-1786033?landat=/gp/stores/www.amazon.com/gp/home/146-6040352-1786033' > /dev/null + tmpfile=$(mktemp /tmp/cookies.sqlite.XXXXXXXXXX) + ff_cookies="$(find $HOME/Library/Application\ Support/Firefox/Profiles -iname cookies.sqlite)" + cat "$ff_cookies" >> $tmpfile + sqlite3 -separator ' ' $tmpfile << EOF >> $cookie_filename +.mode tabs +.header off +select host, +case substr(host,1,1)='.' when 0 then 'FALSE' else 'TRUE' end, +path, +case isSecure when 0 then 'FALSE' else 'TRUE' end, +expiry, +name, +value +from moz_cookies; +EOF + cleanup +fi + +change=$(curl -s -L -w "%{http_code}\n" -X POST -u : \ + https://paragon-na.amazon.com/taw/switch-state \ + -b $cookie_filename \ + -H 'Content-Type: application/x-www-form-urlencoded' \ + -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0' \ + -d availabilityState=$var) + +if [ "${change##*\}}" = 200 ] +then + echo "GACD state set to $1! Woohoo!" +else + echo "Something went wrong! It didn't work! :(" +fi diff --git a/amazon/stateman_viv b/amazon/stateman_viv new file mode 100755 index 0000000..266ac7c --- /dev/null +++ b/amazon/stateman_viv @@ -0,0 +1,113 @@ +#!/bin/sh + +# Usage: +# +# stateman <> +# +# States: +# +# Email +# Offline +# Role (Break3) +# Hiring (Break2) +# Lunch +# Meeting +# Project +# Personal +# System +# Training +# Available + +cleanup() { + rm -f $tmpfile +} + +trap cleanup \ + EXIT INT QUIT TERM + +input_var=$(echo $1 | tr '[:upper:]' '[:lower:]') + +case "$input_var" in + email) + var=Email + ;; + offline) + var=Offline + ;; + lunch) + var=Lunch + ;; + meeting) + var=Meeting + ;; + project) + var=Project + ;; + personal) + var=Personal + ;; + system) + var=System + ;; + training) + var=Training + ;; + available) + var=Available + ;; + role) + var=Break3 + ;; + hiring) + var=Break2 + ;; + *) + echo + echo " Use a valid state, dummy." + echo " Email | Offline | Lunch | Meeting | Project | Personal" + echo " System | Training | Available | Role | Hiring" + echo + exit 1 + ;; +esac + + +cookie_filename=/tmp/stateman.cache +cookie_file=$(find $cookie_filename -mmin -720 2>/dev/null) + +if [ "$cookie_file" != "$cookie_filename" ] + then + echo "Baking some warm, fresh cookies..." + rm -f $cookie_filename + curl -s -c $cookie_filename --negotiate -u : --anyauth --location-trusted --max-redirs 10 'https://na.amzheimdall.com/sso/sentry?clientId=CSCentral-prod-na&redirect_uri=https://cscentral.amazon.com:443/gp/stores/www.amazon.com/gp/signin/gi-landat.html/146-6040352-1786033?landat=/gp/stores/www.amazon.com/gp/home/146-6040352-1786033' > /dev/null + tmpfile=$(mktemp /tmp/cookies.sqlite.XXXXXXXXXX) + ff_cookies="$(find $HOME/Library/Application\ Support/Vivaldi/Default/Cookies)" + cat "$ff_cookies" >> $tmpfile + sqlite3 -separator ' ' $tmpfile << EOF >> $cookie_filename +.mode tabs +.header off +select host_key, +case substr(host_key,1,1)='.' when 0 then 'FALSE' else 'TRUE' end, +path, +case secure when 0 then 'FALSE' else 'TRUE' end, +expires_utc, +name, +value +from cookies; +EOF + # cleanup +fi + +change=$(curl -s -L -w "%{http_code}\n" -X POST -u : \ + https://paragon-na.amazon.com/taw/switch-state \ + -b $cookie_filename \ + -H 'Content-Type: application/x-www-form-urlencoded' \ + -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0' \ + -d availabilityState=$var) + +if [ "${change##*\}}" = 200 ] +then + echo "GACD state set to $1! Woohoo!" +else + echo "Something went wrong! It didn't work! :(" +fi diff --git a/aws/datapipeline/datapipeline_role_checker.sh b/aws/datapipeline/datapipeline_role_checker.sh new file mode 100755 index 0000000..7da9802 --- /dev/null +++ b/aws/datapipeline/datapipeline_role_checker.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +pipelines=$(aws datapipeline list-pipelines | jq -r '.pipelineIdList[].id') +count=$(echo "$pipelines" | wc -l) +resourceRoleArr=() +serviceRoleArr=() + +counter=0 +for i in $pipelines; do + echo "Checking pipeline $i" + pipeline_objects=$(aws datapipeline describe-objects --pipeline-id "$i" --object-id "Default" 2>/dev/null) + if [ $? == "0" ]; then + serviceRole=$(echo "$pipeline_objects" | jq -r '.pipelineObjects[0].fields[] | select(.key=="role").stringValue') + echo "adding $serviceRole to Service Roles array" + serviceRoleArr[$counter]=$serviceRole + resourceRole=$(echo "$pipeline_objects" | jq -r '.pipelineObjects[0].fields[] | select(.key=="resourceRole").stringValue') + echo "adding $resourceRole to Resource Roles array" + resourceRoleArr[$counter]=$resourceRole + let counter=counter+1 + else + echo "$i did not return objects; skipping" + fi +done + +echo Finding unique roles and sorting... + +uniqueServiceRoleArr=($(echo "${serviceRoleArr[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) +uniqueResourceRoleArr=($(echo "${resourceRoleArr[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) + +echo +echo +echo "Printing Service Roles:" +echo ${uniqueServiceRoleArr[*]} +echo +echo "Printing Resource Roles:" +echo ${uniqueResourceRoleArr[*]} diff --git a/aws/emr/cluster-info.py b/aws/emr/cluster-info.py new file mode 100755 index 0000000..72bec5d --- /dev/null +++ b/aws/emr/cluster-info.py @@ -0,0 +1,51 @@ +#!