dlbewley
/ View OVS Bridge Mappings
Last active
May 20, 2024 18:15
List the OVS bridge mappings associating 'localnet' networks to bridges on OpenShift Virtualization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # connect to OVN Northbound DB https://gist.github.com/dlbewley/b4d4c85931e7a9c03caf56db1a1a0d2e | |
| $ ovncli.sh | |
| # find local chassis id | |
| sh-5.1# ovn-sbctl find chassis other_config:is-remote="false" | |
| _uuid : a0aad588-f850-4601-b4dc-63199440ab58 | |
| encaps : [fcbeb3fc-d810-49db-ae6c-f043e3441d25] | |
| external_ids : {} | |
| hostname : hub-tq2sk-cnv-xcxw2 | |
| name : "f57f0c4e-5d93-4639-a016-7cea61281c04" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Connect to the OVN northbound database pod. | |
| # Optionally specify on which node. | |
| node=$1 | |
| if [[ -n "$node" ]]; then | |
| nbdbpod=$(oc get pod \ | |
| -l app=ovnkube-node \ | |
| -n openshift-ovn-kubernetes \ |
dlbewley
/ ext-kubeconfig-cacerts.sh
Last active
September 29, 2023 23:17
Extract OpenShift CA Certificates from Install Generated Kubeconfig
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| cat $KUBECONFIG \ | |
| | yq e '.clusters[0].cluster."certificate-authority-data"' \ | |
| | base64 -d > kubeconfig-ca-data.pem | |
| split -p "-----BEGIN CERTIFICATE-----" kubeconfig-ca-data.pem cert- | |
| for c in cert-??; do | |
| subject=`openssl x509 -in $c -noout -subject | sed 's/^.*CN[[:space:]]*=[[:space:]]*\(.*\)/\1/'` | |
| echo $subject |
dlbewley
/ split-policies.sh
Created
November 12, 2022 00:05
decompose policy.open-cluster-management.io/v1 policies into manifests for use with PolicyGenerator Kustomize plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # split a file having multiple policies into multiple files | |
| # each file is named policy-<policy_name> and contains 1 policy | |
| yq e '.|split_doc' -s '.kind + "-" + .metadata.name | downcase' multi-policy.yaml | |
| # create manifests dir for each policy | |
| # place object definitions from each policy into corresponding manifest dir | |
| for p in policy-*; do | |
| policy_name=$(yq '.metadata.name' $p); | |
| mkdir -p "manifests-$policy_name" | |
| yq '.spec.policy-templates[].objectDefinition[].object-templates[].objectDefinition | split_doc' \ |
dlbewley
/ login-pull-secrets.sh
Created
November 2, 2022 22:34
Podman login to all registries in pull secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you don't want to just use --authfile or set REGISTRY_AUTH_FILE for whatever reason | |
| # you may login to each registry in your pull secret thusly | |
| # spoiler alert, here's how to extract usernames and passwords from your pull secret | |
| PULL_SECRET_PATH=pull-secret.json | |
| for R in $(jq -r '.auths|keys[]' $PULL_SECRET_PATH ); do | |
| echo "Logging into $R" | |
| U=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $1}') | |
| P=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $2}') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ROXCTL_IMAGE="registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8:3.71" | |
| # Central CA cert: | |
| # oc extract secrets/service-ca -n stackrox --keys=ca.pem --to=- | |
| # read values from 1Password YMMV | |
| CLUSTER="hub-lab-bewley-net" | |
| VAULT="development" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # read values from 1Password, YMMV | |
| CLUSTER="hub-lab-bewley-net" | |
| VAULT="development" | |
| ROX_CENTRAL_ENDPOINT="$(op read op://$VAULT/$CLUSTER/acs/endpoint)" # cluster | |
| ROX_CENTRAL_ENDPOINT_PUB="$(op read op://$VAULT/$CLUSTER/acs/endpoint-pub)" # public | |
| ROX_CA_CERT="$(op read op://$VAULT/$CLUSTER/acs/ca)" | |
| ROX_API_TOKEN="$(op read op://$VAULT/$CLUSTER/acs/admin-token)" |
dlbewley
/ pre-commit
Last active
August 20, 2021 00:57
Git pre-commit hook to allow tracking of example secrets but deny changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # once you have tracked a file, .gitignore will not have an effect on it, even if you | |
| # ignore the enclosing directory. | |
| # be sure to commit example secrets before adding this to .git/hooks/pre-commit | |
| # Redirect output to stderr. | |
| exec 1>&2 | |
| DENY_LIST="secrets|certs" |
dlbewley
/ asciinema-clear-screen.json
Created
August 8, 2021 23:25
How to add a clear screen command to an asciinema recording
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [0.000001, "o", "\u001b[H\u001b[J"] |
dlbewley
/ get-install-config.sh
Last active
August 4, 2021 19:04
How to recover the install-config.yaml used to deploy an OpenShift cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| oc extract cm/cluster-config-v1 -n kube-system --to=- |
NewerOlder