jq is useful to slice, filter, map and transform structured json data.
brew install jq
################################################### | |
## | |
## Alertmanager YAML configuration for routing. | |
## | |
## Will route alerts with a code_owner label to the slack-code-owners receiver | |
## configured above, but will continue processing them to send to both a | |
## central Slack channel (slack-monitoring) and PagerDuty receivers | |
## (pd-warning and pd-critical) | |
## |
#!/bin/bash | |
set -euo pipefail | |
openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req | |
openssl rsa -in privkey.pem -passin pass:abcd -out server.key | |
openssl req -x509 -in server.req -text -key server.key -out server.crt | |
chmod 600 server.key | |
chown 70 server.key | |
docker run -d --name postgres -v $PWD/server.crt:/var/lib/postgresql/server.crt:ro -v $PWD/server.key:/var/lib/postgresql/server.key:ro postgres:11-alpine -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key |
default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam' | |
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes' | |
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no' |
# ---- Base python ---- | |
FROM python:3.6 AS base | |
# Create app directory | |
WORKDIR /app | |
# ---- Dependencies ---- | |
FROM base AS dependencies | |
COPY gunicorn_app/requirements.txt ./ | |
# install app dependencies | |
RUN pip install -r requirements.txt |
# By default, Docker containers run as the root user. This is bad because: | |
# 1) You're more likely to modify up settings that you shouldn't be | |
# 2) If an attacker gets access to your container - well, that's bad if they're root. | |
# Here's how you can run change a Docker container to run as a non-root user | |
## CREATE APP USER ## | |
# Create the home directory for the new app user. | |
RUN mkdir -p /home/app |
~/.aws/config
AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
and AWS_SECURITY_TOKEN
(for boto2) / AWS_SESSION_TOKEN
(for boto3) are all set, and are consumed by boto2 in the inventory script and other boto2-based modulesFWIW: I didn't produce the content presented here (the outline from Edmond Lau's book). I've just copy-pasted it from somewhere over the Internet, but I cannot remember what exactly the original source is. I was also not able to find the author's name, so I cannot give him/her the proper credits.
FROM nginx:alpine | |
ENV CONSUL_TEMPLATE_VERSION=0.18.5 | |
RUN apk add --update curl unzip ca-certificates \ | |
&& curl -Ls https://releases.hashicorp.com/consul-template/${CONSUL_TEMPLATE_VERSION}/consul-template_${CONSUL_TEMPLATE_VERSION}_linux_amd64.zip -o consul-template.zip \ | |
&& unzip consul-template.zip -d /bin \ | |
&& rm -f consul-template* \ | |
&& apk del curl unzip \ | |
&& rm -rf /var/cache/apk/* |
#!/bin/python | |
import argparse | |
import tempfile | |
import shutil | |
import subprocess | |
import sys | |
import traceback | |
import requests | |
import logging | |
import re |