/usr/bin/python + +import boto3 + +client = boto3.client('emr') + +clusters = client.list_clusters( + ClusterStates=[ + 'STARTING','BOOTSTRAPPING','RUNNING','WAITING', + ], + )['Clusters'] + +results = [] + +for i in range(0,len(clusters)): + clusterId = clusters[i]['Id'].encode('utf-8') + clusterName = clusters[i]['Name'].encode('utf-8') + if len(clusterName) > 24: + clusterName = clusterName[:24][:-3]+"..." + clusterState = clusters[i]['Status']['State'].encode('utf-8') + instanceGroups = client.list_instance_groups(ClusterId=clusterId)['InstanceGroups'] + tRun = 0 + tReq = 0 + tId = "" + cRun = 0 + cReq = 0 + cId = "" + for j in instanceGroups: + if j['InstanceGroupType'] == "TASK": + tRun = j['RunningInstanceCount'] + tReq = j['RequestedInstanceCount'] + tId = j['Id'].encode('utf-8') + if j['InstanceGroupType'] == "CORE": + cRun = j['RunningInstanceCount'] + cReq = j['RequestedInstanceCount'] + cId = j['Id'].encode('utf-8') + if tReq == 0: + tId = "N/A" + if cReq ==0: + cId = "N/A" + data = dict([('ClusterId',clusterId),('Name',clusterName),('State',clusterState),('CoreGroup',cId),('CoreRequested',cReq),('CoreRunning',cRun),('TaskGroup',tId),('TaskRequested',tReq),('TaskRunning',tRun)]) + results.append(data) +print "" +print "" +print "{:<16} {:<24} {:<13} {:<16} {:<7} {:<7} {:<16} {:<7} {:<7}".format('Cluster','Name','State','Core','CoreReq','CoreRun','TaskGroup','TaskReq','TaskRun') +print '---------------- ------------------------ ------------- ---------------- ------- ------- ---------------- ------- -------' +for i in results: + print "{:<16} {:<24} {:<13} {:<16} {:<7} {:<7} {:<16} {:<7} {:<7}".format(i['ClusterId'], i['Name'], i['State'], i['CoreGroup'], i['CoreRequested'], i['CoreRunning'], i['TaskGroup'], i['TaskRequested'], i['TaskRunning']) + +print "" +print "" diff --git a/aws/emr/cluster-timer.sh b/aws/emr/cluster-timer.sh new file mode 100755 index 0000000..c46a43e --- /dev/null +++ b/aws/emr/cluster-timer.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# dependencies: awscli, bc, jq + +clusters=$(aws emr list-clusters --active) + +cluster_arr=$(echo $clusters | jq '[.Clusters[] | {id: .Id, timestamp: .Status.Timeline.CreationDateTime, status: .Status.State}]') + +current_time=$(date +%s) + +echo $cluster_arr | jq -r '.[]|[.id, .timestamp, .status] | @tsv' | +while IFS=$'\t' read -r id timestamp status; do + minutes_running=$(echo \($current_time-$timestamp\)/60 | bc) + if [ $minutes_running > 30 ] && [ $status == 'STARTING' ] + then + # insert desired contingency action here; example on following line + echo "Looks like cluster $id has been starting for $minutes_running minutes!" + fi +done diff --git a/emrstuff/custom_ami_test_launcher.sh b/aws/emr/custom_ami_test_launcher.sh similarity index 100% rename from emrstuff/custom_ami_test_launcher.sh rename to aws/emr/custom_ami_test_launcher.sh diff --git a/aws/emr/replace-ic.sh b/aws/emr/replace-ic.sh new file mode 100755 index 0000000..c410c57 --- /dev/null +++ b/aws/emr/replace-ic.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +[ -e /mnt/replaced-instance-controller ] && exit 0 +sudo find /usr/share/aws/emr/instance-controller/lib -name 'instance-controller*.jar' -and -not -name '*interface*' -exec rm {} \; +sudo aws s3 cp s3://ty-emr/XRR/bootstrap/instance-controller/instance-controller-1.26.0.jar /usr/share/aws/emr/instance-controller/lib/ +chmod +x /usr/share/aws/emr/instance-controller/lib/instance-* +touch /mnt/replaced-instance-controller +sudo service instance-controller stop +sudo service logpusher stop diff --git a/emrstuff/stuck_instance_elimintator.sh b/aws/emr/stuck_instance_elimintator.sh similarity index 100% rename from emrstuff/stuck_instance_elimintator.sh rename to aws/emr/stuck_instance_elimintator.sh diff --git a/workstation/arch/larbs.sh b/workstation/arch/larbs.sh new file mode 100755 index 0000000..6d30aa9 --- /dev/null +++ b/workstation/arch/larbs.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +pacman -S --noconfirm --needed dialog || (echo "Error at script start: Are you sure you're running this as the root user? Are you sure you're using an Arch-based distro? ;-) Are you sure you have an internet connection?" && exit) + + +cmd=(dialog --separate-output --nocancel --buildlist "Press to select the packages you want to install. LARBS will install all the packages you put in the right column. + +Use \"^\" and \"\$\" to move to the left and right columns respectively. Press when done." 22 76 16) +options=(X "LaTeX packages" off + L "Libreoffice" off + G "GIMP" off + B "Blender" off + E "Emacs" off + F "Fonts for unicode and other languages" off + T "Transmission torrent client" off + D "Music visualizers and decoration" off + P "Pandoc and R/Rmarkdown" off + ) +choices=$("${cmd[@]}" "${options[@]}" 2>&1 >/dev/tty) + +let="\(\|[a-z]\|$(echo $choices | sed -e "s/ /\\\|/g")\)" + +dialog --title "Let's get this party started!" --msgbox "The rest of the installation will now be totally automated, so you can sit back and relax.\n\nIt will take some time, but when done, you can relax even more with your complete system.\n\nNow just press and the system will begin installation!" 13 60 || (clear && exit) + +clear + +dialog --infobox "Refreshing Arch Keyring..." 4 40 +pacman --noconfirm -Sy archlinux-keyring >/dev/tty6 + +dialog --infobox "Getting program list..." 4 40 +curl https://raw.githubusercontent.com/LukeSmithxyz/larbs/master/src/progs.csv > /tmp/progs.csv +rm /tmp/aur_queue &>/dev/tty6 +count=$(cat /tmp/progs.csv | grep -G ",$let," | wc -l) +n=0 +installProgram() { ( (pacman --noconfirm --needed -S $1 &>/dev/tty6 && echo $1 installed.) || echo $1 >> /tmp/aur_queue) || echo $1 >> /tmp/larbs_failed ;} + +for x in $(cat /tmp/progs.csv | grep -G ",$let," | awk -F, {'print $1'}) +do + n=$((n+1)) + dialog --title "LARBS Installation" --infobox "Downloading and installing program $n out of $count: $x...