Skip to content

Instantly share code, notes, and snippets.

View pwillis-els's full-sized avatar

Peter Willis pwillis-els

12 followers · 0 following
View GitHub Profile
@pwillis-els
pwillis-els / Make_a_Git_Changelog_by_hand.md
Created January 25, 2022 16:24
Make a Git Changelog by hand

Making a Changelog by hand with Git

If you need to create a ChangeLog for a repository, there's a lot of software out there than can help you generate one. But most of it works by having your Git commits include certain information. What if you want to make a ChangeLog for software whose commit messages are not uniform?

Basically, just use git log to compare commits to your existing ChangeLog, and format the Changelog entry for a new release (using the Keep A Changelog format).

First add a shortcut to format Git logs to only show you the changes:

@pwillis-els
pwillis-els / AdminBestPractice.md
Created January 8, 2022 19:56
Kubernetes notes, tips, tricks, and best practices, for both administration and development

Kubernetes Administration Best Practice

Reliability

Networking Reliability

  • AWS VPC Container Network Interface (CNI) for Kubernetes has an inherent limit on number of pods per instance, due to using one ENI per pod per instance. The workaround is to use Calico CNI. The Calico CNI can be deployed in EKS to run alongside the VPC CNI, providing Kubernetes Network Policies support.

Manifest Reliability

@pwillis-els
pwillis-els / gist:2df85ee1658b8bf40c2a3d52392c081c
Last active November 22, 2021 01:35
Kubernetes Multitenancy: November 2021

This is an overview of the different options for multi-tenancy in Kubernetes as of November 2021.

Kubernetes Multi-Tentancy SIG (https://github.com/kubernetes-sigs/multi-tenancy)

@pwillis-els
pwillis-els / Simple_Atomic_File_Locking_Linux.md
Last active November 10, 2021 17:21
Simple Atomic File Locking in Linux

Simple Atomic File Locking in Linux

If you have access to a traditional programming language, there are many methods1 to use2 locks in linux3. However, we don't necessarily have access to those methods within a shell script. In addition, using locks over different kinds of filesystems (such as NFS) can also have inconsistencies and bugs.

What if you just want a very simple form of locking that works on all filesystems? The answer is Maildir locking. The way Qmail / Maildir works is specific to mail files, so I'll break it down in a more general way below. You also don't have to strictly follow this method; the general idea can be modified.

@pwillis-els
pwillis-els / WhyNotToUseGitHubForDocs.md
Created August 10, 2021 14:42
Why You Should NOT Use GitHub For Documentation

Why you should not use GitHub for Documentation

Technical people can often get frustrated with documentation. They don’t like writing it. They want to make it easier to write and update it. And as they’re technical people, they tend to use technical means to deal with problems.

Most technical people eventually want to use Git to manage their documentation. It seems to make sense: documentation is text, their code is text. Why not use a tool used to manage code, for managing documentation? So they put their docs into Git.

I’ve been there! I wanted to simplify my docs, so I decided to put them in GitHub. But after several weeks/months, I went back to putting any documentation that wasn’t code into Confluence. Here’s why.

Problem #1: Markdown

@pwillis-els
pwillis-els / JenkinsAntiPattern-OpsToil.md
Last active May 31, 2022 19:56
Jenkins: A DevOps Anti-Pattern

Jenkins: A DevOps Anti-Pattern

Jenkins is the WordPress of CI/CD. Designed in another era, it creates more problems than it needs to and is more complex than it needs to be. But because it’s free and user-friendly, it is ubiquitous and perennial, like a weed. Every year, people will try to use it, unaware of the problems it will create.

The "tl;dr" is that Jenkins was not designed to be used like modern Cloud-native DevOps-friendly software. You can "make it work", in the same sense that you can make pigs fly.... but they're really not designed to fly.

What is Jenkins?

Jenkins is an “automation server”. Basically it’s software that can continuously run automated tasks for you. It has a friendly web-based user interface, and because it’s written in Java, you can run it on any computer. And it has a lot of plugins to add features to do whatever you need.

@pwillis-els
pwillis-els / readme.md
Last active June 9, 2022 18:53
How I manage Terraform & AWS infrastructure

My development environment

I use a couple tools to make it easier for me to get work done:

  • cliv. This installs all my typical Ops tools that aren't packaged by my Linux distribution. This also allows me to switch versions of any tool at any time, either by specifying a particular version of a tool, or by pinning a version in a .COMMAND-versions file. No need for tfenv.

  • terraformsh. This wrapper for Terraform makes it much easier to manage lots of environments and run common Terraform commands. It's simpler than TerraGrunt and still allows me

@pwillis-els
pwillis-els / alpine.Dockerfile
Created June 25, 2021 14:47
Best practice for building and running Wordpress + Bedrock + Apache2 + PHP-FPM + MariaDB in an Alpine container with docker-compose
FROM alpine:3.13.5 AS php7
ENV PHP_VER=7.4
ENV RUNTIME_USER=www-data
ENV RUNTIME_GROUP=www-data
# Alpine www-data UID/GID is 82
ARG RUNTIME_UID=82
ENV RUNTIME_UID=$RUNTIME_UID
ARG RUNTIME_GID=82
ENV RUNTIME_GID=$RUNTIME_GID
@pwillis-els
pwillis-els / SOP_Migrate_AWS_EC2_RDS_Cross_Region.md
Created February 6, 2021 03:32
Standard Operating Procedure for migrating both an EC2 instance and an encrypted RDS database to a different AWS account and different region

About

This document describes the Standard Operating Procedure for migrating both an EC2 instance and an encrypted RDS database to a different AWS account and region.

For this sample case, there is a single EC2 instance which uses a single MariaDB RDS instance (no read-replica, nothing fancy). But the database is encrypted, so migrating a snapshot is a bit complicated. The end result will be that the newly deployed database instance cannot use a customer-managed KMS. To get around this you'll probably have to use a different method entirely to migrate the database (such as S3 export/import, or a manual SQL dump/import).

@pwillis-els
pwillis-els / Dockerfile
Created February 5, 2021 20:37
Test patching sudo in your old horrible CentOS 6 instance
FROM centos:6
# This works, but don't use yum update, it'll update too many packages
RUN CENTOSVER=`cat /etc/centos-release | grep 'CentOS release' | awk '{print $3}'` ; \
grep -v mirrorlist /etc/yum.repos.d/CentOS-Base.repo \
| sed -e 's/^#baseurl=/baseurl=/g' \
| sed -e "s?baseurl=http://mirror.centos.org/centos/\$releasever/?baseurl=https://vault.centos.org/$CENTOSVER/?g" \
> /etc/yum.repos.d/CentOS-Base.repo.new ; \
mv -f /etc/yum.repos.d/CentOS-Base.repo.new /etc/yum.repos.d/CentOS-Base.repo
RUN curl -L -o sudo-patched.rpm https://github.com/sudo-project/sudo/releases/download/SUDO_1_9_5p2/sudo-1.9.5-3.el6.x86_64.rpm
RUN yum install -y sudo && rpm -qi sudo && sudo -V