Skip to content

Instantly share code, notes, and snippets.


Tommy McNeely TJM

View GitHub Profile
Created Feb 8, 2022
consul-esm terraform deployment into kubernetes
# External Service Monitoring
# ESM Consul Policy
# -
# NOTE: This could be more restrictive - this one is wide open
resource "consul_acl_policy" "esm" {
name = "consul-esm"
rules = <<-RULE
agent_prefix "" {
policy = "read"
Last active Jan 17, 2022
Consul OIDC Issue
  • Download Enterprise Consul: (we have tried 1.9.6 - 1.10.1) (make sure to get the +ent version) for your specific OS. We are testing on "darwin" (OSX) but the production environment will be linux.
  • Unzip into a "consul" working directory locally
  • Create a license.txt file with the consul enterprise license.
  • Create an empty data directory
  • Create a config.d directory with a single file (acl.hcl) with the following contents:
acl = {
 enabled = true
TJM / puppetTypeParse.go
Created Sep 1, 2021
REALLY basic idea to convert a submitted string value to an appropriate type (interface{}) to match a Puppet Type
View puppetTypeParse.go
// getInterfaceValue will return an interface{} with an appropriate type for the puppetType
// NOTE: This is *very* basic and will revert to just returning the string value by default.
func getInterfaceValue(puppetType string, val string) (retVal interface{}) {
var err error
if val == "" {
return nil // Don't set a parameter that is "" (empty)
// Handle Optional[WHATEVER]
if strings.HasPrefix(puppetType, "Optional[") {
puppetType = strings.TrimPrefix(puppetType, "Optional[")
TJM / cluster_patching.pp
Created Apr 30, 2021
An idea for cluster patching (one at a time) using pe_patch. The `patching.pp` is a copy of pe_patch::group_patching, except for a modification to take $targets directly. The `cluster_patching.pp` is my attempt at a "one at a time" wrapper.
View cluster_patching.pp
# Wrapper for patchy:patching Plan for running 'patching' one node at a time, rather than all at once
plan patchy::cluster_patching (
TargetSpec $targets,
Optional[Enum['always', 'never', 'patched', 'smart']] $reboot = 'patched',
Optional[String] $yum_params = undef,
Optional[String] $dpkg_params = undef,
Optional[String] $zypper_params = undef,
Optional[Integer] $patch_task_timeout = 3600,
Optional[Integer] $health_check_runinterval = 1800,
Optional[Integer] $reboot_wait_time = 600,
TJM / patch_es_data_nodes.yaml
Last active Apr 22, 2021
Ansible Playbook (role) to patch ES Data nodes (WIP)
View patch_es_data_nodes.yaml
- name: yum_check
cmd: /bin/yum check-upgrade
warn: no
register: yum_update
ignore_errors: true
failed_when: yum_update.rc == 1
Last active Feb 12, 2021
Puppet SCCM Client Install as a package

SCCM Install using Puppet "package"

This script was donated by a customer of ours. They have sent us a sanitized version of the script to share.

Please use this at your own risk, and fully understand what it is doing before using it!

The Problem:

SCCM Installation fires off in the background and you have no idea whether it worked or not. Also, if any other installs try to start while the SCCM setup is running, you will get an error.

Last active Nov 2, 2020
Dealing with Orphaned pod messages (Orphaned pod found - but volume paths are still present on disk)
#!/bin/bash -eu
# This script is designed to be run as a cron job periodically to
# clean up the Orphaned Pods. Use at your own risk!
## Settings (can be passed as environment variables)
LOGFILE=${LOGFILE:-/var/log/messages} # what log file to process
KUBELET_PODS_DIR=${KUBELET_DIR:-/var/lib/kubelet/pods} # where to find pods to remove
DEBUG=${DEBUG:-0} # more debug output
TJM / cronjob-artifactory-db-backup.yaml
Created Sep 25, 2020
K8s CronJob to backup ArtifactoryDB
View cronjob-artifactory-db-backup.yaml
apiVersion: batch/v1beta1
kind: CronJob
name: artifactory-pg-backup
namespace: artifactory
schedule: "30 */4 * * *"
concurrencyPolicy: Forbid
failedJobsHistoryLimit: 3
startingDeadlineSeconds: 100
Last active Aug 24, 2020

Keybase proof

I hereby claim:

  • I am tjm on github.
  • I am tommythekid ( on keybase.
  • I have a public key ASDcDg1N76jG7QoRdmzFEPr1HUGKcX5tea4v5-o1R-r-VQo

To claim this, I am signing this object:

Created Jun 30, 2020
Sync all repos (or a list of repos) in pulp
#!/bin/bash -e
if [ $# -gt 0 ]; then
REPOS=$(pulp-admin repo list | awk '/Id:/ {print $NF}')
for repo in $REPOS