\n\nThe first programs will take more time due to dependencies. You can watch the output on tty6." 8 70 + installProgram $x >/dev/tty6 +done + +dialog --infobox "Preparing the user script..." 4 40 +#curl https://raw.githubusercontent.com/LukeSmithxyz/larbs/master/src/sudoers_tmp > /etc/sudoers +cd /tmp +if [ $1 = "devel" ] +then curl https://raw.githubusercontent.com/LukeSmithxyz/larbs/devel/src/larbs_user.sh > /tmp/larbs_user.sh; +else curl https://raw.githubusercontent.com/LukeSmithxyz/larbs/master/src/larbs_user.sh > /tmp/larbs_user.sh; +fi +sudo -u $name bash /tmp/larbs_user.sh +rm -f /tmp/larbs_user.sh + +dialog --infobox "Installing \"st\" from source..." 4 40 +cd /tmp +rm -rf st +git clone https://github.com/lukesmithxyz/st.git +cd st +make +make install +cd /tmp + +# R markdown install. + +dialog --infobox "Enabling Network Manager..." 4 40 +systemctl enable NetworkManager +systemctl start NetworkManager + +dialog --infobox "Getting rid of that retarded error beep sound..." 10 50 +rmmod pcspkr +echo "blacklist pcspkr" > /etc/modprobe.d/nobeep.conf + +dialog --infobox "Updating sudoers file..." 4 40 +curl https://raw.githubusercontent.com/LukeSmithxyz/larbs/master/src/sudoers > /etc/sudoers + +dialog --title "All done!" --msgbox "Congrats! Provided there were no hidden errors, the script completed successfully and all the programs and configuration files should be in place.\n\nTo run the new graphical environment, log out and log back in as your new user, then run the command \"startx\" to start the graphical environment.\n\n-Luke" 12 80 +clear diff --git a/functions/lsapp.sh b/workstation/functions/lsapp.sh similarity index 100% rename from functions/lsapp.sh rename to workstation/functions/lsapp.sh diff --git a/functions/lscontainer.sh b/workstation/functions/lscontainer.sh similarity index 100% rename from functions/lscontainer.sh rename to workstation/functions/lscontainer.sh diff --git a/functions/lshost.sh b/workstation/functions/lshost.sh similarity index 100% rename from functions/lshost.sh rename to workstation/functions/lshost.sh diff --git a/workstation/karabiner-elements/external.json b/workstation/karabiner-elements/external.json new file mode 100755 index 0000000..e778896 --- /dev/null +++ b/workstation/karabiner-elements/external.json @@ -0,0 +1,63 @@ +{ + "global": { + "check_for_updates_on_startup": true, + "show_in_menu_bar": true, + "show_profile_name_in_menu_bar": false + }, + "profiles": [ + { + "devices": [], + "fn_function_keys": { + "f1": "display_brightness_decrement", + "f10": "mute", + "f11": "volume_decrement", + "f12": "volume_increment", + "f2": "display_brightness_increment", + "f3": "mission_control", + "f4": "launchpad", + "f5": "illumination_decrement", + "f6": "illumination_increment", + "f7": "rewind", + "f8": "play_or_pause", + "f9": "fastforward" + }, + "name": "Internal", + "selected": false, + "simple_modifications": { + "caps_lock": "f18" + }, + "virtual_hid_keyboard": { + "caps_lock_delay_milliseconds": 0, + "keyboard_type": "ansi" + } + }, + { + "devices": [], + "fn_function_keys": { + "f1": "display_brightness_decrement", + "f10": "mute", + "f11": "volume_decrement", + "f12": "volume_increment", + "f2": "display_brightness_increment", + "f3": "mission_control", + "f4": "launchpad", + "f5": "illumination_decrement", + "f6": "illumination_increment", + "f7": "rewind", + "f8": "play_or_pause", + "f9": "fastforward" + }, + "name": "External", + "selected": true, + "simple_modifications": { + "caps_lock": "f18", + "left_command": "left_option", + "left_option": "left_command" + }, + "virtual_hid_keyboard": { + "caps_lock_delay_milliseconds": 0, + "keyboard_type": "ansi" + } + } + ] +} diff --git a/workstation/karabiner-elements/internal.json b/workstation/karabiner-elements/internal.json new file mode 100755 index 0000000..029bf7d --- /dev/null +++ b/workstation/karabiner-elements/internal.json @@ -0,0 +1,63 @@ +{ + "global": { + "check_for_updates_on_startup": true, + "show_in_menu_bar": true, + "show_profile_name_in_menu_bar": false + }, + "profiles": [ + { + "devices": [], + "fn_function_keys": { + "f1": "display_brightness_decrement", + "f10": "mute", + "f11": "volume_decrement", + "f12": "volume_increment", + "f2": "display_brightness_increment", + "f3": "mission_control", + "f4": "launchpad", + "f5": "illumination_decrement", + "f6": "illumination_increment", + "f7": "rewind", + "f8": "play_or_pause", + "f9": "fastforward" + }, + "name": "Internal", + "selected": true, + "simple_modifications": { + "caps_lock": "f18" + }, + "virtual_hid_keyboard": { + "caps_lock_delay_milliseconds": 0, + "keyboard_type": "ansi" + } + }, + { + "devices": [], + "fn_function_keys": { + "f1": "display_brightness_decrement", + "f10": "mute", + "f11": "volume_decrement", + "f12": "volume_increment", + "f2": "display_brightness_increment", + "f3": "mission_control", + "f4": "launchpad", + "f5": "illumination_decrement", + "f6": "illumination_increment", + "f7": "rewind", + "f8": "play_or_pause", + "f9": "fastforward" + }, + "name": "External", + "selected": false, + "simple_modifications": { + "caps_lock": "f18", + "left_command": "left_option", + "left_option": "left_command" + }, + "virtual_hid_keyboard": { + "caps_lock_delay_milliseconds": 0, + "keyboard_type": "ansi" + } + } + ] +} diff --git a/workstation/karabiner-elements/kbmanager.sh b/workstation/karabiner-elements/kbmanager.sh new file mode 100755 index 0000000..fa0824d --- /dev/null +++ b/workstation/karabiner-elements/kbmanager.