mbaitelman

Automated Terraform Deployments

Requirements

• AWS Account
• AWS API User API Key/Secret
• Bitbucket Account

Setup

1. Create or update an existing Bitbucket repo
2. Open https://bitbucket.org/USERNAME/REPO/addon/pipelines/deployments

pydevops

Reference

• https://www.linuxtrainingacademy.com/systemd-cheat-sheet/
• https://www.linux.com/training-tutorials/understanding-and-using-systemd/
• https://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units
• https://www.digitalocean.com/community/tutorials/systemd-essentials-working-with-services-units-and-the-journal
• https://www.youtube.com/watch?v=ZUX9Fx8Rwzg&index=9&list=PLCq0ZVVxGP0Y-xlum2pnhqwsrIf61J6Ka
• https://www.youtube.com/watch?v=AtEqbYTLHfs

show service unit file

maxschae4

from os import environ, path
from glob import glob
import certifi

# Even if we have trusted certs in our system ca certificates, requests uses it's own
# Mine happen to live in /usr/local/share/ca-certificates
# DON'T update the existing bundle becuase updating requests will overwrite it

cert_dir = "/usr/local/share/ca-certificates"
pwd = path.abspath(path.dirname(__file__))

mohanpedala

Table of Contents

• set -e, -u, -x, -o pipefail
• set -e
• set -x
• set -u
• set -o pipefail
• Setting IFS
• Original Reference

set -e, -u, -x, -o pipefail

soloradish

# Change the path below to your own audit log path.
/var/log/vault/audit.log {
  rotate 30
  daily
  # Do not execute rotate if the log file is empty.
  notifempty
  missingok
  compress
  # Set compress on next rotate cycl to prevent entry loss when performing compression.
  delaycompress

wyllie

#!/usr/bin/env bash

INI_FILE=~/.aws/credentials

while IFS=' = ' read key value
do
    if [[ $key == \[*] ]]; then
        section=$key
    elif [[ $value ]] && [[ $section == '[default]' ]]; then
        if [[ $key == 'aws_access_key_id' ]]; then

magnuswatn

def get_ca_bundle():
    """Tries to find the platform ca bundle for the system (on linux systems)"""
    ca_bundles = [
        # list taken from https://golang.org/src/crypto/x509/root_linux.go
        "/etc/ssl/certs/ca-certificates.crt",                # Debian/Ubuntu/Gentoo etc.
        "/etc/pki/tls/certs/ca-bundle.crt",                  # Fedora/RHEL 6
        "/etc/ssl/ca-bundle.pem",                            # OpenSUSE
        "/etc/pki/tls/cacert.pem",                           # OpenELEC
        "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
    ]

tkishel

#!/bin/bash

# The Puppet Enterprise High Availability documentation states:
#
#   Run the forget command whenever a replica node is destroyed, 
#   even if you plan to replace it with a replica with the same name.
#
# Some users prefer to forget and reuse (instead of destroy and replace) a replica.
# As an alternative, when `/opt/puppetlabs/bin/puppet-enterprise-uninstaller` isn't available,
# this script uninstalls Puppet Enterprise on the Replica.

mohanpedala

• Generate a private key and a CSR(Certificate Signing Request )
• Generate a CSR from an Existing Private Key
• Generate a CSR from an Existing Certificate and Private Key
• Generating SSL Certificates
  • Generate a Self-Signed Certificate
  • Generate a Self-Signed Certificate from an Existing Private Key
  • Generate a Self-Signed Certificate from an Existing Private Key and CSR
  • View Certificates
  • View CSR Entries

• View Certificate Entries

angelo-v

# will not work in all cases, see https://gist.github.com/angelo-v/e0208a18d455e2e6ea3c40ad637aac53#gistcomment-3439904

function jwt-decode() {
  sed 's/\./\n/g' <<< $(cut -d. -f1,2 <<< $1) | base64 --decode | jq
}

JWT=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ

jwt-decode $JWT