Infrastructure testing is hard. My entire career I've tried to bring traditional development testing practices into operations. Linters. Rspec. Mock objects. These tools provide semantic and syntax checking, as well as unit and integration level coverage for infrastructure as code. Ideally, we would also test the system after the code is deployed. End-to-end infrastructure testing has always been a stretch goal -- too time-consuming to implement from scratch. This is especially true of network level testing. I am not aware of any existing tools that provide self-contained, end-to-end tests to ensure VPCs, subnets, and route tables are properly configured. As a result, production network deployments can be incredibly anxiety-inducing. Recently, my coworkers and I set up an entire VPC (virtual private cloud) using infrastructure as code, but felt we need
Dan Stark stark525
stark525
/ VpcSpecValidator_snippet
Created
December 15, 2017 01:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def get_ip_of_peer_instances_and_write_to_settings_file(self): | |
| ''' | |
| This is run on the source EC2 instance as part of UserData bootstrapping | |
| 1) Look at the peer(s)' VPC CloudFormation Stack's Outputs for a list of subnets, public or private as defined | |
| in the constructor. | |
| 2) Find instances in those subnets created by this library | |
| 3) Get the Private IP address of target instances and write it to a local configuration file | |
| ''' | |
| # Query for peer CloudFormation, get instances |
stark525
/ vault_aws_auth_python3
Last active
November 18, 2019 07:02
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import boto3 | |
| import json | |
| import base64 | |
| def headers_to_go_style(headers): | |
| retval = {} | |
| for k, v in headers.items(): | |
| retval[k] = [v] |
stark525
/ gist:6707aeb1142c81dfd725a6471574850b
Created
November 17, 2016 21:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git clone https://<private-git>/codebattles | |
| git checkout -b dstark |
stark525
/ puppet.conf
Created
December 3, 2014 02:45
If you want to link hiera.yaml to some other path, add this to your puppet.conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hiera_config=/some/other/path/hiera.yaml |
stark525
/ eyaml-encrypt
Created
December 3, 2014 02:40
Dump the output of this into your app.eyaml file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| eyaml encrypt -s 'secretpassword' -l 'parameter-lookup' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| pkcs7_private_key: '/var/lib/puppet/keys/private_key.pkcs7.pem' | |
| pkcs7_public_key: '/var/lib/puppet/keys/public_key.pkcs7.pem' |
stark525
/ link-hiera.yaml
Created
December 3, 2014 02:31
Link /etc/hiera.yaml to /etc/puppet/hiera.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :backends: | |
| - eyaml | |
| - yaml | |
| :yaml: | |
| :datadir: '/etc/puppet/hieradata' | |
| :eyaml: | |
| :datadir: '/etc/puppet/hieradata' | |
| # If using the pkcs7 encryptor (default) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| chown -R puppet:puppet /var/lib/puppet/keys | |
| chmod -R 0500 /var/lib/puppet/keys | |
| chmod 0400 /var/lib/puppet/keys/*.pem |
NewerOlder