Hashicorp Vault Systemd Startup Script

From Hashicorp Vault project documentation

Starting the Server

$ vault server -config=example.hcl

With the configuration in place, starting the server is simple, as shown below. Modify the -config flag to point to the proper path where you saved the configuration above. Vault outputs some information about its configuration, and then blocks. This process should be run using a resource manager such as systemd or upstart.

However what they have missed to document is the start up script for RHEL7/CentOS7 systemd. Here is the start up script that can start vault automatically.


[Unit]
Description=Vault service
After=network-online.target

[Service]
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=read-only
SecureBits=keep-caps
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/bin/vault server -config=/etc/vault.conf
KillSignal=SIGINT
TimeoutStopSec=30s
Restart=on-failure
StartLimitInterval=60s
StartLimitBurst=3

[Install]
WantedBy=multi-user.target

Place here

 /usr/lib/systemd/system/vault.service

then

systemctl daemon-reload

and

systemctl start vault

To add it to the system start up, use

systemctl enable vault

In addition to this, the following can be placed in

/etc/profile.d/vault.sh 

so that the vault address can be exported every time the user logs in


#!/bin/bash
export VAULT_ADDR='http://127.0.0.1:8200'

How to validate a public key?

So how do you validate a public key programmatically? I’ve had this question when I had to implement a feature in one of our application. It is possible using the ssh-keygen utility.


ssh-keygen -lf publickey.pub

Here,

-l Show fingerprint of key file.
-f filename Filename of the key file.

The hack is to check the fingerprint of the public key. If you get an error when trying get the fingerprint of the public key, that means the public key is invalid. If you get it, you have a valid public key!

Fix WordPress Files & Folders Permission Massively On cPanel Server


chdir("/var/cpanel/users");
$users = glob('*');
foreach($users as $user)
{
if(is_file("/home/$user/public_html/wp-config.php"))
{
echo "Performing on /home/$user/public_html\n";
system("find /home/$user/public_html/ -type d -exec chmod 755 {} \; ");
system("find /home/$user/public_html/ -type f -exec chmod 644 {} \; ");
}
}

Save the file as fix.php on /root
Then execute it

/usr/local/cpanel/3rdparty/bin/php /root/fix.php

PHP MySQLi Wrapper Class Complex WHERE

If you have ever had a chance to use a PHP active record class for MySQL, you would notice that most of them don’t support complex where statements. I’ve had a chance today to address this feature request that I was received from a user of my PHP MySQLi wrapper class.

Adding a complex WHERE clause is now simple.


$db->where('foo', 15);
$db->open_where();
$db->or_where('foo <', 15); $db->where('bar >=', 15);
$db->close_where();
// Produces SELECT `column` FROM `table` WHERE `foo` = 15 OR (`foo` < 15 AND `bar` >= 15)

For more information on this class and download it, visit the repository on Bitbucket.

Run JIRA on Budget – JIRA + Varnish + VPS = $7/mo

jira

One of the main reasons why I like JIRA is its integration with BitBucket, the free Git repository service. Both JIRA and BitBucket are from Atlassian, the company behind many other great products. Recently I started using JIRA for all my project works. It works very well. JIRA has hosted version available for $10/month ( $20/mo with Agile addon ). Two reasons why I don’t like the hosted edition are

1. No support for custom URL. We have to use their subdomain ( such as https://something.atlassian.net )
2. Monthly recurring payment of $20.

Paying $20 for a project management tool with a total user base of one or two users, is waste of money. So I’ve decided to buy JIRA and host it on my own server. Atlassian offers JIRA server edition for $10 one time and JIRA Agile addon for another $10 onetime. So I purchased JIRA + Agile for $20. There is no monthly payment if you host JIRA on your own server. The next task was to get a VPS to install JIRA. Continue reading “Run JIRA on Budget – JIRA + Varnish + VPS = $7/mo”