jovenbico

Ansible playbook - Gitlab API

Delete pipeline per project

$ ansible-playbook \
  --extra-vars "project_id=** private_token=** updated_before=$(date -d '30 days ago' -u +'%Y-%m-%dT%H:%M:%SZ')" \
  delete-pipeline.yml

Run script with cron

jovenbico

# Generate a unique private key (KEY)
sudo openssl genrsa -out mydomain.key 2048

# Generating a Certificate Signing Request (CSR)
sudo openssl req -new -key mydomain.key -out mydomain.csr

# Creating a Self-Signed Certificate (CRT)
openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt

# Append KEY and CRT to mydomain.pem

jovenbico

SRE tasks

A simple application is deployed to the Kubernetes cluster on AWS. The application can be used for calculating costs from a housing loan.

(deployment has been terminated)
URL: http://testtask.frankiebico.com/

Component Diagram

jovenbico

Create docker machine for test and to practice, practice, and practice

$ docker-machine create --driver virtualbox --virtualbox-cpu-count "2" --virtualbox-memory "2047" --virtualbox-hostonly-cidr "10.10.10.1/24" jenkins.machine

$ docker-machine ssh jenkins.machine

$ docker pull jenkins:2.60.3-alpine

jovenbico

Sample using vault

>> vars.protected_values.yml  ==  vars/protected_values.yml

$ ansible-playbook my-playbook.yml --ask-vault-pass
$ ansible-playbook my-playbook0.yml --ask-vault-pass

Passw0rd

jovenbico

FROM ubuntu:16.04

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:Passw0rd' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

jovenbico

#
# CORS header support
#
# One way to use this is by placing it into a file called "cors_support"
# under your Nginx configuration directory and placing the following
# statement inside your **location** block(s):
#
#   include cors_support;
#
# As of Nginx 1.7.5, add_header supports an "always" parameter which

jovenbico

frontend localnodes
    bind *:80
    reqadd X-Forwarded-Proto:\ http

    # Add CORS headers when Origin header is present
    capture request header origin len 128
    http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }

jovenbico

# Idempotent way to build a /etc/hosts file with Ansible using your Ansible hosts inventory for a source.
# Will include all hosts the playbook is run on.
# Inspired from http://xmeblog.blogspot.com/2013/06/ansible-dynamicaly-update-etchosts.html

- name: "Build hosts file"
  lineinfile: dest=/etc/hosts regexp='.*{{ item }}$' line="{{ hostvars[item].ansible_default_ipv4.address }} {{item}}" state=present
  when: hostvars[item].ansible_default_ipv4.address is defined
  with_items: groups['all']

jovenbico

Vagrant.configure("2") do |config|

  config.vm.box = "ubuntu/trusty64"

  config.vm.define "node1" do |machine|
    machine.vm.network "private_network", ip: "172.17.177.21"
    machine.vm.provider "virtualbox" do |v|
      v.name = "mynode1"
    end