View ec2_cloud.groovy
/*
* Configure the Jenkins EC2 Plugin via Groovy Script
* EC2 Plugin URL: https://wiki.jenkins-ci.org/display/JENKINS/Amazon+EC2+Plugin
*/
import hudson.model.*
import jenkins.model.*
import hudson.plugins.ec2.*
import com.amazonaws.services.ec2.model.InstanceType
View nodejs-installers.groovy
import jenkins.model.*
import hudson.model.*
import jenkins.plugins.nodejs.tools.*
import hudson.tools.*
def inst = Jenkins.getInstance()
def desc = inst.getDescriptor("jenkins.plugins.nodejs.tools.NodeJSInstallation")
def versions = [
View snapshots.py
import re
import boto3
import csv
from botocore.exceptions import ClientError
ec2 = boto3.client('ec2')
def get_snapshots():
return ec2.describe_snapshots(OwnerIds=['self'])['Snapshots']
View info.md

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.

View info.md

RDS Production Termination Protection

Create a policy like this, substituting your AWS account number, then attach it to all groups and roles. It will prevent deletion of RDS instances containing the string "prod" in their name.

Note: This is intended to prevent accidental deletion, and is easily sidestepped.

View changepassword.sh.j2
#!/usr/bin/expect
set timeout -1;
spawn {{django_dir}}/venv/bin/python manage.py changepassword {{admin_user}};
expect {
"Password:" { exp_send "{{admin_pass}}\r" ; exp_continue }
"Password (again):" { exp_send "{{admin_pass}}\r" ; exp_continue }
eof
}
View ansible.yml
# Extracting all ips from defined group
ips: "{{ groups['webservers']|map('extract', hostvars, ['ansible_eth1', 'ipv4', 'address'])|list }}"
# Iterate through dict, reject empty values
nsq_nsqd_opts: "{% for key, value in nsq_nsqd.iteritems() if value is not none %}-{{ key | replace('_', '-') }}=\"{{ value }}\" {% endfor %}"
View github-knownhost.yml
- name: Tell the host about our servers it might want to ssh to
known_hosts:
path: '/etc/ssh/ssh_known_hosts'
name: 'github.com'
key: "{{ lookup('pipe', 'ssh-keyscan -t rsa github.com') }}"
View elastic_beanstalk_external_sessions.md

Session Management in an Autoscaling Environment

Problem Statement

User sessions in J2EE and LAMP stacks have traditionally been handled in memory by the application server handling the user request. Because of that, load balancers have been configured to use sticky sessions. By sticky sessions we mean that once the user has visited the site, they will be assigned an app server and will return to that server for subsequent requests. The load balancers typically handle that by referencing the users session cookie.

Elastic cloud environments differ from traditional server configurations in that they have a variable number of servers based on traffic loads whereas traditional configurations had a fixed number of servers. When traffic volumes decline it is necessary to vaporize servers. In doing so, we would lose user sessions (essentially forcing a logout) unless we come up with a new strategy for session management.

A new approach

After much research, it is clear that the best

View gist:6b9909cfba52ac066512ba5d1c1a1080
# files/env:
Defaults env_keep += "SSH_AUTH_SOCK"
# tasks/main.yml
- name: ensure sudo keeps SSH_AUTH_SOCK in environment
copy: src=env
dest=/etc/sudoers.d/env
mode=0440
owner=root
group=root