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# get input parameters +while [ $# -gt 0 ]; do + case "$1" in + --internal) + kb=internal + ;; + --external) + kb=external + ;; + -*) + error_msg "unrecognized option: $1" + ;; + *) + break; + ;; + esac + shift +done + +cd ~/.config/karabiner +yes | cp .$kb.json karabiner.json diff --git a/workstation/ssh/config b/workstation/ssh/config new file mode 100755 index 0000000..480108a --- /dev/null +++ b/workstation/ssh/config @@ -0,0 +1,410 @@ + +# +# Prod Bastion SSH Config additions. See https://w.amazon.com/index.php/Infosec/Infrastructure_Services/Radium/PROD_Bastions +# for details and contact information. + +# Do not try to proxy when going straight to a bastion host +host security-bastions-prod* + ProxyCommand none + +host *.corp.amazon.com *.corp.amazon.com. *corp*.amazon.com *corp*.amazon.com. *.desktop.amazon.com *.desktop.amazon.com. dev-dsk-*.amazon.com dev-dsk-*.amazon.com. *integ*.amazon.com *integ*.amazon.com. *sealab*.amazon.com *sealab*.amazon.com. + ProxyCommand none + +host bbiad + hostname aws-dev-support-25002.iad12.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-iad.amazon.com + +host bbpdx + hostname aws-dev-support-64001.pdx4.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-pdx.amazon.com + +host bbdub + hostname aws-dev-support-14001.dub4.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-dub.amazon.com + +host bbsfo + hostname aws-dev-support-58001.sfo9.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-sfo.amazon.com + +host bbgru + hostname aws-dev-support-gru-82001.gru2.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-gru.amazon.com + +host bbsin + hostname aws-dev-support-sin-51001.sin4.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-sin.amazon.com + +host bbsyd + hostname aws-dev-support-98001.syd7.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-syd.amazon.com + +host bbfra + hostname aws-dev-support-2001.fra53.amazon.com + ProxyCommand ssh -W %h:%p bastion-fra.amazon.com + +host bbnrt + hostname aws-dev-support-59001.nrt12.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-nrt.amazon.com + +host bbbom + hostname aws-dev-support-bom-52001.bom52.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-bom.amazon.com +host devd + hostname tylebean.desktop.amazon.com + RemoteForward 52698 localhost:52698 + +host devh + hostname tylebean-dev.aka.amazon.com + + +# Personal Hosts Configuration + +host jump + HostName jump.shortchangehero.com + User root + +host vpc + HostName vpn.shortchangehero.com + User ec2-user +host taskrunner + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName 10.0.9.192 + User ec2-user + ProxyCommand ssh -q jump nc %h %p + +host bt + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName btmusic.com + User ec2-user + ProxyCommand ssh -q jump nc %h %p + +host router + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName router.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host ds + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-ds.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host smart01 + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName smart01.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host plex + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-plex.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host nzb + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-nzb.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host deluge + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-deluge.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host sonarr + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-sonarr.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host hp + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-hp.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host cp + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-cp.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host ms + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-ms.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host bind + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-bind.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host dhcp + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-dhcp.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host nagios + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-nagios.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host smtp + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-smtp.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host mylar + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-mylar.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host booq + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-booq.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host plexreq + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-plexreq.blipsandchitz.local + User ubuntu + ProxyCommand ssh -q jump nc %h %p + +host mtn + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-mtn.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host git + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-git.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host hpw + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-hpw.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host jkt + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-jkt.