kubectl get pods --selector=bu=finance,tier=frontend,env=prod
kubectl get pods --selector='env in (dev,prod)'
** Untangle | |
* Ensure interfaces are correctly mapped | |
* Set Hostname => Domain Name | |
* Add DNS entries | |
* Allows DNS from WAN interfaces | |
* Turn off nat on all interfaces | |
* Add standalone NAT rule for EXTERNAL (Destination => WAN interface | Source => Any NON WAN interface) |
sudo apt install ipmitool | |
sudo ipmitool -H <hostname> -U <username> | |
sudo ipmitool -H <hostname> -U <username> sensor list all | |
sudo ipmitool -H <hostname> -U <username> sensor thresh FAN1 lower 100 200 300 | |
sudo ipmitool -H <hostname> -U <username> sensor thresh FAN2 lower 000 000 100 | |
sudo ipmitool -H <hostname> -U <username> sensor thresh FAN4 lower 000 000 100 |
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c <old cypher> <user>@<server> |
REVOKE CREATE ON SCHEMA public FROM PUBLIC; | |
CREATE ROLE <db_owner> WITH LOGIN PASSWORD '<db_owner_password>'; | |
CREATE DATABASE <db_name> WITH OWNER=<db_owner>; | |
REVOKE ALL ON DATABASE <db_name> FROM public; | |
GRANT ALL ON DATABASE <db_name> TO <db_owner>; |
interpolate-creds: &interpolate-creds | |
do: | |
- task: tfstate-interpolate | |
image: platform-automation-image | |
... | |
... | |
- task: credhub-interpolate | |
... | |
... | |
etc |
export OM_KEY=om.pem | |
terraform output ops_manager_ssh_private_key > $OM_KEY | |
chmod 0600 $OM_KEY | |
CREDS=$(om -t $OM_TARGET --skip-ssl-validation curl --silent \ | |
-p /api/v0/deployed/director/credentials/bosh_commandline_credentials | \ | |
jq -r .credential | sed 's/bosh //g') | |
# this will set BOSH_CLIENT, BOSH_ENVIRONMENT, BOSH_CLIENT_SECRET, and BOSH_CA_CERT | |
# however, BOSH_CA_CERT will be a path that is only valid on the OM VM |
JUMPBOX_NAME="<name of ec2 instance>" | |
INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=$JUMPBOX_NAME" \ | |
--output text --query 'Reservations[*].Instances[*].InstanceId') | |
aws ssm start-session --target "$INSTANCE_ID" |
name
: my-super-secretusername
: my-super-secret-usernamepassword
: my-super-secret-passwordexport FILE_NAME="cf-2.2.7-build.8.pivotal" # This is the name of the file (tile) to upload to om | |
export OM_USER="admin" | |
export OM_PWD="supersecurepassword" | |
export OM_TARGET="ops-manager address" | |
export OM_TIMEOUT=86400 # set a high timeout incase upload takes a while | |
om -t $OM_TARGET -u $OM_USER -p $OM_PWD -k upload-product -p $FILE_NAME -r $OM_TIMEOUT |