Skip to content

Instantly share code, notes, and snippets.


Tommy McNeely TJM

View GitHub Profile
Created Feb 8, 2022
consul-esm terraform deployment into kubernetes
# External Service Monitoring
# ESM Consul Policy
# -
# NOTE: This could be more restrictive - this one is wide open
resource "consul_acl_policy" "esm" {
name = "consul-esm"
rules = <<-RULE
agent_prefix "" {
policy = "read"
TJM / puppetTypeParse.go
Created Sep 1, 2021
REALLY basic idea to convert a submitted string value to an appropriate type (interface{}) to match a Puppet Type
View puppetTypeParse.go
// getInterfaceValue will return an interface{} with an appropriate type for the puppetType
// NOTE: This is *very* basic and will revert to just returning the string value by default.
func getInterfaceValue(puppetType string, val string) (retVal interface{}) {
var err error
if val == "" {
return nil // Don't set a parameter that is "" (empty)
// Handle Optional[WHATEVER]
if strings.HasPrefix(puppetType, "Optional[") {
puppetType = strings.TrimPrefix(puppetType, "Optional[")
Last active Jan 17, 2022
Consul OIDC Issue
  • Download Enterprise Consul: (we have tried 1.9.6 - 1.10.1) (make sure to get the +ent version) for your specific OS. We are testing on "darwin" (OSX) but the production environment will be linux.
  • Unzip into a "consul" working directory locally
  • Create a license.txt file with the consul enterprise license.
  • Create an empty data directory
  • Create a config.d directory with a single file (acl.hcl) with the following contents:
acl = {
  enabled = true
TJM / cluster_patching.pp
Created Apr 30, 2021
An idea for cluster patching (one at a time) using pe_patch. The `patching.pp` is a copy of pe_patch::group_patching, except for a modification to take $targets directly. The `cluster_patching.pp` is my attempt at a "one at a time" wrapper.
View cluster_patching.pp
# Wrapper for patchy:patching Plan for running 'patching' one node at a time, rather than all at once
plan patchy::cluster_patching (
TargetSpec $targets,
Optional[Enum['always', 'never', 'patched', 'smart']] $reboot = 'patched',
Optional[String] $yum_params = undef,
Optional[String] $dpkg_params = undef,
Optional[String] $zypper_params = undef,
Optional[Integer] $patch_task_timeout = 3600,
Optional[Integer] $health_check_runinterval = 1800,
Optional[Integer] $reboot_wait_time = 600,
TJM / patch_es_data_nodes.yaml
Last active Apr 22, 2021
Ansible Playbook (role) to patch ES Data nodes (WIP)
View patch_es_data_nodes.yaml
- name: yum_check
cmd: /bin/yum check-upgrade
warn: no
register: yum_update
ignore_errors: true
failed_when: yum_update.rc == 1
TJM / cronjob-artifactory-db-backup.yaml
Created Sep 25, 2020
K8s CronJob to backup ArtifactoryDB
View cronjob-artifactory-db-backup.yaml
apiVersion: batch/v1beta1
kind: CronJob
name: artifactory-pg-backup
namespace: artifactory
schedule: "30 */4 * * *"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
startingDeadlineSeconds: 100
Last active Aug 24, 2020

Keybase proof

I hereby claim:

  • I am tjm on github.
  • I am tommythekid ( on keybase.
  • I have a public key ASDcDg1N76jG7QoRdmzFEPr1HUGKcX5tea4v5-o1R-r-VQo

To claim this, I am signing this object:

Last active Nov 2, 2020
Dealing with Orphaned pod messages (Orphaned pod found - but volume paths are still present on disk)
#!/bin/bash -eu
# This script is designed to be run as a cron job periodically to
# clean up the Orphaned Pods. Use at your own risk!
## Settings (can be passed as environment variables)
LOGFILE=${LOGFILE:-/var/log/messages} # what log file to process
KUBELET_PODS_DIR=${KUBELET_DIR:-/var/lib/kubelet/pods} # where to find pods to remove
DEBUG=${DEBUG:-0} # more debug output
Created Jun 30, 2020
Sync all repos (or a list of repos) in pulp
#!/bin/bash -e
if [ $# -gt 0 ]; then
REPOS=$(pulp-admin repo list | awk '/Id:/ {print $NF}')
for repo in $REPOS
Last active May 19, 2020
K8s-Storage-shell - Connect to PVC with interactive shell
# Start a debug-storage container mounting a specific volume (pvc)
if [ $# == 1 ]; then