Skip to content

Instantly share code, notes, and snippets.

View dlbewley's full-sized avatar
📺

Dale Bewley dlbewley

📺
44 followers · 35 following
View GitHub Profile
@dlbewley
dlbewley / list ovs switch ports for a openshift kubevirt vm on a vlan.md
Last active June 19, 2025 05:06
  • I have a network and I want to list the ports on the ovs switch
[root@worker-4 ~]# ovs-vsctl find interface  --columns=name,mac_in_use,mtu external_ids:"k8s.ovn.org/network"="vlan-1924"
ovs-vsctl: Interface does not contain a column whose name matches "--columns"
[root@worker-4 ~]# ovs-vsctl  --columns=name,mac_in_use,mtu find interface external_ids:"k8s.ovn.org/network"="vlan-1924"
name                : "81a5ebcb6fa45_3"
mac_in_use          : "be:a0:20:9b:b1:de"
mtu                 : 1400
@dlbewley
dlbewley / read-pull-secret-from-agent-iso.sh
Last active February 4, 2025 04:30
read pull secret from openshift agent based installer ISO
coreos-installer iso ignition show agent.x86_64.iso | jq -s > /tmp/agent.json
# you can read any file of course, but i wanted to verify the pull secret in this case
cat /tmp/agent.json | jq -r '.[].storage.files[] | select(.path | contains("pull-secret.yaml")) | .contents.source' | awk -F, '{print $2}' | base64 -d
@dlbewley
dlbewley / .govc.env
Last active December 6, 2024 17:13
Script to recycle drives in VMware guests for OpenShift provisioning testing
# used to lookup vcenter connection details from 1Password
VAULT=development
CLUSTER=vcenter
export GOVC_USERNAME="$(op read op://${VAULT}/${CLUSTER}/username)"
export GOVC_PASSWORD="$(op read op://${VAULT}/${CLUSTER}/password)"
export GOVC_URL="$(op read op://${VAULT}/${CLUSTER}/website)"
@dlbewley
dlbewley / View OVS Bridge Mappings
Last active January 21, 2025 07:37
List the OVS bridge mappings associating 'localnet' networks to bridges on OpenShift Virtualization
# connect to OVN Northbound DB https://gist.github.com/dlbewley/b4d4c85931e7a9c03caf56db1a1a0d2e
$ ovncli.sh
# find local chassis id
sh-5.1# ovn-sbctl find chassis other_config:is-remote="false"
_uuid : a0aad588-f850-4601-b4dc-63199440ab58
encaps : [fcbeb3fc-d810-49db-ae6c-f043e3441d25]
external_ids : {}
hostname : hub-tq2sk-cnv-xcxw2
name : "f57f0c4e-5d93-4639-a016-7cea61281c04"
@dlbewley
dlbewley / ovncli.sh
Last active November 20, 2024 16:31
OpenShift OVN Northbound DB CLI Access
#!/bin/bash
# Connect to the OVN northbound database pod.
# Optionally specify the node and or command
# https://guifreelife.com/blog/2024/11/19/Open-Virtual-Network-Inspection-on-OpenShift/
node=$1; shift; cmd=$*
if [[ -n "$node" ]]; then
nbdbpod=$(oc get pod \
-l app=ovnkube-node \
@dlbewley
dlbewley / ext-kubeconfig-cacerts.sh
Last active September 29, 2023 23:17
Extract OpenShift CA Certificates from Install Generated Kubeconfig
#!/bin/sh
cat $KUBECONFIG \
| yq e '.clusters[0].cluster."certificate-authority-data"' \
| base64 -d > kubeconfig-ca-data.pem
split -p "-----BEGIN CERTIFICATE-----" kubeconfig-ca-data.pem cert-
for c in cert-??; do
subject=`openssl x509 -in $c -noout -subject | sed 's/^.*CN[[:space:]]*=[[:space:]]*\(.*\)/\1/'`
echo $subject
@dlbewley
dlbewley / split-policies.sh
Created November 12, 2022 00:05
decompose policy.open-cluster-management.io/v1 policies into manifests for use with PolicyGenerator Kustomize plugin
# split a file having multiple policies into multiple files
# each file is named policy-<policy_name> and contains 1 policy
yq e '.|split_doc' -s '.kind + "-" + .metadata.name | downcase' multi-policy.yaml
# create manifests dir for each policy
# place object definitions from each policy into corresponding manifest dir
for p in policy-*; do
policy_name=$(yq '.metadata.name' $p);
mkdir -p "manifests-$policy_name"
yq '.spec.policy-templates[].objectDefinition[].object-templates[].objectDefinition | split_doc' \
@dlbewley
dlbewley / login-pull-secrets.sh
Created November 2, 2022 22:34
Podman login to all registries in pull secret
# if you don't want to just use --authfile or set REGISTRY_AUTH_FILE for whatever reason
# you may login to each registry in your pull secret thusly
# spoiler alert, here's how to extract usernames and passwords from your pull secret
PULL_SECRET_PATH=pull-secret.json
for R in $(jq -r '.auths|keys[]' $PULL_SECRET_PATH ); do
echo "Logging into $R"
U=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $1}')
P=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $2}')
@dlbewley
dlbewley / ocroxctl
Last active September 21, 2022 01:26
example "one liner" to run roxctl in openshift
#!/bin/bash
ROXCTL_IMAGE="registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8:3.71"
# Central CA cert:
# oc extract secrets/service-ca -n stackrox --keys=ca.pem --to=-
# read values from 1Password YMMV
CLUSTER="hub-lab-bewley-net"
VAULT="development"
@dlbewley
dlbewley / oc-curl
Created September 21, 2022 01:20
experimental "one liner" to export stackrox alerts (violations)
#!/bin/bash
# read values from 1Password, YMMV
CLUSTER="hub-lab-bewley-net"
VAULT="development"
ROX_CENTRAL_ENDPOINT="$(op read op://$VAULT/$CLUSTER/acs/endpoint)" # cluster
ROX_CENTRAL_ENDPOINT_PUB="$(op read op://$VAULT/$CLUSTER/acs/endpoint-pub)" # public
ROX_CA_CERT="$(op read op://$VAULT/$CLUSTER/acs/ca)"
ROX_API_TOKEN="$(op read op://$VAULT/$CLUSTER/acs/admin-token)"