chore(gitlab): review commands for automated installation

2026-02-09 05:44:23 +00:00 · 2024-05-30 01:05:57 +02:00
parent f354f827e6
commit 598d27ddf6
4 changed files with 71 additions and 3 deletions
--- a/computing/aws/cli.md
+++ b/computing/aws/cli.md
@@ -6,13 +6,15 @@
 1. [Profiles](#profiles)
 1. [Configuration](#configuration)
 1. [Session Manager integration](#session-manager-integration)
+1. [Troubleshooting](#troubleshooting)
+   1. [Installation with `pip` on Mac OS X errors out with message about the version of `six`](#installation-with-pip-on-mac-os-x-errors-out-with-message-about-the-version-of-six)
 1. [Further readings](#further-readings)
   1. [Sources](#sources)

 ## TL;DR

-Do *not* use '--max-items' with '--query': the items limit is applied before the query filter, and could lead to no
-results.
+Do *not* use `--max-items` together with `--query`: the items limit is applied before the query filter, and could lead
+to show no results.

 <details>
  <summary>Installation and configuration</summary>
@@ -20,6 +22,7 @@ results.
 ```sh
 # Install the CLI.
 brew install 'awscli'
+pip install 'awscli'

 # Configure profiles.
 aws configure
@@ -235,6 +238,25 @@ Then use it to get a session on the instance:
 aws ssm start-session --target 'i-0123456789abcdef0'
 ```

+## Troubleshooting
+
+### Installation with `pip` on Mac OS X errors out with message about the version of `six`
+
+Context: on Mac OS X, during installation using `pip`
+
+Error message example: FIXME error regarding the version of six that came with `distutils` in El Capitan.
+
+Root cause: FIXME
+
+Solutions:
+
+- Use a virtual environment.
+- Use the `--ignore-installed` option:
+
+  ```sh
+  sudo python -m 'pip' install 'awscli' --ignore-installed 'six'
+  ```
+
 ## Further readings

 - [Amazon Web Services]
--- a/snippets/curl.sh
+++ b/snippets/curl.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env sh
+
+
+# Forcefully resolve a host to a given address.
+curl 'https://gitlab.mine.info' --resolve 'gitlab.mine.info:443:192.168.32.76'
--- a/snippets/gitlab.package.sh
+++ b/snippets/gitlab.package.sh
@@ -131,7 +131,7 @@ sudo gitlab-rails runner 'User.update_all(otp_required_for_login: false, encrypt

 sudo aws s3 cp 's3://backups/gitlab/gitlab-secrets.json' '/etc/gitlab/gitlab-secrets.json'
 sudo aws s3 cp 's3://backups/gitlab/gitlab.rb' '/etc/gitlab/gitlab.rb'
-sudo aws s3 cp \
+sudo aws s3 cp --region=eu-east-1 \
 	's3://backups/gitlab/11493107454_2018_04_25_10.6.4-ce_gitlab_backup.tar' \
 	'/var/opt/gitlab/backups/'
 sudo gitlab-ctl stop 'puma'
--- a/snippets/openssl.sh
+++ b/snippets/openssl.sh
@@ -0,0 +1,41 @@
+#!/usr/bin/env sh
+
+# Generate pseudo-random passwords.
+openssl rand 32
+openssl rand -base64 18
+
+# Generate certificate signing requests.
+# '-nodes' leaves the output files unencrypted.
+openssl req -new -out 'gitlab.mine.info.csr' -newkey 'rsa:2048' -keyout 'gitlab.mine.info.new.key'  # also create a key
+openssl req -new -out 'gitlab.mine.info.csr' -key 'gitlab.mine.info.existing.key'                   # use existing keys
+openssl req -new -out 'gitlab.mine.info.csr.pem' -config 'csr.conf' -days '365' -sha256
+
+# Verify certificate signing requests and print the data given in input on creation.
+openssl req -text -noout -verify -in 'gitlab.mine.info.csr'
+
+# Check existing keys and verify their consistency.
+openssl rsa -check -in 'gitlab.mine.info.new.key'
+
+# Generate self-signed certificates.
+openssl req -x509 -out 'self-signed.certificate.pem' \
+	-newkey 'rsa:4096' -keyout 'self-signed.private.key' \
+	-subj '/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.company.com' \
+	-days '365' -sha256
+
+# Check certificates or keys and return information about them.
+openssl x509 -text -noout -in 'certificate.crt'
+openssl rsa -text -noout -in 'private.key'
+
+# Verify certificate chains.
+# If a certificate is its own issuer, it is assumed to be the root CA.
+# This means the root CA needs to be self signed for 'verify' to work.
+openssl verify -CAfile 'RootCert.pem' -untrusted 'Intermediate.pem' 'UserCert.pem'
+
+# Check SSL connections.
+# All the certificates (including the intermediate ones) should be displayed.
+# CA certificates bundle on Linux: '/etc/ssl/certs/ca-certificates.crt'.
+# '-servername' is used to specify a domain for multi-domain servers.
+openssl s_client -connect 'www.google.com:443' -showcerts
+openssl s_client -connect 'www.google.com:443' -showcerts -servername 'host.fqdn'
+openssl s_client -connect 'www.google.com:443' -showcerts -CAfile 'ca/certificates/bundle.crt'
+openssl s_client -connect 'www.google.com:443' -showcerts -CApath '/etc/ssl/certs'