I hereby claim:
-
I am devops-rob on github.
-
I am devopsrob (https://keybase.io/devopsrob) on keybase.
-
I have a public key ASBbGv8RQlAmaJ8xIoDtjNtcxKgdCvQuozoR11XAU5jZ_Qo
devops-rob
/ azurerm_role_assignment_error.txt
Created
August 20, 2020 15:54
Error debug output from terraform plan. Subscription IDs have been anonymised
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Refreshing Terraform state in-memory prior to plan... | |
| The refreshed state will be used to calculate this plan, but will not be | |
| persisted to local or remote state storage. | |
| data.azurerm_subscription.current: Refreshing state... | |
| data.azurerm_role_definition.contributor: Refreshing state... | |
| azurerm_resource_group.main: Refreshing state... [id=/subscriptions/00000000-0000-0000-0000-0000000000/resourceGroups/packer-resources] | |
| azurerm_resource_group.demo-packer-rg: Refreshing state... [id=/subscriptions/00000000-0000-0000-0000-0000000000/resourceGroups/demo-packer-rg] | |
| azurerm_virtual_network.main: Refreshing state... [id=/subscriptions/00000000-0000-0000-0000-0000000000/resourceGroups/packer-resources/providers/Microsoft.Network/virtualNetworks/packer-network] | |
| azurerm_public_ip.packer: Refreshing state... [id=/subscriptions/00000000-0000-0000-0000-0000000000/resourceGroups/packer-resources/providers/Microsoft.Network/publicIPAddresses/packer] |
devops-rob
/ Packer consul.json
Created
May 26, 2020 20:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "variables": { | |
| "image_version": "1.0.0", | |
| "consul_version": "1.2.3", | |
| "cost_centre": "OII", | |
| "vm_size": "Standard_D2_v3" | |
| }, | |
| "builders": [ | |
| { | |
| "type": "azure-arm", |
devops-rob
/ Cconsul_acl_token_privisoner.sh
Created
October 24, 2019 14:31
This script creates a botstrap acl token, then creates a policy for both agent tokens and vault client tokens, then finaly the tokns respectively
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export CONSUL_HTTP_ADDR=https://10.201.44.11:8501 | |
| export CONSUL_CACERT=/etc/consul.d/tls/consul-agent-ca.pem | |
| export CONSUL_CLIENT_CERT=/etc/consul.d/tls/dc1-cli-consul-0.pem | |
| export CONSUL_CLIENT_KEY=/etc/consul.d/tls/dc1-cli-consul-0-key.pem | |
| AGENT_POLICY_NAME="agent-acl-policy" | |
| CLIENT_POLICY_TOKEN="vault-acl-policy" |
devops-rob
/ Keybase.md
Created
October 17, 2019 14:33
devops-rob
/ vault_bootstrap_centos.sh
Last active
August 21, 2020 13:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| declare -a packages=("wget" "setroubleshoot-server" "selinux-policy-devel" "unzip" "openssl" "openssl-devel") | |
| function packagereqchecker { | |
| for app in "${packages[@]}"; | |
| do | |
| echo $app | |
| if yum list installed $app 2>&1 > /dev/null; | |
| then |
devops-rob
/ consul_bootstrap_centos.sh
Last active
August 30, 2019 09:41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| function packagereqchecker { | |
| declare -a packages=("wget" "setroubleshoot-server" "selinux-policy-devel" "unzip") | |
| for app in "${packages[@]}"; | |
| do | |
| echo $app | |
| if yum list installed $app 2>&1 > /dev/null; | |
| then |
devops-rob
/ ansible-secret-retrival-from-hvault.yaml
Created
July 30, 2019 09:00
SImple ansible playbook to demonstrate pulling secrets from Hashicorp Vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # simple playbook to demonstrate ansible reading a KV secret from hashicorp vault | |
| # the following environment variables need to be set for ansible to authenticate with Vault | |
| # | |
| # export VAULT_ADDR=http://127.0.0.1:8200 | |
| # export VAULT_SKIP_VERIFY=true | |
| # export VAULT_AUTHTYPE=token | |
| # | |
| # A secret will need to be put in the demo/test1 path under the KV secrets engine |
devops-rob
/ custom-azure-role-for-vault.sh
Created
July 24, 2019 10:56
Create an open custom role for hashicorp vault to consume
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export SUBSCRIPTION_ID= | |
| az role definition create --role-definition=<<EOF | |
| { | |
| "Name": "vault-admin", | |
| "IsCustom": true, | |
| "Description": "role for vault to create service principals.", |
devops-rob
/ azure-secrets-engine-config.sh
Created
July 24, 2019 10:44
Enable and configure azure secrets backend for gashicorp vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ## | |
| export AZURE_SUBSCRIPTION_ID= | |
| export AZURE_TENANT_ID= | |
| export AZURE_CLIENT_ID= | |
| export AZURE_CLIENT_SECRET= | |
| export ROLE_NAME=spike | |
| ## | |
| vault secrets enable azure |
devops-rob
/ Consul-backend-azure-unseal.hcl
Last active
July 19, 2019 12:58
Simple Vault config for consul backend and auto-unsealing using azure key vault
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| listener "tcp" { | |
| address = "0.0.0.0:8200" | |
| tls_disable = 1 # TLS will need to be enabled for production | |
| tls_min_version = "tls12" | |
| } | |
| storage "consul" { | |
| address = "consul:8500" | |
| path = "vault" | |
| service = "vault" | |
| scheme = "http" |
NewerOlder