Skip to content

Instantly share code, notes, and snippets.

View optiz0r's full-sized avatar

Ben Roberts optiz0r

17 followers · 2 following
View GitHub Profile
@optiz0r
optiz0r / Caddyfile.tmpl
Created April 29, 2021 07:35
Caddy with Nomad + Consul
{{- range services -}}
{{- if .Name | contains "sidecar" | not -}}
{{- $groupedServices := (service .Name | byMeta "caddy_enable") -}}
{{- $enabledServices := (index $groupedServices "true" ) -}}
{{- range $enabledServices -}}
{{- $vhost := index .ServiceMeta "caddy_vhost" -}}
{{- scratch.MapSetX "vhosts" $vhost . -}}
{{- end -}}
{{- end -}}
{{- end -}}
@optiz0r
optiz0r / gist:191c33a5acc3b9597b788dd28d53dad9
Created June 2, 2021 13:42
docker on rhel
# class params
$socket_group=undef
$docker_users=[]
# Override defaults which try to specify which repo to install from
# we install from spacewalk with different reponames, and will just install
# the latest version available
$repo_opt = {}
$dist_specific_opts = {
@optiz0r
optiz0r / Choria Playbook: Vault upgrade.md
Last active April 7, 2022 10:58
Upgrades a Hashicorp Vault cluster and clients using Choria

Upgrade Vault Cluster

This Choria Playbook will automate the steps to do a simple version upgrade of a Vault cluster

  • Upgrades follower servers first
  • Upgrades the leader last (to reduce risk of a failover from newer version to older one)
  • Sleeps in between each upgrade to allow operator unseal to be run, and for vault to re-register itself in service discovery
  • Bulk updates all clients

Warning!

@optiz0r
optiz0r / host_certs.tf
Created July 6, 2022 12:59
Terraform code allowing puppet clients to acquire TLS certificates matching their own hostname only
# Allow clients to auth using puppet certificates
resource "vault_auth_backend" "host_certs" {
path = "host_certs"
type = "cert"
}
resource "vault_cert_auth_backend_role" "puppet_certificate" {
name = "puppet_certificate"
backend = vault_auth_backend.host_certs.path