rhenning

https://www.youtube.com/watch?v=-XARG9W2bGc

• SAML federation at scale
  • Automate onboarding
    • Allow a cross-account trust to create SAML providers w/ MFA from master/payer acct (15:47)
      • This allows bootstrapping new accounts by a small group of admins w/ real IAM accts or root acct
    • automate integrating each subaccount's SAML ID provider
    • automate deployment of subaccount IAM role & policies
    • automate deployment of central directory groups/structure
• keep role definitions consistent across subaccounts

rhenning

class FlatHash
  def self.flatten_hval(pre, val)
    out = {}
    val.each do |k, v|
      out["#{pre}_#{k}"] = v
    end
    flatten(out)
  end

  def self.flatten_aval(pre, val)

rhenning

→ time TF_VAR_client_id=rhenning TF_VAR_env=dev TF_VAR_stack_name=rhenning-dev-20160227 TF_VAR_openvpn_pubhost=vpn.dev.rhenning.weblinc.com terraform plan
Refreshing Terraform state prior to plan...

aws_s3_bucket.integration: Refreshing state... (ID: rhenning-dev-20160227-integration)
aws_iam_role.util: Refreshing state... (ID: rhenning-dev-20160227-util)
aws_eip.nat: Refreshing state... (ID: eipalloc-e8aca58c)
aws_iam_user.resources: Refreshing state... (ID: rhenning-dev-20160227-resources)
aws_iam_user.ses: Refreshing state... (ID: rhenning-dev-20160227-ses)
aws_s3_bucket.elblogs: Refreshing state... (ID: rhenning-dev-20160227-elblogs)
aws_iam_role.es: Refreshing state... (ID: rhenning-dev-20160227-es)

rhenning

#!/bin/bash

gw=$1
target=$2
shift 2
ssh -o StrictHostKeyChecking=no -o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p openvpnas@${gw}" $target -l ubuntu $*

rhenning

#!/usr/bin/env ruby

## run like: tail --lines=0 --follow=name /var/log/tomcat6/gc.log | this_ruby_script

ARGF.each do |line|
  if match = /secs\]\s\d+K-\>(\d+)K\((\d+)K\)/.match(line)
    heap_cur = match[1]
    heap_lim = match[2]
    heap_pct = heap_cur.to_f / heap_lim.to_f * 100.0
    puts "#{heap_cur} / #{heap_lim} KiB : #{heap_pct}%"

rhenning

BATCH_LIMIT = 500
processed_event_count = 0

logger = Logger.new(STDOUT)

total_event_count = SearchIndexEvent.count

## had to get a little closer to the DB here due to a bug in Mongoid2
## that manifests when disabling cursor timeouts
SearchIndexEvent.collection.driver.find({}, :timeout => false) do |cursor|

rhenning

rhenning@apprhenning:~/git/Provisioning/chef/cookbooks/neat-mongodb$ bundle exec berks upload --halt-on-frozen
Using neat-mongodb (0.1.0) from metadata
Using mongodb (0.13.7)
Using build-essential (1.4.2)
Using chef-sugar (1.0.1)
Using ebs (0.4.5)
Using xfsprogs (0.0.1)
Using aws (1.8.5)
Using neat_libraries (0.3.3)
Using chef-solo-search (0.5.1)

rhenning

{
  "theme": "Soda Dark.sublime-theme",
  "font_size": 11.0,
  "tab_size": 2,
  "translate_tabs_to_spaces": true,
  "tab_completion": true,
  "detect_indentation": false,
	"ignored_packages": [ "Vintage" ],
  "sublimelinter_executable_map": { "ruby": "/Users/rhenning/.rvm/bin/rvm-auto-ruby" },
  "sublimelinter_syntax_map": { "ruby": "/Users/rhenning/.rvm/bin/rvm-auto-ruby" }

rhenning

#!/usr/bin/env bash

set -e

if [[ "$#" != "1" ]]; then
  echo usage: $0 /path/to/file.csr
  exit 1
fi

invoke_dir=$(pwd)

rhenning

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCb1Rl3cfJNrppD1JH+ItXN5Hq/IBv6SNTEk1k1Gd8/j4nm05wPtpMDxnwYgt+g8VgVvwRc9v4Ff9I7O+jTU8OOJEGR0wMqb9URhaSbJhQ+hpElg7iWGPudxDGUR9ivyMEII7IlJCFPK2BqxRxdGoZ2IMgSfmntrRo9fTreO7g6maKV1DRgZtO8eSdPc6fPybuVyPMSt3VwPJIkHFXO7dezRrvFheei8MYdscsJxlXBgdGYYbfk2KBR2eCJzmYxLXXnirIriKXtAy4YYNOM/YBxfIwkdcq1RAgo5IdcN32TEoMxbt2+ykYnJBzECJn6A4of1eh27YAklHQzNl0KnwRf rhenning@neat.com