| BU_NAME='The Awesome Group!' | |
| NODE_COUNT="$(/path/to/chef-repo/knife exec -E "puts api.get('/nodes').size")" | |
| MONTH="$(date +%B)" | |
| YEAR="$(date +%Y)" | |
| MAIL_URL="https://api.sendgrid.com/v3/mail/send" | |
| HEADER="Authorization: Bearer My-Super-Secret-Token" | |
| HEADER2="Content-Type: application/json" | |
| EMAIL_TO='name@example.com' | |
| EMAIL_FROM='name@example.com' | |
| EMAIL_SUBJECT="Chef Server Node Count for ${BU_NAME}" |
| #### Install Automate Server ### | |
| # Set up pre-reqs | |
| sysctl -w vm.max_map_count=262144 | |
| sysctl -w vm.dirty_expire_centisecs=20000 | |
| # Make them permenant | |
| vi /etc/sysctl.conf | |
| vm.max_map_count=262144 |
Simple example of pushing the Chef Environment name over to Inspec
Control:
title 'Forwarders'
environments = yaml(content: inspec.profile.file('forwarders.yml')).params
chef_environment = attribute('chef_environment', description: 'The chef environment for the node', default: 'nope')
PowerShell hack to reformat webhook payload from GitHub to MS Teams. I run it as an Azure Function. This same concept will also work for other applications that send complex payloads via webhook.
Github Webhook -> Azure Function -> MS Teams Webhook.
# Accept the data from the incoming webhook.
param (
[object]$WebhookData
)
| # Get a list of all the available subscriptions | |
| az account list | |
| # Output | |
| # | |
| #[ | |
| # { | |
| # "cloudName": "AzureCloud", | |
| # "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" <- Subscription ID | |
| # "isDefault": true, |
| az vm create -n hostname -g rgname --public-ip-address-allocation dynamic --image UbuntuLTS --size Standard_D4s_v3 --nsg nsgname --admin-username admin --admin-password password |
| # Make temp config.rb so we can ignore any ssl errors | |
| echo "ssl_verify_mode :verify_none" > temp_config.rb | |
| # Pull a list of all the orgs on the server | |
| # then loop through each one and make an api call to get the node count | |
| chef-server-ctl org-list -a | while read -r org ; do | |
| echo "Attempting to connect to the $org organization." | |
| /opt/opscode/embedded/bin/knife exec -E "puts api.get('/nodes').size" -s https://127.0.0.1/organizations/$org -u pivotal -k /etc/opscode/pivotal.pem --config temp_config.rb | |
| done |
| current_dir = File.dirname(__FILE__) | |
| log_level :info | |
| log_location STDOUT | |
| node_name "YOUR_CHEF_SERVER_USERNAME" | |
| client_key "#{current_dir}/#{node_name}.pem" | |
| chef_server_url "https://CHEF_SERVER_FQDN/organizations/CHEF_ORG_SHORT_NAME" | |
| cookbook_path ["#{current_dir}/../cookbooks"] | |
| #ssl_verify_mode :verify_none |
| # List of namespaces to exclude | |
| excludedNamespaces = {"good", "ok"} | |
| imageSafety[decision] { | |
| # This rule compares the namespace from the admission controller | |
| # to the list of namespaces above | |
| not excludedNamespaces[input.request.namespace] | |
| data.library.v1.kubernetes.admission.workload.v1.block_latest_image_tag[message] | |
| decision := { |
| # List of namespaces to exclude | |
| excludedNamespaces = {"good", "ok"} | |
| imageSafety[decision] { | |
| # This rule compares the namespace from the admission controller | |
| # to the list of namespaces above | |
| not excludedNamespaces[input.request.namespace] | |
| data.library.v1.kubernetes.admission.workload.v1.block_latest_image_tag[message] | |
| decision := { |