Late Night Thinking

07 2018

Wed, 25 Jul 2018

Using gopass with mutt

I've been using gopass for a long time as my password manager — with my GnuPG and Yubikey setup accessing my passwords on both my laptop and my colocated box is pretty transparently the same.

I randomly came across the fact that mutt will do backtick expansion in its configuration file. With that, I can keep my Mutt imap password in gopass and have mutt fetch it with set imap_pass=`pass mutt_imap_pass`

Posted at: 08:34 | category: /computers/nifty | Link

Sat, 14 Jul 2018

Wrapping Consul Lock

I've recently installed a Consul cluster at home, mostly to act as an HA backing store for Vault. If you've been following along, I've also been moving to Restic for my system backups so, of course, I want snapshots of Consul to end up there.

But this isn't a post about that — when I've got it running well and cleaned up, I'll post it and talk about it. What I want to talk about is the way that I'm wrapping the consul lock command.

The gist of the script is:

1. Run consul snapshot save... and save the output to a local file
2. Archive that file away

I want that running on all three Consul servers, but I only ever want the snapshot to happen on a single server at a time. That way, if I ever have to take a Consul server down for maintenance, snapshots will still happen within the cluster. This is a common practice, and it's really easy with consul lock. This is also useful where you want a cronjob or task to run, and it can run on more than one server but you only want it to run on a single server at any time. Rather than only running it on a single server, and having to remember to switch it elsewhere in the event that server goes down, or having to install some sort of distributed queueing system, you can use this.

If you do consul lock only one instance of will run at a time, which is the basis of the technique I'm using. But I don't want to put the consul lock logic in my crontab, I want it embedded in the script. Here's a simple way of doing that:

#!/bin/bash

[...]

function inner {
    #do stuff inside the lock
}

#parse arguments here, getopt, etc

if [ "$1" == "inner" ]; then
    shift
    inner $@
elif [ "$1" == ... ]; then
    #other subcommands
else
    consul lock $KVPREFIX $0 $ARGUMENTS $GO $HERE inner
fi

If you call your script normally, it will use consul lock to call itself with the argument inner, which does the stuff which should only be done on a single host at a time.

Posted at: 23:03 | category: /computers/consul | Link

Links

• My main site
• The print zine Late Night Thinking

Archives

2020-Mar
2019-Nov
2019-Apr
2019-Feb
2018-Dec
2018-Jul
2018-Feb
2018-Jan
2017-Nov
2017-Sep
2017-Aug
2017-Jul
2017-May
2016-Nov
2016-Sep
2016-Apr
2016-Mar
2016-Jan
2015-Dec
2015-Nov
2015-Oct
2015-Sep
2015-Aug
2015-Jun
2015-May
2015-Mar
2015-Feb
2015-Jan
2014-Jun
2014-Mar
2014-Jan
2013-Oct
2013-Aug
2013-Jul
2013-Jan
2012-Nov
2012-Oct
2012-Sep
2012-Aug
2012-Jun
2012-May
2012-Apr
2012-Mar
2012-Feb
2011-Nov
2011-Sep
2011-Aug
2011-Jun
2011-May
2011-Apr
2011-Mar
2011-Feb
2010-Oct
2010-Sep
2010-Aug
2010-May
2010-Feb
2010-Jan
2009-Dec
2009-Oct
2009-Sep
2009-Aug
2009-Jun
2009-Apr
2009-Mar
2009-Feb
2009-Jan
2008-Dec
2008-Nov
2008-Oct
2008-Sep
2008-Aug
2008-Jul
2008-May
2008-Apr
2008-Mar
2008-Feb
2008-Jan
2007-Dec
2007-Nov
2007-May
2006-Aug
2006-Jul
2006-Jun
2006-Apr
2006-Jan
2005-Dec
2005-Aug
2005-Jul