Skip to content

Instantly share code, notes, and snippets.

View cdelashmutt-pivotal's full-sized avatar

Chris DeLashmutt cdelashmutt-pivotal

View GitHub Profile
@cdelashmutt-pivotal
cdelashmutt-pivotal / extract-defaults.rb
Last active August 29, 2015 14:20
Extract all defaults from PCF product metadata
require 'yaml'
data_hash = YAML.load_file(ARGV[0])
data_hash["job_types"].each { |job|
job_name = job["name"]
resource_hash = {}
job["resource_definitions"].each { |resdef|
resource_hash[resdef["name"]] = resdef["default"]
}
print job_name, resource_hash
#!/bin/sh
# Example of how to run a single errand in BOSH
# Password is what you set in the web UI when you first set up Ops Manager
ssh tempest@<ops-man-vm-ip>
cd /var/tempest/workspaces/default/deployments
# The actual file you use below depends on the product you want to target
# (usually the Elastic Runtime), and the number of times you have installed.
@cdelashmutt-pivotal
cdelashmutt-pivotal / Jenkins-CF-Zero-Downtime-Push
Last active July 19, 2018 20:45
Jenkins Zero downtime CF Push
PLATFORM='unknown'
UNAMESTR=`uname`
if [[ "$UNAMESTR" == 'Darwin' ]]; then
platform='Mac'
fi
CF_USER="payment-services"
CF_ORG="payment-services"
CF_SPACE="danger zone"
CF_DOMAIN="apps-np.homedepot.com"
@cdelashmutt-pivotal
cdelashmutt-pivotal / AppInitializer.java
Created July 23, 2015 18:23
WebApplicationInitializer example
package io.pivotal.demo.slimwebsocket;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
public class AppInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
protected Class<?>[] getRootConfigClasses() { return new Class[] {AppConfig.class};}
protected Class<?>[] getServletConfigClasses() { return new Class[] {WebConfig.class, WebSocketConfig.class};}
@cdelashmutt-pivotal
cdelashmutt-pivotal / rulebase.yml
Last active October 10, 2016 18:50
Notional Rulebase config file?
---
- "Web Profile":
app_type: java
file_type: config
refactor_rating: 0
description: "Web application config file"
files:
- "persistence.xml": { description: "JPA based ORM" }
- "web.xml"
- "applicationContext.xml": { description: "Spring application config file" }
@cdelashmutt-pivotal
cdelashmutt-pivotal / Vagrantfile
Created February 20, 2017 22:10
PCFDev-v0.24+PCF1.9.0 Windows Cell
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Get the IP of the PCF Dev instance and put the Windows cell on the same subnet
# PCFDev creates a host only network in a predictable pattern
subnet = `vboxmanage list hostonlyifs`.split("\n").select { |i| i.start_with?('Name') }.map { |i| i.split(' ')[1] }.sort.reverse![0][7].to_i * 11 + 11
pcfdev_public_ip = ENV['PCFDEV_IP'] || "192.168.#{subnet}.11"
wincell_public_ip = ENV['WIN_PCFDEV_IP'] || "#{pcfdev_public_ip}1"
# Configure the PCFDev instance to support a Windows cell
@cdelashmutt-pivotal
cdelashmutt-pivotal / get-props.sh
Last active July 10, 2018 18:48
OpsMan API Call to convert retrieved properties on a staged time to the format needed for setting those properties
#!/bin/bash
opsman_host_or_ip=YOUR_OPSMAN_IP_OR_HOSTNAME
uaac target "https://$opsman_host_or_ip/uaa" --skip-ssl-validation
uaac token owner get opsman <OPS-MAN-ADMIN-USER>
#Client secret: JUST_PRESS_ENTER
#Password: YOUR_PASSWORD_HERE
access_token=$(uaac context | grep access_token | tr -d " " | cut -d ':' -f 2)
@cdelashmutt-pivotal
cdelashmutt-pivotal / ISTIO 1.4 on PKS with PSPs.md
Last active December 5, 2019 23:41 — forked from svrc/ISTIO 1.4 on PKS with PSPs.md
Installing Istio 1.4 on PKS with restrictive Pod Security Policy

What does this GIST do or not do

  1. Shows you how to use Istio 1.4 on Kubernetes 1.14+ with a modicum of runtime security for your workloads.
  2. Specifically it installs Istio with CNI support, and allows the use of restrictive PodSecurityPolicies for your workloads.
  3. It is designed for VMware PKS, but doesn't require it ... (just change the CNI bin dir and excluded namespaces in values-cni.yml, also swap the ClusterRole pks-privileged and pks-restricted mentioned throughout these files with your own PSP roles).
  4. It doesn't fix the need for Istio itself to run as root, but that should be fixed in a future Istio release as it's already fixed in trunk.

Prerequisites

  1. You are logged into your cluster as a cluster admin, K8s 1.14 at least
$(om -t <opsman-host> -u <admin-user> -p <admin-password> curl -s --path /api/v0/deployed/director/manifest | convertfrom-json | select -expand instance_groups | where {$_.name -eq 'bosh'} | select -expand properties | select -expand director | select -expand trusted_certs).Trim() -split '(?<!^)(?=-----BEGIN CERTIFICATE-----)' | where {$_ -ne ''} | foreach {$i=0} { $i++; $certArray = $_.Trim() -split '\n'; $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate; $cert.Import([System.Convert]::FromBase64String(-join $certArray[1..($certArray.Length-2)])); Write-Host "Cert[$i]: $($cert.Subject) - $($cert.GetExpirationDateString())" }
@cdelashmutt-pivotal
cdelashmutt-pivotal / Create-OpenSSHPubAndPrivateKeys.ps1
Created June 26, 2020 15:21
Generate OpenSSH compatible public and private key files in Powershell
<#
.SYNOPSIS
Create an OpenSSH compatible Public and Private Key in pure Powershell
.DESCRIPTION
Many scripts rely on the openssh or openssl tools to be available to generate public and private keys compatible with OpenSSH, but this script relies purely on Powershell (and some .NET classes already included) to generate public and private keys.
.EXAMPLE
PS /git/scripts> ./Create-OpenSSHPubAndPrivateKeys.ps1 -PublicKeyPath my-key.pub -PrivateKeyPath my-key
.LINK
mailto:grog@grogscave.net
#>