Skip to content

Instantly share code, notes, and snippets.

View GuyBarros's full-sized avatar

Guy Barros GuyBarros

78 followers · 79 following
View GitHub Profile
@GuyBarros
GuyBarros / jenkins.txt
Last active December 17, 2018 16:31
Jenkins TFE integration via remote backend example
pipeline {
agent any
environment {
GIT_REPO = "https://github.com/GuyBarros/terraform-aws-demostack/"
TFE_URL = "https://app.terraform.io"
TFE_ORGANIZATION = "emea-se-playground"
TFE_API_URL = "${TFE_URL}/api/v2"
TFE_API_TOKEN = credentials("tfe_api_token")
@GuyBarros
GuyBarros / Consul_config
Created January 31, 2019 09:53
{
"acl_datacenter": "dc1",
"acl_master_token": "${consul_master_token}",
"acl_token": "${consul_master_token}",
"acl_default_policy": "allow",
"advertise_addr": "$(private_ip)",
"advertise_addr_wan": "$(public_ip)",
"bootstrap_expect": ${consul_servers},
"bind_addr": "$(private_ip)",
"data_dir": "/mnt/consul",
@GuyBarros
GuyBarros / PTFETroubleshooting
Created February 12, 2019 12:22
John's PTFE troubleshooting script
#!/bin/bash
for pid in $(docker ps -a --format="{{.Names}}")
do
docker logs -f $pid > /tmp/$pid.log 2> /tmp/$pid.err &
done
tail -f /tmp/*.{log,err}
@GuyBarros
GuyBarros / Vaul DR Cheat Sheet
Created December 5, 2018 09:52
Vault DR Cheat Sheet
What you'll need:
<recovery key of the primary>
<root token of primary>
Step 1 - begin process
vault operator generate-root -dr-token -init -tls-skip-verify
Step 2 - Generate DR Token (repeat one per key shard)
vault operator generate-root -tls-skip-verify -dr-token -nonce=<nonce value from step 1> <recovery key of the primary>
@GuyBarros
GuyBarros / gist:3a9901a22bd52ae0f4f5e1f7154468a1
Created July 26, 2019 14:53
startigng of vault notifier
Steps to make a Control Group Notifier
1) list all Tokens
curl -X LIST \
http://eu-guystack-vault-561637873.eu-west-2.elb.amazonaws.com:8200/v1/auth/token/accessors \
-H 'Accept: */*' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
@GuyBarros
GuyBarros / readme.md
Last active October 22, 2019 08:30 — forked from benstr/readme.md
Gist Markdown Cheatsheet

#Heading 1

##Heading 2

###Heading 3

####Heading 4

#####Heading 5

@GuyBarros
GuyBarros / vault4pfx.hcl
Created December 18, 2019 15:43
A TFScript to connect to Vault , generate a PKI cert and use that cert as the seed for a pfx file
variable "vault_host" {
description = "Vault hostname"
default = "vault.ric-lnd-stack.ric.aws.hashidemos.io"
}
terraform {
backend "remote" {
organization = "hc-emea-sentinel-demo"
workspaces {
name = "vault-integration"
}
@GuyBarros
GuyBarros / ptfe.json
Last active February 12, 2020 10:07
Johnny's PTFE Packer script
{
"variables": {
"version": "",
"memory" : "8196",
"cpucorecount": "4"
},
"provisioners": [
{
"type": "file",
"source": "bootcamp.rli",
@GuyBarros
GuyBarros / hashicorp-vault-helm-values.yaml
Created November 2, 2020 17:22
global:
# enabled is the master enabled switch. Setting this to true or false
# will enable or disable all the components within this chart by default.
enabled: true
# TLS for end-to-end encrypted transport
tlsDisable: true
# If deploying to OpenShift
psp:
enable: false
@GuyBarros
GuyBarros / Ansible - Vault SSH-CA
Created March 18, 2019 08:45
Ansible playbook that uses Vault Approlle to generate a SSH -CA
-
hosts: localhost
gather_facts: false
vars:
secret_token: '${option.vault_token}'
role_id: '${option.approle_id}'
tasks:
-
name: 'Get secret id from role_id'
uri: {url: 'http://active.vault.service.consul:8200/v1/auth/approle/role/my-role/secret-id', method: POST, headers: {X-Vault-Token: '{{ secret_token }}'}, body_format: json, status_code: 200}