trickyearlobe

#cloud-init

chef:
  install_type: "omnibus"
  omnibus_url: "https://omnitruck.chef.io/install.sh" (or https://omnitruck.chef.io/install.ps1 for Win)
  force_install: false
  server_url: "https://manage.chef.io/organizations/thenixons"
  node_name: "testnode001"
  validation_name: "thenixons-validator"
  validation_key: |

trickyearlobe

#!/usr/bin/env ruby
require 'json'
require 'objspace'
puts "Checking #{ARGV[0]}"

all_controls = {}
report=JSON.parse(File.read(ARGV[0]))

report['profiles'].each do |profile|
  profile['controls'].map { |control|

trickyearlobe

curl -T myBackup.tgz https://chef-success-customer-write-only.s3.amazonaws.com/<mybucket>/mybackup.tgz

trickyearlobe

# Execute with `knife exec count_chef_guids.rb`

guids = {}
total_nodes=0

nodes.all.each do |mynode|
  total_nodes=total_nodes+1
  guids[mynode['chef_guid']] = (guids[mynode['chef_guid']] ||0) +1 if mynode['chef_guid']
end

trickyearlobe

require 'aws-sdk-secretsmanager'
require 'base64'

def get_aws_secret(secret_name,region_name)

  client = Aws::SecretsManager::Client.new(region: region_name)
  begin
    get_secret_value_response = client.get_secret_value(secret_id: secret_name)
  rescue Aws::SecretsManager::Errors::DecryptionFailure => e
    raise

trickyearlobe

#!/bin/env ruby

# Load the native Ruby HTTP libraries
require 'net/http'
require 'json'

# Get an API key to access our vault(s)
# Note that the machine must have been granted access to the vault using managed identity
apikey_uri = URI('http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net')
req = Net::HTTP::Get.new(apikey_uri)

trickyearlobe

# If you already tried removing and re-adding a failed backend
# As per https://getchef.zendesk.com/hc/en-us/articles/360003035092-Chef-Backend-Cluster-2-0-1-Full-follower-recovery

# and it's failing with missing WAL problems like this
# FATAL:  could not receive data from WAL stream: ERROR:  requested WAL segment 0000003E000008B3000000CC has already been removed

# TRY this on the failed backend (after re-adding it)

trickyearlobe

#!/bin/env bash

# This script converts user public keys stored in certs on older
# chef servers into pure public keys so that Vault works properly
# NOTE: Back up Postgres before running this as it doesnt error check

function sql_exec {
  /opt/opscode/embedded/bin/psql -d opscode_chef -qtA -c "$1"
}

trickyearlobe

class MonkeyPatcher < Chef::Handler
  puts "MONKEY PATCH GemInstaller"

  def report
    Chef::Cookbook::GemInstaller.send(:define_method,'install') do
        cookbook_gems = Hash.new { |h, k| h[k] = [] }

        cookbook_collection.each do |cookbook_name, cookbook_version|
          cookbook_version.metadata.gems.each do |args|
            cookbook_gems[args.first] += args[1..-1]

trickyearlobe

{
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "location": {
            "type": "string"
        },
        "virtualMachineName": {
            "type": "string"
        },