jbontech

#!/bin/bash

# exit when the command fails
set -o errexit;

# exit when try to use undeclared var
set -o nounset;

accessKeyToSearch=${1?"Usage: bash $0 AccessKeyId"}

jbontech

#use libvirt
ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
VMCOUNT = (ENV['VMCOUNT'] || 1).to_i

VAGRANTFILE_API_VERSION = "2"
Vagrant.require_version ">= 1.5.0"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|

  config.vm.box = "virtualbox"

jbontech

#!/usr/bin/env bash
#title          : updateSonarProps.sh
#description    :
# This script parses the project's name and version from its package.json and automagically 
# updates the version and package name in the SonarQube configuration properties file.
# It can be used as a pre step before running the sonar-scanner command
# It also creates a backup of the props file with suffix *.bak
#prerequisites  : NodeJS based project with package.json, sonar*.properties file in the cwd
#author         : Christian-André Giehl <christian@emailbrief.de>
#date           : 20180220

jbontech

# Install Vagrant and virsh command
dnf install -y libvirt-client vagrant-hostmanager vagrant-libvirt


# Allow to manage VMs via libvirt remotely (using TCP connection)
cat >> /etc/libvirt/libvirtd.conf << EOF
listen_tls = 0
listen_tcp = 1
listen_addr = "0.0.0.0"
auth_tcp = "none"

jbontech

L0 = bare metal machine
L1 = VM on bare metal
L2 = VM on VM

First, ensure virtualization is enabled on L0 as described here: https://docs.fedoraproject.org/en-US/quick-docs/using-nested-virtualization-in-kvm/#proc_enabling-nested-virtualization-in-kvm

Next, launch L1 with the following Vagrant config (or an equivalent directly on the hypervisor):

Vagrant.configure("2") do |config|
  config.vm.box = "generic/ubuntu1604"

jbontech

Dockerfile

FROM ubuntu:18.04
RUN apt-get update -y && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils vagrant && \
    apt-get autoclean && \
    apt-get autoremove && \
    vagrant plugin install vagrant-libvirt
COPY startup.sh /
ENTRYPOINT ["/startup.sh" ]

jbontech

• Awesome Sysadmin
  • Automation
  • Backups
  • Build and software organization tools
  • ChatOps
  • Client Management
  • Cloning
  • Cloud Computing
  • Cloud Orchestration
• Cloud Storage

jbontech

Install Vagrant

sudo su
apt-get update && apt-get install -y libvirt-dev ruby-all-dev apparmor-utils
curl -O -L https://dl.bintray.com/mitchellh/vagrant/vagrant_1.6.5_x86_64.deb
dpkg -i vagrant_1.6.5_x86_64.deb 
aa-complain /usr/lib/libvirt/virt-aa-helper # workaround
exit

Install vagrant-kvm as user

jbontech

# -*- mode: ruby -*-
# vi: set ft=ruby :
#
Vagrant.configure(2) do |config|

  # This is an image of Ubuntu 14.04 LTS with libvirt support
  config.vm.box = "baremettle/ubuntu-14.04"
  config.vm.provision :shell, path: "provision.sh"

  # config.vm.synced_folder "../data", "/vagrant_data"

jbontech

Overview

This gist provides a quick overview of deploying SSL certificates to servers using Salt. I use a wildcard certificate for our domain, which makes management easier.

Quick Start

1. Start with pillar_ssl-certificate.sls, which should be populated with your certificates and placed in Salt's pillar_roots directory (typically /srv/pillar).
2. Place state_ssl-certificate.sls in Salt's file_roots directory (typically /srv/salt).
3. Include the contents of top.sls in both the pillar and state top.sls file. (Modify for your minion IDs of course.)

Details

Use pillars to distribute sensitive data, such as SSL certificates. Accoring to the [Salt Pillar Walkthrough][2]:

Information transferred via pillar is guaranteed to only be presented to the minions that are targeted, making Pillar suitable for managing security information, such as cryptographic keys and passwords.