adam buxton abuxton

Awesome TFE resources

I like to keep crib sheets of useful things, normally a repo this time a Gist for others to use

Github repos

it's always worth runnning https://github.com/search?q=awesome-terraform

registry.terraform.io

manipulate variables helpers

if you've not already go get tfvars utility! https://github.com/shihanng/tfvar it will help a lot.

Lets grab all the variables in a module thats easy tfvar . but what do with them now? You can simply append them to a tfvar or auto.tfvars file tfvar . > example.auto.tfvars

But what if there are multiple modules you want to use and you want to collect all their variables?

A sensible approach is to redeclare them all as locals the helpers below create output that can be simple appened and then encapsulated ina. locals{ } block

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096

Scrape CA to Bundle

sript to scrape named url and ca_bundle files https://www.digicert.com/kb/ssl-support/pem-ssl-creation.htm

usage

> git clone https://gist.github.com/abuxton/e76dfcc3c60215a200336e4262cff42a scrape-ca_bundle && cd scrape-ca_bundle
bash ./scrape-ca_bundle.sh $URL

Scrape Globals from Install.sh

Helper for looking for none documented flags in Replicateds Install script https://help.replicated.com/docs/native/customer-installations/installing-via-script/

Requires, egrep and grep (for no other reason than it was quick and dirty)

Usage

git clone https://gist.github.com/abuxton/c072112152c54dfcd53833053f729580 scrape_installer &amp;&amp; cd scrape_installer

Generate a private key and a CSR(Certificate Signing Request )
Generate a CSR from an Existing Private Key
Generate a CSR from an Existing Certificate and Private Key
Generating SSL Certificates

View Certificate Entries

	#! /bin/bash +X

	# later we will disable selinux
	# sudo setenforce Permissive
	# getenforce # just incase youy want to check selinuxmode
	# lets make sure we are a clean install of docker
	sudo yum remove docker docker-common docker-selinux docker-engine-selinux docker-engine docker-ce
	# now install some tools dmpd(for short) ensures rhel 7 respects gpg settings in repos (issue is https://access.redhat.com/solutions/2850911) see https://access.redhat.com/discussions/5336741 for the fix
	sudo yum install -y yum-utils device-mapper-persistent-data lvm2
	sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

	def get_ca_bundle():
	"""Tries to find the platform ca bundle for the system (on linux systems)"""
	ca_bundles = [
	# list taken from https://golang.org/src/crypto/x509/root_linux.go
	"/etc/ssl/certs/ca-certificates.crt", # Debian/Ubuntu/Gentoo etc.
	"/etc/pki/tls/certs/ca-bundle.crt", # Fedora/RHEL 6
	"/etc/ssl/ca-bundle.pem", # OpenSUSE
	"/etc/pki/tls/cacert.pem", # OpenELEC
	"/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", # CentOS/RHEL 7
	]

	provider "aws" {
	region = "us-east-1"
	## uses default env_var from aws
	#AWS_ACCESS_KEY_ID="anaccesskey"
	#AWS_SECRET_ACCESS_KEY="asecretkey"
	#AWS_DEFAULT_REGION="us-west-2"
	}

	# Additional provider configuration for west coast region; resources can
	# reference this as `aws.alt`.

	https://kubernetes.io/docs/tasks/debug-application-cluster/debug-running-pod/
	https://kubernetes.io/docs/reference/kubectl/cheatsheet/

	# examples
	kubectl -n terraform-cloud-agent get all
	kubectl -n terraform-cloud-agent logs terraform-cloud-agent-84546788bc-jfmtt -f #-f for follow
	kubectl -n terraform-cloud-agent logs terraform-cloud-agent-84546788bc-jfmtt terraform-cloud-agent
	kubectl -n terraform-cloud-agent describe pod terraform-cloud-agent-84546788bc-jfmtt