Skip to content

Instantly share code, notes, and snippets.

View TJM's full-sized avatar

Tommy McNeely TJM

17 followers · 9 following
View GitHub Profile
@TJM
TJM / main.tf
Created April 20, 2023 15:14
Manage Hashicorp Vault plugins with versions in terraform using shell provider
## Providers
terraform {
required_providers {
shell = {
source = "scottwinkler/shell"
version = "~> 1.7"
}
}
}
@TJM
TJM / add-artifactory-license.sh
Last active January 6, 2023 20:29
Handle Artifactory License through script
#!/bin/bash
set -e
############################################################################
# shell script for applying license bucket and licenses to an Artifactory #
# deployment. #
# #
# Author: Andrew Milam <andrew.milam@davita.com> #
# #
# WARNING: This script is designed as a terraform shell_script resource! #
@TJM
TJM / esm.tf
Created February 8, 2022 17:30
consul-esm terraform deployment into kubernetes
# External Service Monitoring
# ESM Consul Policy
# - https://github.com/hashicorp/consul-esm#consul-acl-policies
# NOTE: This could be more restrictive - this one is wide open
resource "consul_acl_policy" "esm" {
name = "consul-esm"
rules = <<-RULE
agent_prefix "" {
policy = "read"
@TJM
TJM / puppetTypeParse.go
Created September 1, 2021 17:27
REALLY basic idea to convert a submitted string value to an appropriate type (interface{}) to match a Puppet Type
// getInterfaceValue will return an interface{} with an appropriate type for the puppetType
// NOTE: This is *very* basic and will revert to just returning the string value by default.
func getInterfaceValue(puppetType string, val string) (retVal interface{}) {
var err error
if val == "" {
return nil // Don't set a parameter that is "" (empty)
}
// Handle Optional[WHATEVER]
if strings.HasPrefix(puppetType, "Optional[") {
puppetType = strings.TrimPrefix(puppetType, "Optional[")
@TJM
TJM / steps.md
Last active January 17, 2022 12:42
Consul OIDC Issue
  • Download Enterprise Consul: https://releases.hashicorp.com/consul/ (we have tried 1.9.6 - 1.10.1) (make sure to get the +ent version) for your specific OS. We are testing on "darwin" (OSX) but the production environment will be linux.
  • Unzip into a "consul" working directory locally
  • Create a license.txt file with the consul enterprise license.
  • Create an empty data directory
  • Create a config.d directory with a single file (acl.hcl) with the following contents:
acl = {
  enabled = true
@TJM
TJM / cluster_patching.pp
Created April 30, 2021 17:07
An idea for cluster patching (one at a time) using pe_patch. The `patching.pp` is a copy of pe_patch::group_patching, except for a modification to take $targets directly. The `cluster_patching.pp` is my attempt at a "one at a time" wrapper.
# Wrapper for patchy:patching Plan for running 'patching' one node at a time, rather than all at once
plan patchy::cluster_patching (
TargetSpec $targets,
Optional[Enum['always', 'never', 'patched', 'smart']] $reboot = 'patched',
Optional[String] $yum_params = undef,
Optional[String] $dpkg_params = undef,
Optional[String] $zypper_params = undef,
Optional[Integer] $patch_task_timeout = 3600,
Optional[Integer] $health_check_runinterval = 1800,
Optional[Integer] $reboot_wait_time = 600,
@TJM
TJM / patch_es_data_nodes.yaml
Last active April 22, 2021 03:06
Ansible Playbook (role) to patch ES Data nodes (WIP)
---
- name: yum_check
command:
cmd: /bin/yum check-upgrade
warn: no
register: yum_update
ignore_errors: true
failed_when: yum_update.rc == 1
@TJM
TJM / cronjob-artifactory-db-backup.yaml
Created September 25, 2020 17:46
K8s CronJob to backup ArtifactoryDB
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: artifactory-pg-backup
namespace: artifactory
spec:
schedule: "30 */4 * * *"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
startingDeadlineSeconds: 100
@TJM
TJM / keybase.md
Last active August 24, 2020 20:37
keybase.md

Keybase proof

I hereby claim:

  • I am tjm on github.
  • I am tommythekid (https://keybase.io/tommythekid) on keybase.
  • I have a public key ASDcDg1N76jG7QoRdmzFEPr1HUGKcX5tea4v5-o1R-r-VQo

To claim this, I am signing this object:

@TJM
TJM / clean_orphaned_pods.sh
Last active November 2, 2020 19:16
Dealing with Orphaned pod messages (Orphaned pod found - but volume paths are still present on disk)
#!/bin/bash -eu
#
# This script is designed to be run as a cron job periodically to
# clean up the Orphaned Pods. Use at your own risk!
#
## Settings (can be passed as environment variables)
LOGFILE=${LOGFILE:-/var/log/messages} # what log file to process
KUBELET_PODS_DIR=${KUBELET_DIR:-/var/lib/kubelet/pods} # where to find pods to remove
DEBUG=${DEBUG:-0} # more debug output