niedbalski

1. Set Up an OIDC Identity Provider in AWS
Create an OIDC Identity Provider in AWS IAM:
Navigate to the IAM section in the AWS Management Console.
Choose "Identity Providers," then "Create Provider."
Select "OpenID Connect" as the provider type.
For the provider URL, you need the OIDC discovery endpoint URL from your k3s cluster. This URL is typically obtained from your Kubernetes cluster's API server configuration.
Add the thumbprint of the OIDC provider's SSL certificate.

2. Configure k3s for OIDC
Configure k3s with OIDC Details:

niedbalski

function forward_lookup(hostname)
  local ip = ""
  local success, socket = pcall(require, "socket")
  if success then
    ip = socket.dns.toip(hostname)
  end
  print(ip, success, socket)
  return ip
end

niedbalski

// File autogenerated with github.com/calyptia/config-validator-api/tools
// Don't edit manually.

package main

type ConfigMapOptsT map[string]map[string][]string

var ConfigMapOpts = ConfigMapOptsT{
	"input": {
		"thermal": []string{

niedbalski

import:
  - https://raw.githubusercontent.com/niedbalski/repeat/master/collections/netstat.yaml
  - https://raw.githubusercontent.com/niedbalski/repeat/master/collections/sockstat.yaml
  - https://raw.githubusercontent.com/niedbalski/repeat/master/collections/lxc.yaml
collections:
#  sar:
#    run-once: true
#    exit-codes: 0 127 126
#    script: |
#      #!/bin/bash

niedbalski

#!/bin/bash
set -x
time mysql -ukeystone_admin -pYourPassHERE -hYourHostHERE <<EOF
use keystone;
drop table if exists temp_tokens;
create table temp_tokens
    as (select * from token where expires >= NOW());
select count(*) from temp_tokens;
truncate table token;
insert into token select * from temp_tokens;

niedbalski

#!/bin/bash
# Displays running processes in descending order of OOM score
printf 'PID\tOOM Score\tOOM Adj\tCommand\n'
while read -r pid comm; do [ -f /proc/$pid/oom_score ] && [ $(cat /proc/$pid/oom_score) != 0 ] && printf '%d\t%d\t\t%d\t%s\n' "$pid" "$(cat /proc/$pid/oom_score)" "$(cat /proc/$pid/oom_score_adj)" "$comm"; done < <(ps -e -o pid= -o comm=) | sort -k 2nr

niedbalski

# curl https://gist.github.com/niedbalski/a6511e9bd3b6c674d9eb767211e5ccf3/raw/1909e266dcf5dc15ee43deef471f87b209d1ce7c/juju-pwhash
# p=$(openssl rand -hex 12) && printf "agent.conf=%s\nmongodb=%s\n" $p $(./juju-pwhash -p ${p})
agent.conf=2c0bdfcd9f61d5248005ff71
mongodb=9DYXMt1+hfklY2NiFcw2Y5dF

edit the agent.conf of the unit manually and change apipassword to ^^ agent.conf.

$ juju ssh -m controller 0
$ sudo su
# source <(curl -s https://gist.githubusercontent.com/msplival/b479edf76c4f9d1dda7a69e3addab6f5/raw/1d10eea9f0d1b459ee1fe4108cf9217eb3a46b5c/dialmgo-bionic)

niedbalski

niedbalski

# for juju on xenial
cat << EOF > /tmp/a.js
db = db.getSiblingDB('juju');
var collectionNames = db.getCollectionNames(), stats = [];
collectionNames.forEach(function (n) { stats.push(db[n].stats()); });
stats = stats.sort(function(a, b) { return b['size'] - a['size']; });
for (var c in stats) { print(stats[c]['ns'] + ": " + stats[c]['size'] + " (" + stats[c]['storageSize'] + ")"); }
EOF
/usr/lib/juju/mongo3.2/bin/mongo --sslAllowInvalidCertificates --ssl -u admin -p $(grep oldpassword /var/lib/juju/agents/machine-0/agent.conf | awk -e '{print $2}') localhost:37017/admin /tmp/a.js

niedbalski

LB_ID="6899b9b1-2bb7-4771-999f-6cced80cc321"
LB_DATA=$(neutron lbaas-loadbalancer-show ${LB_ID} --format yaml)
LB_LISTENERS_ID=$(echo -e "$LB_DATA" | awk -F'"' '/listeners/ {print $4}')
LB_POOL_ID=$(echo -e "$LB_DATA" | awk -F'"' '/pools/ {print $4}')
LB_HEALTH_ID=$(neutron lbaas-pool-show ${LB_POOL_ID} | awk '/healthmonitor_id/ {print $4}')
neutron lbaas-listener-delete "${LB_LISTENERS_ID}"
neutron lbaas-healthmonitor-delete "${LB_HEALTH_ID}"
neutron lbaas-pool-delete "${LB_POOL_ID}"
neutron lbaas-loadbalancer-delete "${LB_ID}"