Start Vault:
vault server -dev
Enable JWT auth mechanism:
thejohnny
thejohnny
/ fio cheatsheet
Created
July 19, 2024 15:40
— forked from githubfoam/fio cheatsheet
fio cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ----------------------------------------------------------------------------------------------------- | |
| Read Test | |
| fio --name=randread --ioengine=libaio --iodepth=16 --rw=randread --bs=4k --direct=0 --size=512M --numjobs=4 --runtime=240 --group_reporting | |
| ----------------------------------------------------------------------------------------------------- | |
| writes a total 2GB files [4 jobs x 512 MB = 2GB] running 4 processes at a time: | |
| fio --name=randwrite --ioengine=libaio --iodepth=1 --rw=randwrite --bs=4k --direct=0 --size=512M --numjobs=4 --runtime=240 --group_reporting | |
| ----------------------------------------------------------------------------------------------------- | |
| Read Write Performance Test | |
| fio --randrepeat=1 --ioengine=libaio --direct=1 --gtod_reduce=1 --name=test --filename=random_read_write.fio --bs=4k --iodepth=64 --size=4G --readwrite=randrw --rwmixread=75 |
thejohnny
/ disk_benchmark.sh
Created
July 19, 2024 15:40
— forked from tabokie/disk_benchmark.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -ueo pipefail | |
| TEST_DIR=$1 | |
| echo "benchmark disk mounted on" $TEST_DIR | |
| echo "--> write throughput" | |
| sudo fio --name=disk_benchmark --directory=$TEST_DIR --numjobs=8 \ | |
| --size=10G --time_based --runtime=60s --ramp_time=2s --ioengine=libaio \ |
thejohnny
/ command.sh
Created
January 28, 2024 20:42
— forked from devops-school/command.sh
Terraform Azure Creating Linux VM with a Image using Data Sources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ terraform init | |
| $ terraform plan | |
| $ terraform apply --auto-approve | |
| $ terraform output |
thejohnny
/ main.tf
Created
August 8, 2023 20:17
— forked from nicklhw/main.tf
Terraform code to enable Vault EGP policy and TOTP MFA
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| terraform { | |
| required_providers { | |
| vault = { | |
| source = "hashicorp/vault" | |
| version = "3.11.0" | |
| } | |
| } | |
| } | |
| provider "vault" { |
thejohnny
/ aws_iam_federated.tf
Created
August 8, 2023 20:15
— forked from devops-adeel/aws_iam_federated.tf
WIP Code in creating workload identity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| data "aws_iam_policy_document" "default" { | |
| version = "2012-10-17" | |
| statement { | |
| sid = "FederatedTrustVaultOIDC" | |
| effect = "Allow" | |
| actions = ["sts:AssumeRoleWithWebIdentity", ] | |
| principals { | |
| type = "Federated" |
thejohnny
/ OIDC configuration with Hashi Vault.md
Created
October 4, 2022 15:45
— forked from alwell-kevin/OIDC configuration with Hashi Vault.md
HashiTalks 2022 - OIDC configuration with Hashi Vault
thejohnny
/ aad_oidc_grp.tf
Created
April 20, 2022 18:24
— forked from devops-adeel/aad_oidc_grp.tf
Terraform snippet to setup AzureAD Auth Method.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| locals { | |
| aad_group = var.aad_group | |
| application = var.application_name | |
| mount_accessor = var.mount_accessor | |
| } | |
| data "azuread_group" "default" { | |
| display_name = local.aad_group | |
| } |
thejohnny
/ github_jwt_auth.tf
Created
April 7, 2022 18:11
— forked from jeffwecan/github_jwt_auth.tf
Example of using GitHub OIDC ID token claims for per-repo K/V path access via templated Vault policies.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "github_jwt_issuer_url" { | |
| description = "Issuer URL for GitHub; used in JWT/OIDC auth method configuration." | |
| type = string | |
| default = "https://token.actions.githubusercontent.com" | |
| } | |
| variable "github_org_name" { | |
| type = string | |
| default = "some-github-org" | |
| } |
thejohnny
/ vault_logrotate
Created
June 17, 2021 16:55
— forked from abuxton/vault_logrotate
logrotate setting file for HashiCorp's Vault audit file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Change the path below to your own audit log path. | |
| /var/log/vault/audit.log { | |
| rotate 30 | |
| daily | |
| # Do not execute rotate if the log file is empty. | |
| notifempty | |
| missingok | |
| compress | |
| # Set compress on next rotate cycl to prevent entry loss when performing compression. | |
| delaycompress |
thejohnny
/ cloud_init_debugging.md
Created
April 15, 2021 12:38
— forked from RagedUnicorn/cloud_init_debugging.md
Debugging tipps when working with cloud-init
Cloud-init combined with terraform can be a powerful tool to provision instances on startup. Debugging scripts that are run by cloud-init however are not the easiest to debug.
Usually on an Ubuntu machine a lot of what is happening can be found in the syslog
cat /var/log/syslog
NewerOlder