View info.md

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.

View info.md

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.

View changepassword.sh.j2
#!/usr/bin/expect
set timeout -1;
spawn {{django_dir}}/venv/bin/python manage.py changepassword {{admin_user}};
expect {
"Password:" { exp_send "{{admin_pass}}\r" ; exp_continue }
"Password (again):" { exp_send "{{admin_pass}}\r" ; exp_continue }
eof
}
View ansible.yml
# Extracting all ips from defined group
ips: "{{ groups['webservers']|map('extract', hostvars, ['ansible_eth1', 'ipv4', 'address'])|list }}"
# Iterate through dict, reject empty values
nsq_nsqd_opts: "{% for key, value in nsq_nsqd.iteritems() if value is not none %}-{{ key | replace('_', '-') }}=\"{{ value }}\" {% endfor %}"
View github-knownhost.yml
- name: Tell the host about our servers it might want to ssh to
known_hosts:
path: '/etc/ssh/ssh_known_hosts'
name: 'github.com'
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa github.com') }}"
View elastic_beanstalk_external_sessions.md

Session Management in an Autoscaling Environment

Problem Statement

User sessions in J2EE and LAMP stacks have traditionally been handled in memory by the application server handling the user request. Because of that, load balancers have been configured to use sticky sessions. By sticky sessions we mean that once the user has visited the site, they will be assigned an app server and will return to that server for subsequent requests. The load balancers typically handle that by referencing the users session cookie.

Elastic cloud environments differ from traditional server configurations in that they have a variable number of servers based on traffic loads whereas traditional configurations had a fixed number of servers. When traffic volumes decline it is necessary to vaporize servers. In doing so, we would lose user sessions (essentially forcing a logout) unless we come up with a new strategy for session management.

A new approach

After much research, it is clear that the best

View gist:6b9909cfba52ac066512ba5d1c1a1080
# files/env:
Defaults env_keep += "SSH_AUTH_SOCK"
# tasks/main.yml
- name: ensure sudo keeps SSH_AUTH_SOCK in environment
copy: src=env
dest=/etc/sudoers.d/env
mode=0440
owner=root
group=root
View ansible-tips.yml
---
- name: Ansible tips
connection: local
hosts: localhost
tasks:
- name: Ping only if OSX
ping:
when: "{{ lookup('pipe', 'uname -s') | match('Darwin') }}"
View user-data.sh
#!/bin/bash
apt-get update
apt-get install -y libffi-dev g++ libssl-dev python-pip python-dev git
pip install -U awscli ansible setuptools
aws s3 cp s3://tendo-github-key-s3/git-private-key /root/.ssh/bitbucket_secret_key
chmod 400 /root/.ssh/bitbucket_secret_key
View s3-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::tendo-github-key-s3"