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host unbound + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-unbound.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host nginx + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-nginx.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host vpn + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-vpn.blipsandchitz.local + User ec2-user + ProxyCommand ssh -q jump nc %h %p + +host sensu + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-sensu.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host chef + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-chef.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host sabayon + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-sabayon.blipsandchitz.local + User tbean + ProxyCommand ssh -q jump nc %h %p + +host pihole + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-pihole.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host x + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-cent.blipsandchitz.local + User tbean + ProxyCommand ssh -q jump nc %h %p + +host unifi + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-unifi.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host ddns + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-ddns.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host ss + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-ss.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host cloud + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-cloud.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host guac + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-guac.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host bitlbee + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-bitlbee.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host zen + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-zenp.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host fifo + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-fifo.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host bt + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName btmusic.com + User ec2-user + ProxyCommand ssh -q jump nc %h %p + +host jupyter + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-jupyter.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host mysql + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-mysql.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host realms + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-realms.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host radarr + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName fj-radarr.blipsandchitz.local + User root + ProxyCommand ssh -q jump nc %h %p + +host a + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName archibald.blipsandchitz.local + User tbean + ProxyCommand ssh -q jump nc %h %p + + +host git-push + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName frijole-git.blipsandchitz.local + IdentityFile /Users/tylebean/CloudStation/work/keys/tylebean.pem + User git + ProxyCommand ssh -q jump nc %h %p + +host grace + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName ip-10-0-11-128.ec2.internal + User ubuntu + ProxyCommand ssh -q vpc nc %h %p +host master + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName ip-10-0-10-102.ec2.internal + User hadoop + ProxyCommand ssh -q vpc nc %h %p +host slave + StrictHostKeyChecking no + ServerAliveInterval 60 + HostName ip-10-0-10-234.ec2.internal + User hadoop + ProxyCommand ssh -q vpc nc %h %p diff --git a/workstation/ssh/config_gen b/workstation/ssh/config_gen new file mode 100755 index 0000000..2519d23 --- /dev/null +++ b/workstation/ssh/config_gen @@ -0,0 +1,61 @@ +#!/bin/bash + +loc_check=$(dig smart01.blipsandchitz.local +short) +filename=/Users/tylebean/.ssh/config +hostlist=/Users/tylebean/.ssh/hostlist +vpchostlist=/Users/tylebean/.ssh/vpchostlist + +cat /dev/null > $filename +cat /Users/tylebean/.ssh/security-bastion >> $filename +printf "\n\n# Personal Hosts Configuration\n\n" >> $filename +echo "host jump" >> $filename +echo " HostName jump.shortchangehero.com" >> $filename +echo " User root" >> $filename +echo "" >> $filename +echo "host vpc" >> $filename +echo " HostName vpn.shortchangehero.com" >> $filename +echo " User ec2-user" >> $filename +echo "" + +while read i; +do + hostname=$(echo $i | awk '{print $1}') + ip=$(echo $i | awk '{print $2}') + user=$(echo $i | awk '{print $3}') + echo "host $hostname" >> $filename + echo " StrictHostKeyChecking no" >> $filename + echo " ServerAliveInterval 60" >> $filename + echo " HostName $ip" >> $filename + echo " User $user" >> $filename + if [ "$loc_check" != 1 ] + then + echo " ProxyCommand ssh -q jump nc %h %p" >> $filename + fi + echo "" >> $filename +done <$hostlist + +echo "" >> $filename +echo "host git-push" >> $filename +echo " StrictHostKeyChecking no" >> $filename +echo " ServerAliveInterval 60" >> $filename +echo " HostName frijole-git.blipsandchitz.local" >> $filename +echo " IdentityFile /Users/tylebean/CloudStation/work/keys/tylebean.pem" >> $filename +echo " User git" >> $filename +if [ "$loc_check" != 1 ] +then + echo " ProxyCommand ssh -q jump nc %h %p" >> $filename +fi + +echo "" >> $filename +while read i; +do + hostname=$(echo $i | awk '{print $1}') + ip=$(echo $i | awk '{print $2}') + user=$(echo $i | awk '{print $3}') + echo "host $hostname" >> $filename + echo " StrictHostKeyChecking