Wednesday, 22 December 2021

CircleCI Orbs

version: '2.1'
orbs:
  aws-s3: circleci/aws-s3@3.0

jobs:
  s3_sync_dev:
    docker:
      - image: 'cimg/python:3.10'
    resource_class: small
    steps:
      - checkout
      - aws-s3/sync:
          aws-access-key-id: ACCESS_ID_DEV
          aws-secret-access-key: SECRET_KEY_DEV
          aws-region: AWS_REGION_DEV
          from: .
          to: 's3://ansible-bucket-test'
      - run: aws --version
  s3_sync_prod:
    docker:
      - image: 'cimg/python:3.10'
    resource_class: small
    steps:
      - checkout
      - aws-s3/sync:
          aws-access-key-id: ACCESS_ID_PROD
          aws-secret-access-key: SECRET_KEY_PROD
          aws-region: AWS_REGION_PROD
          from: .
          to: 's3://ansible-bucket-prod'
      - run: aws --version

workflows:
  s3-execution:
    jobs:
      - s3_sync_dev:
          filters:
            branches:
              only: dev
      - s3_sync_prod:
          filters:
            branches:
              only: prod

Terraform user with secrets in aws secret manager

 data "aws_iam_policy_document" "ci_user_s3_policy" {

  statement {

    actions = [

      "s3:DeleteObject",

      "s3:DeleteObjectTagging",

      "s3:DeleteObjectVersion",

      "s3:DeleteObjectVersionTagging",

      "s3:ListBucket",

      "s3:GetObject*",

      "s3:PutObject*",

      "s3:ReplicateObject",

      "s3:RestoreObject"

    ]

    resources = [

      "arn:aws:s3:::ansible-bucket-${var.environment}/*",

      "arn:aws:s3:::ansible-bucket-${var.environment}"

    ]

  }

}

variable "environment" {

  type = string

}


variable "vaultpass" {

  type = string

}


resource "aws_s3_bucket" "ansible_bucket" {

  bucket        = "ansible-bucket-${var.environment}"

  acl           = "private"

  force_destroy = true

}


resource "aws_iam_user" "user" {

  name = "ansible-ci-upload"

}


resource "aws_iam_access_key" "ansible_repo" {

  user = aws_iam_user.user.name

}


resource "aws_iam_policy" "ci_user_s3_policy" {

  policy = data.aws_iam_policy_document.ci_user_s3_policy.json

}


resource "aws_iam_user_policy_attachment" "attach-policy" {

  user       = aws_iam_user.user.name

  policy_arn = aws_iam_policy.ci_user_s3_policy.arn

}


resource "aws_secretsmanager_secret" "ansible_credentials" {

  name = "ansible-circleci-user-creds"

}


resource "aws_secretsmanager_secret" "ansible_git_credentials" {

  name = "ansible-git-creds"

}


resource "aws_secretsmanager_secret_version" "ansible_credentials" {

  secret_id = aws_secretsmanager_secret.ansible_credentials.id

  secret_string = jsonencode({

    access_key    = aws_iam_access_key.ansible_repo.id

    access_secret = aws_iam_access_key.ansible_repo.secret

    vault_pass    = var.vaultpass

  })

}


resource "aws_secretsmanager_secret_version" "ansible_credentials_key" {

  secret_id     = aws_secretsmanager_secret.ansible_git_credentials.id

  secret_string = file("/mnt/workspace/AnsibleMaster.pem")

}

Thursday, 29 April 2021

Move Existing data to Glacier

 #!/bin/bash

> filelist

aws sts get-caller-identity

TARGETBUCKET=$1

echo ''

echo $TARGETBUCKET

echo ''

aws s3 ls $TARGETBUCKET --recursive | awk '{ print $4 }' >> filelist

while read objname

do

 aws s3api copy-object --copy-source $TARGETBUCKET/${objname} --bucket $TARGETBUCKET --storage-class GLACIER --key ${objname}

done < filelist

aws s3api list-objects --bucket $TARGETBUCKET --query 'Contents[].{Key: Key, SC: StorageClass}' --output table

Thursday, 11 February 2021

LVM Shorthand

 LVM Creation


sudo pvcreate /dev/sda /dev/sdb

sudo vgcreate LVMVolGroup /dev/sda /dev/sdb

sudo lvcreate -L 10G -n test1 LVMVolGroup

sudo lvcreate -l 100%FREE -n test2 LVMVolGroup

sudo mkfs -t ext4 /dev/LVMVolGroup/test1

sudo mkfs -t ext4 /dev/LVMVolGroup/test2

sudo mkdir /vol1

sudo mkdir /vol2

sudo mount /dev/LVMVolGroup/test1 /vol1

sudo mount /dev/LVMVolGroup/test2 /vol2

echo "/dev/LVMVolGroup/test1 /vol1 auto noatime 0 0" | sudo tee -a /etc/fstab

echo "/dev/LVMVolGroup/test2 /vol2 auto noatime 0 0" | sudo tee -a /etc/fstab

sudo mount -a

sudo reboot


Useful Commands:

pvdisplay

vgdiaplay

lvdisplay