Skip to content

Instantly share code, notes, and snippets.

View TJM's full-sized avatar

Tommy McNeely TJM

17 followers · 9 following
View GitHub Profile
@TJM
TJM / k8s-storage-shell.sh
Last active July 11, 2023 03:22
K8s-Storage-shell - Connect to PVC with interactive shell
#!/bin/bash
#
# Start a debug-storage container mounting a specific volume (pvc)
#
IMAGE='centos:7'
if [ $# == 1 ]; then
PVC=$1
else
@TJM
TJM / main.tf
Created April 20, 2023 15:14
Manage Hashicorp Vault plugins with versions in terraform using shell provider
## Providers
terraform {
required_providers {
shell = {
source = "scottwinkler/shell"
version = "~> 1.7"
}
}
}
@TJM
TJM / README.md
Last active March 25, 2023 01:16
Puppet SCCM Client Install as a package

SCCM Install using Puppet "package"

This script was donated by a customer of ours. They have sent us a sanitized version of the script to share.

Please use this at your own risk, and fully understand what it is doing before using it!

The Problem:

SCCM Installation fires off in the background and you have no idea whether it worked or not. Also, if any other installs try to start while the SCCM setup is running, you will get an error.

@TJM
TJM / add-artifactory-license.sh
Last active January 6, 2023 20:29
Handle Artifactory License through script
#!/bin/bash
set -e
############################################################################
# shell script for applying license bucket and licenses to an Artifactory #
# deployment. #
# #
# Author: Andrew Milam <andrew.milam@davita.com> #
# #
# WARNING: This script is designed as a terraform shell_script resource! #
@TJM
TJM / Force_MFA
Created March 20, 2017 16:45
Force Multi-Factor Authentication (MFA) on AWS IAM Accounts
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowAllUsersToListAccounts",
"Effect": "Allow",
"Action": [
"iam:ListAccountAliases",
"iam:ListUsers",
"iam:GetAccountSummary"
@TJM
TJM / esm.tf
Created February 8, 2022 17:30
consul-esm terraform deployment into kubernetes
# External Service Monitoring
# ESM Consul Policy
# - https://github.com/hashicorp/consul-esm#consul-acl-policies
# NOTE: This could be more restrictive - this one is wide open
resource "consul_acl_policy" "esm" {
name = "consul-esm"
rules = <<-RULE
agent_prefix "" {
policy = "read"
@TJM
TJM / steps.md
Last active January 17, 2022 12:42
Consul OIDC Issue
  • Download Enterprise Consul: https://releases.hashicorp.com/consul/ (we have tried 1.9.6 - 1.10.1) (make sure to get the +ent version) for your specific OS. We are testing on "darwin" (OSX) but the production environment will be linux.
  • Unzip into a "consul" working directory locally
  • Create a license.txt file with the consul enterprise license.
  • Create an empty data directory
  • Create a config.d directory with a single file (acl.hcl) with the following contents:
acl = {
  enabled = true
@TJM
TJM / puppetTypeParse.go
Created September 1, 2021 17:27
REALLY basic idea to convert a submitted string value to an appropriate type (interface{}) to match a Puppet Type
// getInterfaceValue will return an interface{} with an appropriate type for the puppetType
// NOTE: This is *very* basic and will revert to just returning the string value by default.
func getInterfaceValue(puppetType string, val string) (retVal interface{}) {
var err error
if val == "" {
return nil // Don't set a parameter that is "" (empty)
}
// Handle Optional[WHATEVER]
if strings.HasPrefix(puppetType, "Optional[") {
puppetType = strings.TrimPrefix(puppetType, "Optional[")
@TJM
TJM / cluster_patching.pp
Created April 30, 2021 17:07
An idea for cluster patching (one at a time) using pe_patch. The `patching.pp` is a copy of pe_patch::group_patching, except for a modification to take $targets directly. The `cluster_patching.pp` is my attempt at a "one at a time" wrapper.
# Wrapper for patchy:patching Plan for running 'patching' one node at a time, rather than all at once
plan patchy::cluster_patching (
TargetSpec $targets,
Optional[Enum['always', 'never', 'patched', 'smart']] $reboot = 'patched',
Optional[String] $yum_params = undef,
Optional[String] $dpkg_params = undef,
Optional[String] $zypper_params = undef,
Optional[Integer] $patch_task_timeout = 3600,
Optional[Integer] $health_check_runinterval = 1800,
Optional[Integer] $reboot_wait_time = 600,
@TJM
TJM / patch_es_data_nodes.yaml
Last active April 22, 2021 03:06
Ansible Playbook (role) to patch ES Data nodes (WIP)
---
- name: yum_check
command:
cmd: /bin/yum check-upgrade
warn: no
register: yum_update
ignore_errors: true
failed_when: yum_update.rc == 1