no" >> $filename + echo " ServerAliveInterval 60" >> $filename + echo " HostName $ip" >> $filename + echo " User $user" >> $filename + echo " ProxyCommand ssh -q vpc nc %h %p" >> $filename +done <$vpchostlist diff --git a/workstation/ssh/hostlist b/workstation/ssh/hostlist new file mode 100755 index 0000000..586b301 --- /dev/null +++ b/workstation/ssh/hostlist @@ -0,0 +1,45 @@ +taskrunner 10.0.9.192 ec2-user +bt btmusic.com ec2-user +router router.blipsandchitz.local root +ds fj-ds.blipsandchitz.local root +smart01 smart01.blipsandchitz.local root +plex fj-plex.blipsandchitz.local root +nzb fj-nzb.blipsandchitz.local root +deluge fj-deluge.blipsandchitz.local root +sonarr fj-sonarr.blipsandchitz.local root +hp fj-hp.blipsandchitz.local root +cp fj-cp.blipsandchitz.local root +ms fj-ms.blipsandchitz.local root +bind fj-bind.blipsandchitz.local root +dhcp fj-dhcp.blipsandchitz.local root +nagios fj-nagios.blipsandchitz.local root +smtp fj-smtp.blipsandchitz.local root +mylar fj-mylar.blipsandchitz.local root +booq fj-booq.blipsandchitz.local root +plexreq fj-plexreq.blipsandchitz.local ubuntu +mtn fj-mtn.blipsandchitz.local root +git fj-git.blipsandchitz.local root +hpw fj-hpw.blipsandchitz.local root +jkt fj-jkt.blipsandchitz.local root +unbound fj-unbound.blipsandchitz.local root +nginx fj-nginx.blipsandchitz.local root +vpn fj-vpn.blipsandchitz.local ec2-user +sensu fj-sensu.blipsandchitz.local root +chef fj-chef.blipsandchitz.local root +sabayon fj-sabayon.blipsandchitz.local tbean +pihole fj-pihole.blipsandchitz.local root +x fj-cent.blipsandchitz.local tbean +unifi fj-unifi.blipsandchitz.local root +ddns fj-ddns.blipsandchitz.local root +ss fj-ss.blipsandchitz.local root +cloud fj-cloud.blipsandchitz.local root +guac fj-guac.blipsandchitz.local root +bitlbee fj-bitlbee.blipsandchitz.local root +zen fj-zenp.blipsandchitz.local root +fifo fj-fifo.blipsandchitz.local root +bt btmusic.com ec2-user +jupyter fj-jupyter.blipsandchitz.local root +mysql fj-mysql.blipsandchitz.local root +realms fj-realms.blipsandchitz.local root +radarr fj-radarr.blipsandchitz.local root +a archibald.blipsandchitz.local tbean diff --git a/workstation/ssh/hostlisttmp b/workstation/ssh/hostlisttmp new file mode 100755 index 0000000..65fc50c --- /dev/null +++ b/workstation/ssh/hostlisttmp @@ -0,0 +1,18 @@ +plex frijole-plex.blipsandchitz.local root +nzb frijole-nzb.blipsandchitz.local root +deluge frijole-deluge.blipsandchitz.local root +sonarr frijole-sonarr.blipsandchitz.local root +hp frijole-hp.blipsandchitz.local root +cp frijole-cp.blipsandchitz.local root +bind frijole-bind.blipsandchitz.local root +dhcp frijole-dhcp.blipsandchitz.local root +smtp frijole-smtp.blipsandchitz.local root +mylar frijole-mylar.blipsandchitz.local root +booq frijole-booq.blipsandchitz.local root +mtn frijole-mtn.blipsandchitz.local root +hpw frijole-hpw.blipsandchitz.local root +jkt frijole-jkt.blipsandchitz.local root +nginx frijole-nginx.blipsandchitz.local root +sensu frijole-sensu.blipsandchitz.local root +chef frijole-chef.blipsandchitz.local root +sabayon frijole-sabayon.blipsandchitz.local tbean diff --git a/workstation/ssh/id_rsa b/workstation/ssh/id_rsa new file mode 100755 index 0000000..915b66c --- /dev/null +++ b/workstation/ssh/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsmrkyhf66ucIQ6FSqc8j10HtZAo9MSSwjyQwncmAjgJi0KAd +8KjFkCd5jdL/LLhV2JUUfJyCK9C/fZSxaxwxT+fs9M+VoD5Cc4D/vcZLmxq/wKfw +FPN8TFtrQtf3C7VCwwF74Xft+aC195fGtZj7K0xBKraBS+o7RWkPRdaA5eZBEj5N +/SgJXmwO4dEpUh1h0Ptasj1unZ+I2t5u/T4evClzGczXFdeiyrGt3TNSVt9V+PD2 +oJ6ynTzF0nLReWY+uicKliSeOXXJTkq2A3tf1FitOpyL++O1L7eWYmbPfDosynKA +563cs0PHUiHVCGao9tgS0ZGLiQbmuRzX3m0Z4QIDAQABAoIBABDe5LVrYRGXOQPU +HFHsQVJYbI8aHMEp2/wdCu/QnvROq3NYwJwCCXRhFzBe9DwRTiTFrANAdVqZSZIh +XklniA4rOw/HFTnqyTPMzeHu/zUyaVFZT+1bPLSnrFPMwhJ8WEzCNimSwpDpLmu0 +EVkYlx93/W2BhmZcRrCAh64t41BZtWzxQ1f3AySotAaMnEfV6CFK16KvpxEj03dX +Qr8yss6wvFv2eXrFc+S9i8Z566XGfwicYOCq+dAx40fpy/vmQghgJZMZ2hztPQRJ ++lp9o3WMmNHjJuhMznHo1RUBKwNqyE9HTO8YONzAaZ2x5nnT2IOhVw5hGx+mL1Ar +ZnmnViUCgYEA/P9BO1jokdlhOvGNnEukkPvC1X789hpNP+TByjr0uUaW47eFEGYf +dyKXrVroYYu1cB+k6umBLq/F4zXIrz4NA2D57UcenAfZODrAFXhuUiT+4mTmUxZl +gKjxKWHwSjJs0IT+4DToKcdpYXQ9Sr9077C+KUFDDmR8frdmBVq65PMCgYEAtIkG +Zap4mDWxCEStBewRINe96g7jCXq7uaYlevmqWfV88+eDU8rSYAe3fzTuW+x+wdJh +lu3bhdy0avxLdGkcQrd68fbEW46gvcsqg0auyQ+PZdo3PipefUkg7+EuRKegV+5i +uRitqHiLcFBXn6dTM7KrtZte/f/tTgID4XdvStsCgYEAsc0KIRVIzUeCZ5RfO1qF +20a0FKrcSHEPnTm9X8yzNIqBfKP7Jh0/O9DZ3AEpk3RGHPiARH+6Q/9QCXBBC7eG +GbvLqY/z2SBC7puLZwtuLNjHMIBMxlPVHeidI8Iqx1pM0vbE0PkduE7mppC0ipWn +LtR9sCynXbQNMljdoCG1ezUCgYB7I18+pvjccPrQNe+CM5M3QJAj/oVzKMi0hxPX +fkVoWJ4iys1zsMqvf3P0iwjtoDCRSUsRJCnwcyqIMo/Q1gTVqMpuEa+691zCN7pG +kkaTk05u3VmCyGlssR2LIJ9rap5ee5XQxHlmiNorAFHT7tA8Weju1QwE2bRl2dAF +0G4TswKBgEUzB86s9IhG3BUDCrrEiIyBRZpwUxsGdlXxGybB0gLcF2UJro/16YFH +B9uL4BYxBzUFNReM3Boab+AVM1zfio+z/rbInT6uYyPjqg5BqT2C/5ghO0dL1wxh +ii4wf2wUF10ctXsI3xW1KonBGTgP5jHQmD94IvMtF1GPsWmy+mmq +-----END RSA PRIVATE KEY----- diff --git a/workstation/ssh/id_rsa-cert.pub b/workstation/ssh/id_rsa-cert.pub new file mode 100755 index 0000000..a14f98f --- /dev/null +++ b/workstation/ssh/id_rsa-cert.pub @@ -0,0 +1 @@ +ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgmWJ07gki4otNq61W/GY6Yr3XOepJSeJzSStbLHSkBBUAAAADAQABAAABAQCyauTKF/rq5whDoVKpzyPXQe1kCj0xJLCPJDCdyYCOAmLQoB3wqMWQJ3mN0v8suFXYlRR8nIIr0L99lLFrHDFP5+z0z5WgPkJzgP+9xkubGr/Ap/AU83xMW2tC1/cLtULDAXvhd+35oLX3l8a1mPsrTEEqtoFL6jtFaQ9F1oDl5kESPk39KAlebA7h0SlSHWHQ+1qyPW6dn4ja3m79Ph68KXMZzNcV16LKsa3dM1JW31X48PagnrKdPMXSctF5Zj66JwqWJJ45dclOSrYDe1/UWK06nIv747Uvt5ZiZs98OizKcoDnrdyzQ8dSIdUIZqj22BLRkYuJBua5HNfebRnhfyWhNOjJm3oAAAABAAAABm1pZHdheQAAAAwAAAAIdHlsZWJlYW4AAAAAWSsgTwAAAABZLDmLAAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBAMzj/Jvdz2myZ8uchNWuMSjTVe12XglOZdiJmUiJDOw5WmeaECA1NU+eYIQgJB3ZdI9bp7LfR32iAU8VXBTrJHENhUcNvAwQboG4jl25j8QcgEzitTTAF6QfJlpzJscbFUgNWtaS1pwCG0IvV26Q/EZThX5IxXM8gT9Mkd0P3hZnfwvoaqL/RqtIRLStJqdcRWxpgGH1OLrIbrYc/TgNZCj5ToaaCKuYQfvh+FVsn0dwXxjce/adLGDvlQMxgy4v+UhfR0BVEtmwtlZ5mlOhAfF0RiSb1oVenE3Y4OWYln0VqaPacwWxWFE2nNNNiX4biFqeljhU7SXQneao9G7UaIsAAAEPAAAAB3NzaC1yc2EAAAEAM71ZM/QAQQgU+vPi/61B13CYIabZaQhMTivX2Knba0FHEw3c6YgBKl2a8aEpSoAFn3xPkjRYMHdBGQkTzFUqPbsBMlgRGVmDm1yHdBpEBWzRKI6G68qJf4mSjAlmZvro+8f26f8qZTS5curCNLS90b6BmFKCwNEvPrCShaiUhuxtYISuJ/4WHZS5agJRAczV9icF5PGITVXwJ5Jd17Zxbxnufu97+GnJWLI1i1sKtIoWjGjqiVppl1pXyU5s8bknZX5E9sJU7BVJEiOxHkdIsxH5OWYfSHuvyQCmEE78ej+3lyWFn5h87ycKoC4A0FU7+XyeWEZFG6S0Xus4LPf2Mw== tylebean diff --git a/workstation/ssh/id_rsa.pub b/workstation/ssh/id_rsa.pub new file mode 100755 index 0000000..bb76af4 --- /dev/null +++ b/workstation/ssh/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyauTKF/rq5whDoVKpzyPXQe1kCj0xJLCPJDCdyYCOAmLQoB3wqMWQJ3mN0v8suFXYlRR8nIIr0L99lLFrHDFP5+z0z5WgPkJzgP+9xkubGr/Ap/AU83xMW2tC1/cLtULDAXvhd+35oLX3l8a1mPsrTEEqtoFL6jtFaQ9F1oDl5kESPk39KAlebA7h0SlSHWHQ+1qyPW6dn4ja3m79Ph68KXMZzNcV16LKsa3dM1JW31X48PagnrKdPMXSctF5Zj66JwqWJJ45dclOSrYDe1/UWK06nIv747Uvt5ZiZs98OizKcoDnrdyzQ8dSIdUIZqj22BLRkYuJBua5HNfebRnh tylebean diff --git a/workstation/ssh/known_hosts b/workstation/ssh/known_hosts new file mode 100755 index 0000000..55f8411 --- /dev/null +++ b/workstation/ssh/known_hosts @@ -0,0 +1,20 @@ +jump.shortchangehero.com,47.222.40.143 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGQIuYsVfYLUqWSt9oJxsEUj/hnfrMn4HNpg324uwm1SZZbKzGrXMm2auHKwOQMFmM+uNDDYBIgXEQpb+COaNt4= +archibald.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKNGd7w72MTFeZjc0BUyFXqvGQfkHJsqK/TqPKv7Nj0Y6jj9tpZIZPsHrTRAnoBdkWgIWMHzDwCImDfuuxyFhiU= +fj-bind.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGl/Nb57kN44xwVu9dqaMsR1UrlcT1wQtnJZRDSV5KnjwKrK77pRpucuINpbS6DitBppFlY7Z8z66aA0PoAyyfM= +smart01.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCed+nLU9hMvd7KxLfLNLKaQF98ZEI91Bj5+0rjijdsyGCPcxtDg8wcVlxUCyYx/vQ32V3nsa+oevwO1zftJeF4= +fj-cent.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN9w2J0QhulBdmyUvJh7gw6tYpKCl/Ev4KUJx2TPlhyWoixeCY14BiAKiPoNb2maO57HpigOPC+rE09V7SIiuuo= +tylebean.desktop.amazon.com,10.99.7.50 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD2nZBGaZq9vJqLyMLg0h0jsB+roQZohi5Yfwsv3GU6iw1b4rTiCboZOmbu/pnVwEV299FBLY/h8i9hJzrYx5pJTsXOpHaMoHOGd/aqbcDbGgfj6Wl8LzD0HulWrDKHes3+27R3pPapsWzWmUU017GPNS4WI9SZgmHh39eIyphPkMP/4XabGMDa/xVhMmNr8YesPdzxviCWkfWF7D+7AF7PHfo+4rK6qzdcIwp0/9IUZZJX9f3HcITqzPdX67Y8KAlfPNDZqHbNxzQkZLNsNZ1soIOWdLeESno85Z2rqvx34BISKJ9xRfyPCFPoi4CsuEtdlCEgTymzWe3VeOKoRKj5 +ec2-54-209-249-59.compute-1.amazonaws.com,54.209.249.59 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEgMaIPHZpCyYPL56cWAQ10Go5fuXmQeQEF8ExCpjkZyDbO0YTKm9wh8PSPL4wRAq234jaY/vB7QMuPBpIR/pr0= +ec2-54-224-255-9.compute-1.amazonaws.com,54.224.255.9 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBI7uJqGIyCSxTW+JhRnUZPJLRZYlnYZZzGTFIh2AxJFX+90ghzjiQqY1haJzB1HPVC9yRlOa8hcfCY3ZG33xE5g= +ec2-54-89-229-194.compute-1.amazonaws.com,54.89.229.194 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHBr/GNMosvY2sZtDMkxWgEO43vWW4axWgUD7nZ1GXwxuQ45bu8Af+wMHUOPsYbNzJThG4NPT2QMmb/riHck0x8= +ec2-52-87-173-187.compute-1.amazonaws.com,52.87.173.187 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEZKsAYJ61Kki53WTAMR4aobPog2pp9ajF27ukW/rmyt5y4l1lzs4SDWAHX0kBorSbWh9ElCvAKt7MX/UjesMog= +fj-ds.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEHw5oK424/ut60eQAS4BvIskU3NIwS0Nkzqh1FnMRPx3hixOUkXQfO/yrO2AMC2G5uRPwdQlesPzCB4z3RvFrg= +fj-booq.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL+MkI2PjnhEDBZ9MC5knjuia14bdYcasaPT1as4ul1mZTZgxVccxtpTYFsm2t2Sd2W+Ho4rLFyRMoqUetgm9qU= +fj-nginx.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDuIuzdBF8bE8AKY6RjWPM/bBXHsrLmnMOV9xzxxBjdqzcAaD+IZAx+NzZwmITxGnl04sp88E2vQOibxcxHz0P4= +fj-sonarr.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJA8dGRC04vlxTgcv3RmgCq8m9uXgBQ70g9a9bzyTXTmfqCBWZ1NpEAdsBHZttuVvM1TQ7bhnehbIsR99AH5+ho= +fj-radarr.blipsandchitz.local ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF3Z5chN8TbsixMYKOyUFgj11xbtmSRUiSO+otr5MpMLAsRg0ayJvzjyW6WPglBjOT/t5UIBuPyHOUy66O5T0mU= +security-bastions-prod-iad.amazon.com,100.112.125.239 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAv6J9qrO9XGCTzxhkjPmSNgr8VR4fwzso7ToddGzd0oMGAEvUlBUXel7ScxZnnx4I0WRhYVnw+rBhT3KH+OLQmZEnHX2JxeYmirniQp030zLp/zmmtfqaL508QOdQgYaXo+LWTpdfrQO9Bl2MWx+19w/HVXQbHxxL5px9jVdGfRgY4xGe1lsPBJSE2+vZsn76Q8TQMJ34blWckWgX+coiPRs5WMeRRnZFcZiD//aev/O0Tn9hA0nwV42srYwKC5ugITt3PTstZiAQ3STive7mdGIg90bhPUNEoO8kqedOnlWQv4MUKc1SJN39yAjF7n4LgPIJNTgMP+Ao+wx8QMbCCQ== +aws-dev-support-25002.iad12.amazon.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCehDRJZVzHk6+ygd6T2zh+S8w37djFhkDdQH6cmnZWNV0t6xTAcfWIrxL8+oTBL/0e1fIQrUiDRYimVXymmXZAfKRQMTAdvxqgZRXr7qBCeaLr/kab6ZEz07Nq+IoI/a/+2ajdl6xYlOjLSfBywMQjcu4lcpIg7fctXmPh6BsKL99818zFvLjdQWPIfxgzOPynQ0uu5T7wXHFbhCbCGGF0R516zxP17mt7YWjQ+UooyyIRp9g0oFPWso6cQS3f3c9/KawTGKerrLkhJ8FhZP7Zf4gwrKFwN0xRpB0voVyCacKD2LFJ3ZEC+YSJCKtPverQsPGjY6fIVJIlMyNUt3z7 +security-bastions-prod-bom.amazon.com,52.95.72.233 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDxTxQeE9s/O4V+LRDB4FSscEqvvoYEAt2IxcPns/fLFu9PXLZMYdakU7SI6sB8XXCL7GWDQ+cm8NmlcOhQP0p3b+RhrqzQd6x+xmF0GZdj9e/lPA05ipSMs7e3OFjsJrGsMeO6/9s8NT+a3Me29ax/7EjU92IzRNbYPlreetHzLX6kSrCOgwRZCYqRL/GkdQR/85b6Eu0U0IYGjOEcspQ9cYm0PJL3u8Oygnp8bv2jfmarHTqQfvfQn52MRMEZc9a4WVtweP8Nfw/OttAE0c1D5JuShIe80tfOKq08hfdIvyFn2y/rfUVm7wGPeUXUuzOOzq99f3m1DPg/U5/TjJv +aws-dev-support-bom-52001.bom52.amazon.