~damien/infrastructure

Miscellaneous files and tools for my personal infrastructure.
3bb31531 — Damien Radtke 30 days ago
Allow remote cluster access from the support server
a78c6d09 — Damien Radtke a month ago
Add vault
6e780e44 — Damien Radtke a month ago
Add nomad-client

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~damien/infrastructure
read/write
git@git.sr.ht:~damien/infrastructure

You can also use your local clone with git send-email.

Issuing Certificates

Nodes are provisioned with and run the issue-cert.sh script for certificates, which uses a CFSSL remote. When on the support server, instead you can do:

$ cd ~
$ RESPONSE=$(echo '{}' | sudo `which cfssl` gencert -config /etc/ssl/cfssl.json -ca /etc/ssl/nomad/ca.pem -ca-key /etc/ssl/nomad/ca-key.pem -)
$ echo "${RESPONSE}" | jq -r .cert > nomad-cli.pem; chmod 0444 nomad-cli.pem
$ echo "${RESPONSE}" | jq -r .key > nomad-cli-key.pem; chmod 0400 nomad-cli-key.pem

Querying the raw Consul API

Since Consul is configured to listen for API requests over a Unix socket, you can use a command like this on a Consul node to query its HTTP API:

$ curl --unix-socket /var/run/consul/consul_https.sock http:///api/v1/agent/checks

Finding largest packages

Use this command to find the largest installed RPM packages, normally used when setting up the Packer build to remove large unneeded packages:

rpm -qa --queryformat '%10{size} - %-25{name} \t %{version}\n' | sort -n