Skip to content

Instantly share code, notes, and snippets.

View dmc5179's full-sized avatar

Dan Clark dmc5179

46 followers · 8 following
  • Red Hat
View GitHub Profile
@dmc5179
dmc5179 / nginx_stig.sh
Created February 22, 2024 01:03
NGINX STIG Check
#!/bin/bash
DETAILS=$(nginx -V 2>&1)
# 2.1.1 Ensure only required modules are installed (Manual)
#echo $DETAILS
# 2.1.2 Ensure HTTP WebDAV module is not installed (Automated)
echo -n '2.1.2: '
if [[ $DETAILS =~ 'http_dav_module' ]]; then echo 'fail'; else echo 'pass'; fi
@dmc5179
dmc5179 / Dockerfile
Created December 14, 2023 20:55
IBM RTC SCM CLI
FROM registry.access.redhat.com/ubi9
MAINTAINER Dan Clark <danclark@redhat.com>
LABEL description="IBM RTC SCM CLI"
COPY EWM-scmTools-Linux64-7.0.3.zip /usr/local
RUN dnf -y update && \
dnf -y install unzip && \
dnf clean all && \
pushd /usr/local && \
@dmc5179
dmc5179 / imageset-config.yaml
Created March 30, 2023 17:05
Basic oc-mirror imageset-config.yaml for mirroring OpenShift platform content
apiVersion: mirror.openshift.io/v1alpha2
kind: ImageSetConfiguration
archiveSize: 2
storageConfig:
local:
path: /opt/data/mirror
mirror:
platform:
channels:
- name: stable-4.10
@dmc5179
dmc5179 / openshift_haproxy.cfg
Created March 30, 2023 16:57
HAProxy config used with OpenShift 4 Bare Metal Clusters
global
log /dev/log local0
log /dev/log local1 notice
stats socket /var/lib/haproxy/stats level admin
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
@dmc5179
dmc5179 / azure_setup.sh
Created March 7, 2023 20:49
Script to configure an Azure account for OpenShift 4 Deployment
#!/bin/bash
az login
az account set --subscription "Azure subscription 1"
az account show
OCP_TENANT_ID=$(az account show --query tenantId -o tsv)
echo $OCP_TENANT_ID
OCP_SUBSCRIPTION_ID=$(az account show --query id -o tsv)
echo $OCP_SUBSCRIPTION_ID
PREFIX=$SUBSCRIPTION_CODE-ocp-dev
@dmc5179
dmc5179 / operator_cve_scanner.sh
Last active February 3, 2023 14:47
Script to generate an ACS CVE report on all images required for a specific operator and version of that operator. Requires oc-mirror and access to an ACS cluster
#!/bin/bash
# Tool to generate an ACS scan of container images needed for any particular operator/version
# Requires a running ACS system.
OC_MIRROR="${OC_MIRROR:-oc-mirror}"
OCP_VERSION="${OCP_VERSION:-4.11}"
OPERATOR_CATALOG="${OPERATOR_CATALOG:-registry.redhat.io/redhat/redhat-operator-index}"
OPERATOR="${OPERATOR:-compliance-operator}"
#OPERATOR_CHANNEL=""
@dmc5179
dmc5179 / gist:09d8b50af8567d3b68ce660d387a07d1
Created November 8, 2022 14:36
Script to pull the list of container images that are part of the OpenShift 4 Samples Operator
#!/bin/bash -xe
REGEX="registry.redhat.io|registry.access.redhat.com|quay.io"
OCP_VER="4.11.13"
CONT_NAME="samples_export"
IMG=$(curl -s https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/${OCP_VER}/release.txt | grep cluster-samples-operator | awk '{print $2}')
@dmc5179
dmc5179 / prometheus_query.sh
Created September 2, 2022 23:31
OpenShift 4 Prometheus time series query
QUERY="kube_pod_status_phase{phase='Running'}"
HEADER="Authorization: Bearer sha256~....."
API="https://prometheus-k8s-openshift-monitoring.apps.ocp4.something.io/api/v1/query_range?query"
START="2022-09-02T19:10:30.781Z"
END="2022-09-02T19:11:30.781Z"
STEP="15s"
rawurlencode_vladr() {
local LANG=C
local IFS=
@dmc5179
dmc5179 / openshift-api-example.md
Created January 22, 2022 17:05
Calling the OpenShift API from inside a pod
  • Create a user for the pods that will call the OpenShift API
oc create sa rest-api-user
  • Assign the user privileges. Note: This is an example, a lesser set of permissions should be used where possible
oc policy add-role-to-user admin -z rest-api-edit
@dmc5179
dmc5179 / source-strategy.yaml
Created August 4, 2021 10:05
OpenShift 4 Build Config using the Source Strategy
---
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
name: myapp
namespace: mynamespace
spec: {}
---
apiVersion: build.openshift.io/v1