Wednesday, 22 December 2021
CircleCI Orbs
Terraform user with secrets in aws secret manager
data "aws_iam_policy_document" "ci_user_s3_policy" {
statement {
actions = [
"s3:DeleteObject",
"s3:DeleteObjectTagging",
"s3:DeleteObjectVersion",
"s3:DeleteObjectVersionTagging",
"s3:ListBucket",
"s3:GetObject*",
"s3:PutObject*",
"s3:ReplicateObject",
"s3:RestoreObject"
]
resources = [
"arn:aws:s3:::ansible-bucket-${var.environment}/*",
"arn:aws:s3:::ansible-bucket-${var.environment}"
]
}
}
variable "environment" {
type = string
}
variable "vaultpass" {
type = string
}
resource "aws_s3_bucket" "ansible_bucket" {
bucket = "ansible-bucket-${var.environment}"
acl = "private"
force_destroy = true
}
resource "aws_iam_user" "user" {
name = "ansible-ci-upload"
}
resource "aws_iam_access_key" "ansible_repo" {
user = aws_iam_user.user.name
}
resource "aws_iam_policy" "ci_user_s3_policy" {
policy = data.aws_iam_policy_document.ci_user_s3_policy.json
}
resource "aws_iam_user_policy_attachment" "attach-policy" {
user = aws_iam_user.user.name
policy_arn = aws_iam_policy.ci_user_s3_policy.arn
}
resource "aws_secretsmanager_secret" "ansible_credentials" {
name = "ansible-circleci-user-creds"
}
resource "aws_secretsmanager_secret" "ansible_git_credentials" {
name = "ansible-git-creds"
}
resource "aws_secretsmanager_secret_version" "ansible_credentials" {
secret_id = aws_secretsmanager_secret.ansible_credentials.id
secret_string = jsonencode({
access_key = aws_iam_access_key.ansible_repo.id
access_secret = aws_iam_access_key.ansible_repo.secret
vault_pass = var.vaultpass
})
}
resource "aws_secretsmanager_secret_version" "ansible_credentials_key" {
secret_id = aws_secretsmanager_secret.ansible_git_credentials.id
secret_string = file("/mnt/workspace/AnsibleMaster.pem")
}
Thursday, 29 April 2021
Move Existing data to Glacier
#!/bin/bash
> filelist
aws sts get-caller-identity
TARGETBUCKET=$1
echo ''
echo $TARGETBUCKET
echo ''
aws s3 ls $TARGETBUCKET --recursive | awk '{ print $4 }' >> filelist
while read objname
do
aws s3api copy-object --copy-source $TARGETBUCKET/${objname} --bucket $TARGETBUCKET --storage-class GLACIER --key ${objname}
done < filelist
aws s3api list-objects --bucket $TARGETBUCKET --query 'Contents[].{Key: Key, SC: StorageClass}' --output table
Thursday, 11 February 2021
LVM Shorthand
LVM Creation
sudo pvcreate /dev/sda /dev/sdb
sudo vgcreate LVMVolGroup /dev/sda /dev/sdb
sudo lvcreate -L 10G -n test1 LVMVolGroup
sudo lvcreate -l 100%FREE -n test2 LVMVolGroup
sudo mkfs -t ext4 /dev/LVMVolGroup/test1
sudo mkfs -t ext4 /dev/LVMVolGroup/test2
sudo mkdir /vol1
sudo mkdir /vol2
sudo mount /dev/LVMVolGroup/test1 /vol1
sudo mount /dev/LVMVolGroup/test2 /vol2
echo "/dev/LVMVolGroup/test1 /vol1 auto noatime 0 0" | sudo tee -a /etc/fstab
echo "/dev/LVMVolGroup/test2 /vol2 auto noatime 0 0" | sudo tee -a /etc/fstab
sudo mount -a
sudo reboot
Useful Commands:
pvdisplay
vgdiaplay
lvdisplay