mmastoras

// get journal logs from systemd services
# journalctl -u <service name>.service
# journalctl -u <service name>.service -n 100 --no-pager

mmastoras

knife supermarket search openssh
knife supermarket download openssh
tar -xzvf openssh-2.10.3.tar.gz
knife supermarket download iptables
tar -xzvf iptables-8.0.0.tar.gz
knife cookbook upload iptables
knife cookbook upload openssh

mmastoras

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096

mmastoras

      #!/bin/bash
      
      wget -O ~/.ssh/devops_id_rsa ${DEVOPS_SSH_PRIVATE_KEY} > /dev/null 2>&1 && chmod 0600 ~/.ssh/devops_id_rsa

      # get bastion IPs
      scratch_ip=$(aws ec2 describe-instances --region "us-west-2" --filters "Name=tag:Name,Values=reputedly-scratch" --query 'Reservations[*].Instances[*].[PrivateIpAddress]' --output text)
      orange_ip_list=$(aws ec2 describe-instances --region "us-west-2" --filters "Name=tag:Type,Values=orange" --query 'Reservations[*].Instances[*].[PrivateIpAddress]' --output text)

      SAVEIFS=$IFS   # Save current IFS
      IFS=$'\n'      # Change IFS to new line

mmastoras

$ influx -ssl -host <host> -port <port>

# select database
> use <database name>

# set time format
> precision rfc3339

# show all measurements
> show measurements

mmastoras

FROM openjdk:8-jre-slim
ARG GPG_KEY=3F7A1D16FA4217B1DC75E1C9FFE35B7F15DFA1BA
ARG SHORT_DISTRO_NAME=zookeeper-3.5.5
ARG DISTRO_NAME=apache-zookeeper-3.5.5-bin
ARG CONSUL_VERSION=1.5.3
ARG CONSUL_TEMPLATE_VERSION=0.20.1
ARG OPENSSL_VERSION=1.1.1c
ENV ZOO_CONF_DIR=/conf \
    ZOO_DATA_DIR=/data \
    ZOO_DATA_LOG_DIR=/datalog \

mmastoras

# Used by hashicorp
FROM debian:buster-slim
ARG CONSUL_VERSION=1.6.2
ARG VAULT_VERSION=1.3.2
ENV BIN_DIR=/bin
# Install required packages
RUN set -eux && \
    apt-get update && \
    DEBIAN_FRONTEND=noninteractive \

mmastoras

## start kafka-zookeeper cluster
$ nomad job run -no-color kafka-zookeeper.nomad
$ nomad job status -no-color kafka-zookeeper # verify allocations (containers) are running

## wait 30 seconds for kafka-zookeeper to discover and start kafka-brokers
$ nomad job run -no-color kafka-broker.nomad
$ nomad job status -no-color kafka-broker # verify allocations (containers) are running

## verify zookeeper cluster is up
run the following against each node to verify it is either a leader or follower, pull ip ports from kafka-zookeper-client service in consul

mmastoras

docker-entrypoint.sh
```
# create truststore and keystore from pem files if they exist
if [ -f "$ZOO_CONF_DIR/ssl/root-int-ca.pem" ] && [ -f "$ZOO_CONF_DIR/ssl/node.pem"]; then
  # create truststore jks
  truststore_password="$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 12 | head -n 1)"
  echo $truststore_password > $TRUSTSTORE_WORKING_DIRECTORY/truststore_password.txt
  keytool -import -alias root-int-ca -trustcacerts -file $ZOO_CONF_DIR/ssl/root-int-ca.pem \
    -keystore $ZOO_CONF_DIR/ssl/kafka-truststore.jks -storepass $truststore_password

mmastoras

# the "-" are important as the prevent go for placing LF, which will mess up the binary files
template {
        destination = "local/conf/ssl/keystore_decoded.jks"
        change_mode = "noop"
        data =<<EOF
{{ $mtls_path := env "NOMAD_META_mtls_path" -}}
{{ with secret (printf "%s" $mtls_path) }}{{.Data.keystore | base64Decode }}{{ end -}}
EOF
}