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDt2Tegoy/9PQgFS8KBU4cG/sS7GcOdEkdxHDx64rzL31Ntm0zlvzx3BHDW6E9Z1avxlNA4TlkAxrBfMSUNu1c7qZsjmKfjtgE5toiaBs/I+F17kinfX+6hnpugUA0stt447rPGp01ukqcilYGPFNB3CNrnTlmmSZUMTPukl2BvTs8MnjzB9RvCn8HXOtANWYap4tj6sPDlWhSNkNXTF5xslN0bpRHlKHG5IpDP0PiT1BUcEqIbxH6JZGN2PhZWX341tfNvoOCv5JogBEMvyiQ969XrAwOs3EWaCB2WWlNGlrsQa3Zk4XGrdtGXMUWu+joog9t8Zq7V6RR0hds33x2H +10.250.0.56 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGQIuYsVfYLUqWSt9oJxsEUj/hnfrMn4HNpg324uwm1SZZbKzGrXMm2auHKwOQMFmM+uNDDYBIgXEQpb+COaNt4= diff --git a/workstation/ssh/resolv.conf b/workstation/ssh/resolv.conf new file mode 100755 index 0000000..f8a1948 --- /dev/null +++ b/workstation/ssh/resolv.conf @@ -0,0 +1,5 @@ +nameserver 10.250.0.40 +nameserver 10.250.0.1 +nameserver 8.8.8.8 +nameserver 8.8.4.4 +search local blipsandchitz.local dhcp.blipsandchitz.local diff --git a/workstation/ssh/security-bastion b/workstation/ssh/security-bastion new file mode 100755 index 0000000..bdf8e53 --- /dev/null +++ b/workstation/ssh/security-bastion @@ -0,0 +1,57 @@ + +# +# Prod Bastion SSH Config additions. See https://w.amazon.com/index.php/Infosec/Infrastructure_Services/Radium/PROD_Bastions +# for details and contact information. + +# Do not try to proxy when going straight to a bastion host +host security-bastions-prod* + ProxyCommand none + +host *.corp.amazon.com *.corp.amazon.com. *corp*.amazon.com *corp*.amazon.com. *.desktop.amazon.com *.desktop.amazon.com. dev-dsk-*.amazon.com dev-dsk-*.amazon.com. *integ*.amazon.com *integ*.amazon.com. *sealab*.amazon.com *sealab*.amazon.com. + ProxyCommand none + +host bbiad + hostname aws-dev-support-25002.iad12.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-iad.amazon.com + +host bbpdx + hostname aws-dev-support-64001.pdx4.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-pdx.amazon.com + +host bbdub + hostname aws-dev-support-14001.dub4.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-dub.amazon.com + +host bbsfo + hostname aws-dev-support-58001.sfo9.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-sfo.amazon.com + +host bbgru + hostname aws-dev-support-gru-82001.gru2.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-gru.amazon.com + +host bbsin + hostname aws-dev-support-sin-51001.sin4.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-sin.amazon.com + +host bbsyd + hostname aws-dev-support-98001.syd7.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-syd.amazon.com + +host bbfra + hostname aws-dev-support-2001.fra53.amazon.com + ProxyCommand ssh -W %h:%p bastion-fra.amazon.com + +host bbnrt + hostname aws-dev-support-59001.nrt12.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-nrt.amazon.com + +host bbbom + hostname aws-dev-support-bom-52001.bom52.amazon.com + ProxyCommand ssh -W %h:%p security-bastions-prod-bom.amazon.com +host devd + hostname tylebean.desktop.amazon.com + RemoteForward 52698 localhost:52698 + +host devh + hostname tylebean-dev.aka.amazon.com diff --git a/workstation/ssh/vpchostlist b/workstation/ssh/vpchostlist new file mode 100755 index 0000000..9dfa83e --- /dev/null +++ b/workstation/ssh/vpchostlist @@ -0,0 +1,3 @@ +grace ip-10-0-11-128.ec2.internal ubuntu +master ip-10-0-10-102.ec2.internal hadoop +slave ip-10-0-10-234.ec2.internal hadoop diff --git a/workstation/ssh/werker b/workstation/ssh/werker new file mode 100755 index 0000000..915b66c --- /dev/null +++ b/workstation/ssh/werker @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAsmrkyhf66ucIQ6FSqc8j10HtZAo9MSSwjyQwncmAjgJi0KAd +8KjFkCd5jdL/LLhV2JUUfJyCK9C/fZSxaxwxT+fs9M+VoD5Cc4D/vcZLmxq/wKfw +FPN8TFtrQtf3C7VCwwF74Xft+aC195fGtZj7K0xBKraBS+o7RWkPRdaA5eZBEj5N +/SgJXmwO4dEpUh1h0Ptasj1unZ+I2t5u/T4evClzGczXFdeiyrGt3TNSVt9V+PD2 +oJ6ynTzF0nLReWY+uicKliSeOXXJTkq2A3tf1FitOpyL++O1L7eWYmbPfDosynKA +563cs0PHUiHVCGao9tgS0ZGLiQbmuRzX3m0Z4QIDAQABAoIBABDe5LVrYRGXOQPU +HFHsQVJYbI8aHMEp2/wdCu/QnvROq3NYwJwCCXRhFzBe9DwRTiTFrANAdVqZSZIh +XklniA4rOw/HFTnqyTPMzeHu/zUyaVFZT+1bPLSnrFPMwhJ8WEzCNimSwpDpLmu0 +EVkYlx93/W2BhmZcRrCAh64t41BZtWzxQ1f3AySotAaMnEfV6CFK16KvpxEj03dX +Qr8yss6wvFv2eXrFc+S9i8Z566XGfwicYOCq+dAx40fpy/vmQghgJZMZ2hztPQRJ ++lp9o3WMmNHjJuhMznHo1RUBKwNqyE9HTO8YONzAaZ2x5nnT2IOhVw5hGx+mL1Ar +ZnmnViUCgYEA/P9BO1jokdlhOvGNnEukkPvC1X789hpNP+TByjr0uUaW47eFEGYf +dyKXrVroYYu1cB+k6umBLq/F4zXIrz4NA2D57UcenAfZODrAFXhuUiT+4mTmUxZl +gKjxKWHwSjJs0IT+4DToKcdpYXQ9Sr9077C+KUFDDmR8frdmBVq65PMCgYEAtIkG +Zap4mDWxCEStBewRINe96g7jCXq7uaYlevmqWfV88+eDU8rSYAe3fzTuW+x+wdJh +lu3bhdy0avxLdGkcQrd68fbEW46gvcsqg0auyQ+PZdo3PipefUkg7+EuRKegV+5i +uRitqHiLcFBXn6dTM7KrtZte/f/tTgID4XdvStsCgYEAsc0KIRVIzUeCZ5RfO1qF +20a0FKrcSHEPnTm9X8yzNIqBfKP7Jh0/O9DZ3AEpk3RGHPiARH+6Q/9QCXBBC7eG +GbvLqY/z2SBC7puLZwtuLNjHMIBMxlPVHeidI8Iqx1pM0vbE0PkduE7mppC0ipWn +LtR9sCynXbQNMljdoCG1ezUCgYB7I18+pvjccPrQNe+CM5M3QJAj/oVzKMi0hxPX +fkVoWJ4iys1zsMqvf3P0iwjtoDCRSUsRJCnwcyqIMo/Q1gTVqMpuEa+691zCN7pG +kkaTk05u3VmCyGlssR2LIJ9rap5ee5XQxHlmiNorAFHT7tA8Weju1QwE2bRl2dAF +0G4TswKBgEUzB86s9IhG3BUDCrrEiIyBRZpwUxsGdlXxGybB0gLcF2UJro/16YFH +B9uL4BYxBzUFNReM3Boab+AVM1zfio+z/rbInT6uYyPjqg5BqT2C/5ghO0dL1wxh +ii4wf2wUF10ctXsI3xW1KonBGTgP5jHQmD94IvMtF1GPsWmy+mmq +-----END RSA PRIVATE KEY-----