Nklya

###################################################
##
## Alertmanager YAML configuration for routing.
##
## Will route alerts with a code_owner label to the slack-code-owners receiver 
## configured above, but will continue processing them to send to both a
## central Slack channel (slack-monitoring) and PagerDuty receivers
## (pd-warning and pd-critical)
##

Nklya

Processing JSON using jq

jq is useful to slice, filter, map and transform structured json data.

Installing jq

On Mac OS

brew install jq

Nklya

#!/bin/bash

set -euo pipefail

openssl req -new -text -passout pass:abcd -subj /CN=localhost -out server.req
openssl rsa -in privkey.pem -passin pass:abcd -out server.key
openssl req -x509 -in server.req -text -key server.key -out server.crt
chmod 600 server.key
chown 70 server.key
docker run -d --name postgres -v $PWD/server.crt:/var/lib/postgresql/server.crt:ro -v $PWD/server.key:/var/lib/postgresql/server.key:ro postgres:11-alpine -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key

Nklya

default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'

Nklya

# ---- Base python ----
FROM python:3.6 AS base
# Create app directory
WORKDIR /app

# ---- Dependencies ----
FROM base AS dependencies  
COPY gunicorn_app/requirements.txt ./
# install app dependencies
RUN pip install -r requirements.txt

Nklya

# By default, Docker containers run as the root user. This is bad because:
#   1) You're more likely to modify up settings that you shouldn't be
#   2) If an attacker gets access to your container - well, that's bad if they're root.
# Here's how you can run change a Docker container to run as a non-root user

## CREATE APP USER ##

# Create the home directory for the new app user.
RUN mkdir -p /home/app

Nklya

Ansible invocation with assumed IAM role

How it works

• boto3 initializes a session using the specified profile, for which it assumes a role as configured in your ~/.aws/config
• Python script with above session initialization prints out shell-compatible environment variables of the temporary credentials
• Wrapper script sets these a la eval
• By the time Ansible runs, the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SECURITY_TOKEN (for boto2) / AWS_SESSION_TOKEN (for boto3) are all set, and are consumed by boto2 in the inventory script and other boto2-based modules

Notes

Nklya

FWIW: I didn't produce the content presented here (the outline from Edmond Lau's book). I've just copy-pasted it from somewhere over the Internet, but I cannot remember what exactly the original source is. I was also not able to find the author's name, so I cannot give him/her the proper credits.

---

Effective Engineer - Notes

• By Edmond Lau
• Highly Recommended 👍
• http://www.theeffectiveengineer.com/

What's an Effective Engineer?

Nklya

FROM nginx:alpine

ENV CONSUL_TEMPLATE_VERSION=0.18.5
RUN apk add --update curl unzip ca-certificates \
    && curl -Ls https://releases.hashicorp.com/consul-template/${CONSUL_TEMPLATE_VERSION}/consul-template_${CONSUL_TEMPLATE_VERSION}_linux_amd64.zip -o consul-template.zip \
    && unzip consul-template.zip -d /bin \ 
    && rm -f consul-template* \
    && apk del curl unzip \
    && rm -rf /var/cache/apk/*

Nklya

#!/bin/python
import argparse
import tempfile
import shutil
import subprocess
import sys
import traceback
import requests
import logging
import re