lusis

Proxying puppetforge requests with Artifactory and Nginx

We have two goals:

• Ensure that we have local deterministic cache of puppet modules pulled from the forge
• Force all server requests to go through artifactory where possible

Artifactory configuration

We're going to use a remote repo type of generic pointing to forgeapi.puppetlabs.com. The json in this gist should provide the relevant information.

nginx configuration

lusis

require 'spec_helper_acceptance'

describe 'nginx' do
	context 'default' do
		pp = <<-EOS
		include stdlib

		include nginx
		EOS

lusis

• install gcalcli and connect it up to your account (gcalcli agenda after install should start the auth process)
• write the python file above to somewhere (I use ~/.i3/cal_wrapper.py)
• setup your ~/.i3/config with the status_command above
• reload i3

optional

I added the following cron entry to alert via notify-send and dunst gives me warnings */5 * * * * gcalcli remind

lusis

This is a copy/paste from an internal wiki on how we should use docker

This guide is to serve as an outline of internal best practices to using Docker. The idea is to give enough information to allow engineers to create containers for new stack components while minimizing the cleanup required to make them production ready.

Concepts

Before we get to the practices, it's important to understand WHY we are doing this. The key concepts we're concerned about with broad Docker usage are provenance, determinism, repeatability and auditability.

Provenance

Provenance refers to knowing WHERE something comes from. Generally with the end use of software, this is easy:

• Maven artifacts are pulled from central

lusis

output "s3.bucket_name" {
	value = "${aws_s3_bucket.stormpath-bucket.id}"
}

lusis

#!/bin/bash
KEYPATH=$1
shift
JUMPUSER=$1
shift
JUMPHOST=$1
shift
JUMPKEY=$1
shift
REALUSER=$1

lusis

aws ec2 describe-instances  | jq -r '.Reservations[].Instances[] | select(.State.Name |contains("running")) | select(.Tags != null) | (.Tags | from_entries) as $tags | [.PrivateIpAddress,$tags.Name,.KeyName] | @tsv'

lusis

module "rds" {
	source = "<module-source containing with ref>"
	multi_az = "${var.rds_multi_az}"
	spath_db_instance_class = "${var.rds_instance_type}"
	spath_orgname = "${var.orgname}"
	iam_rds_user = "${var.iam_rds_user}"
	iam_rds_password = "${var.iam_rds_password}"
	spath_rds_sg_id = "${module.vpc.default_sg_id}"
	spath_rds_private_subnet_a_id = "${module.vpc.private_subnet_a_id}"

lusis

» for i in `host keys.gnupg.net | grep "has address" | awk -F" " '{ print $4 }'`; do printf -- "ip: $i is match? "; curl -L -q -s -H "Host: pool.sks-keyservers.net" http://$i | html2text | grep -q -i openpgp; if [[ $? -eq 0 ]]; then echo "yes"; else echo "no"; fi; done
ip: 204.61.209.238 is match? no
ip: 46.229.47.139 is match? yes
ip: 66.109.111.12 is match? yes
ip: 67.205.56.66 is match? no
ip: 68.187.0.77 is match? yes
ip: 78.157.209.9 is match? yes
ip: 84.200.66.125 is match? yes
ip: 91.189.90.55 is match? yes
ip: 93.94.119.246 is match? no

lusis

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "title": "loggly-webhook-model",
  "type": "object",
  "properties": {
    "alert_name": {"type":"string"},
    "alert_description":{"type":"string"},
    "edit_alert_link":{"type":"string"},
    "source_group":{"type":"string"},
    "start_time":{"type":"string"},