Skip to content

Instantly share code, notes, and snippets.

Avatar

Tommy McNeely TJM

View GitHub Profile
@TJM
TJM / esm.tf
Created Feb 8, 2022
consul-esm terraform deployment into kubernetes
View esm.tf
# External Service Monitoring
# ESM Consul Policy
# - https://github.com/hashicorp/consul-esm#consul-acl-policies
# NOTE: This could be more restrictive - this one is wide open
resource "consul_acl_policy" "esm" {
name = "consul-esm"
rules = <<-RULE
agent_prefix "" {
policy = "read"
@TJM
TJM / steps.md
Last active Jan 17, 2022
Consul OIDC Issue
View steps.md
  • Download Enterprise Consul: https://releases.hashicorp.com/consul/ (we have tried 1.9.6 - 1.10.1) (make sure to get the +ent version) for your specific OS. We are testing on "darwin" (OSX) but the production environment will be linux.
  • Unzip into a "consul" working directory locally
  • Create a license.txt file with the consul enterprise license.
  • Create an empty data directory
  • Create a config.d directory with a single file (acl.hcl) with the following contents:
acl = {
 enabled = true
@TJM
TJM / puppetTypeParse.go
Created Sep 1, 2021
REALLY basic idea to convert a submitted string value to an appropriate type (interface{}) to match a Puppet Type
View puppetTypeParse.go
// getInterfaceValue will return an interface{} with an appropriate type for the puppetType
// NOTE: This is *very* basic and will revert to just returning the string value by default.
func getInterfaceValue(puppetType string, val string) (retVal interface{}) {
var err error
if val == "" {
return nil // Don't set a parameter that is "" (empty)
}
// Handle Optional[WHATEVER]
if strings.HasPrefix(puppetType, "Optional[") {
puppetType = strings.TrimPrefix(puppetType, "Optional[")
@TJM
TJM / cluster_patching.pp
Created Apr 30, 2021
An idea for cluster patching (one at a time) using pe_patch. The `patching.pp` is a copy of pe_patch::group_patching, except for a modification to take $targets directly. The `cluster_patching.pp` is my attempt at a "one at a time" wrapper.
View cluster_patching.pp
# Wrapper for patchy:patching Plan for running 'patching' one node at a time, rather than all at once
plan patchy::cluster_patching (
TargetSpec $targets,
Optional[Enum['always', 'never', 'patched', 'smart']] $reboot = 'patched',
Optional[String] $yum_params = undef,
Optional[String] $dpkg_params = undef,
Optional[String] $zypper_params = undef,
Optional[Integer] $patch_task_timeout = 3600,
Optional[Integer] $health_check_runinterval = 1800,
Optional[Integer] $reboot_wait_time = 600,
@TJM
TJM / patch_es_data_nodes.yaml
Last active Apr 22, 2021
Ansible Playbook (role) to patch ES Data nodes (WIP)
View patch_es_data_nodes.yaml
---
- name: yum_check
command:
cmd: /bin/yum check-upgrade
warn: no
register: yum_update
ignore_errors: true
failed_when: yum_update.rc == 1
@TJM
TJM / README.md
Last active Feb 12, 2021
Puppet SCCM Client Install as a package
View README.md

SCCM Install using Puppet "package"

This script was donated by a customer of ours. They have sent us a sanitized version of the script to share.

Please use this at your own risk, and fully understand what it is doing before using it!

The Problem:

SCCM Installation fires off in the background and you have no idea whether it worked or not. Also, if any other installs try to start while the SCCM setup is running, you will get an error.

@TJM
TJM / clean_orphaned_pods.sh
Last active Nov 2, 2020
Dealing with Orphaned pod messages (Orphaned pod found - but volume paths are still present on disk)
View clean_orphaned_pods.sh
#!/bin/bash -eu
#
# This script is designed to be run as a cron job periodically to
# clean up the Orphaned Pods. Use at your own risk!
#
## Settings (can be passed as environment variables)
LOGFILE=${LOGFILE:-/var/log/messages} # what log file to process
KUBELET_PODS_DIR=${KUBELET_DIR:-/var/lib/kubelet/pods} # where to find pods to remove
DEBUG=${DEBUG:-0} # more debug output
@TJM
TJM / cronjob-artifactory-db-backup.yaml
Created Sep 25, 2020
K8s CronJob to backup ArtifactoryDB
View cronjob-artifactory-db-backup.yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: artifactory-pg-backup
namespace: artifactory
spec:
schedule: "30 */4 * * *"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
startingDeadlineSeconds: 100
@TJM
TJM / keybase.md
Last active Aug 24, 2020
keybase.md
View keybase.md

Keybase proof

I hereby claim:

  • I am tjm on github.
  • I am tommythekid (https://keybase.io/tommythekid) on keybase.
  • I have a public key ASDcDg1N76jG7QoRdmzFEPr1HUGKcX5tea4v5-o1R-r-VQo

To claim this, I am signing this object:

@TJM
TJM / sync_pulp.sh
Created Jun 30, 2020
Sync all repos (or a list of repos) in pulp
View sync_pulp.sh
#!/bin/bash -e
if [ $# -gt 0 ]; then
REPOS=$*
else
REPOS=$(pulp-admin repo list | awk '/Id:/ {print $NF}')
fi
for repo in $REPOS
do