brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(gitlab): review commands for automated installation

Browse Source
This commit is contained in:
Michele Cereda
2024-05-30 01:05:57 +02:00
parent f354f827e6
commit 598d27ddf6
4 changed files with 71 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
knowledge base/cloud computing/aws/cli.md
View File

@@ -6,13 +6,15 @@
1. [Profiles](#profiles) 1. [Profiles](#profiles)
1. [Configuration](#configuration) 1. [Configuration](#configuration)
1. [Session Manager integration](#session-manager-integration) 1. [Session Manager integration](#session-manager-integration)
1. [Troubleshooting](#troubleshooting)
1. [Installation with `pip` on Mac OS X errors out with message about the version of `six`](#installation-with-pip-on-mac-os-x-errors-out-with-message-about-the-version-of-six)
1. [Further readings](#further-readings) 1. [Further readings](#further-readings)
1. [Sources](#sources) 1. [Sources](#sources)
## TL;DR ## TL;DR
Do *not* use '--max-items' with '--query': the items limit is applied before the query filter, and could lead to no Do *not* use `--max-items` together with `--query`: the items limit is applied before the query filter, and could lead
results. to show no results.
<details> <details>
<summary>Installation and configuration</summary> <summary>Installation and configuration</summary>
@@ -20,6 +22,7 @@ results.
```sh ```sh
# Install the CLI. # Install the CLI.
brew install 'awscli' brew install 'awscli'
pip install 'awscli'
# Configure profiles. # Configure profiles.
aws configure aws configure
@@ -235,6 +238,25 @@ Then use it to get a session on the instance:
aws ssm start-session --target 'i-0123456789abcdef0' aws ssm start-session --target 'i-0123456789abcdef0'
``` ```
## Troubleshooting
### Installation with `pip` on Mac OS X errors out with message about the version of `six`
Context: on Mac OS X, during installation using `pip`
Error message example: FIXME error regarding the version of six that came with `distutils` in El Capitan.
Root cause: FIXME
Solutions:
- Use a virtual environment.
- Use the `--ignore-installed` option:
```sh
sudo python -m 'pip' install 'awscli' --ignore-installed 'six'
```
## Further readings ## Further readings
- [Amazon Web Services] - [Amazon Web Services]

5
snippets/curl.sh Normal file
View File

@@ -0,0 +1,5 @@
#!/usr/bin/env sh
# Forcefully resolve a host to a given address.
curl 'https://gitlab.mine.info' --resolve 'gitlab.mine.info:443:192.168.32.76'

2
snippets/gitlab.package.sh
View File

@@ -131,7 +131,7 @@ sudo gitlab-rails runner 'User.update_all(otp_required_for_login: false, encrypt
sudo aws s3 cp 's3://backups/gitlab/gitlab-secrets.json' '/etc/gitlab/gitlab-secrets.json' sudo aws s3 cp 's3://backups/gitlab/gitlab-secrets.json' '/etc/gitlab/gitlab-secrets.json'
sudo aws s3 cp 's3://backups/gitlab/gitlab.rb' '/etc/gitlab/gitlab.rb' sudo aws s3 cp 's3://backups/gitlab/gitlab.rb' '/etc/gitlab/gitlab.rb'
sudo aws s3 cp \ sudo aws s3 cp --region=eu-east-1 \
's3://backups/gitlab/11493107454_2018_04_25_10.6.4-ce_gitlab_backup.tar' \ 's3://backups/gitlab/11493107454_2018_04_25_10.6.4-ce_gitlab_backup.tar' \
'/var/opt/gitlab/backups/' '/var/opt/gitlab/backups/'
sudo gitlab-ctl stop 'puma' sudo gitlab-ctl stop 'puma'

41
snippets/openssl.sh Normal file
View File

@@ -0,0 +1,41 @@
#!/usr/bin/env sh
# Generate pseudo-random passwords.
openssl rand 32
openssl rand -base64 18
# Generate certificate signing requests.
# '-nodes' leaves the output files unencrypted.
openssl req -new -out 'gitlab.mine.info.csr' -newkey 'rsa:2048' -keyout 'gitlab.mine.info.new.key' # also create a key
openssl req -new -out 'gitlab.mine.info.csr' -key 'gitlab.mine.info.existing.key' # use existing keys
openssl req -new -out 'gitlab.mine.info.csr.pem' -config 'csr.conf' -days '365' -sha256
# Verify certificate signing requests and print the data given in input on creation.
openssl req -text -noout -verify -in 'gitlab.mine.info.csr'
# Check existing keys and verify their consistency.
openssl rsa -check -in 'gitlab.mine.info.new.key'
# Generate self-signed certificates.
openssl req -x509 -out 'self-signed.certificate.pem' \
-newkey 'rsa:4096' -keyout 'self-signed.private.key' \
-subj '/C=US/ST=Oregon/L=Portland/O=Company Name/OU=Org/CN=www.company.com' \
-days '365' -sha256
# Check certificates or keys and return information about them.
openssl x509 -text -noout -in 'certificate.crt'
openssl rsa -text -noout -in 'private.key'
# Verify certificate chains.
# If a certificate is its own issuer, it is assumed to be the root CA.
# This means the root CA needs to be self signed for 'verify' to work.
openssl verify -CAfile 'RootCert.pem' -untrusted 'Intermediate.pem' 'UserCert.pem'
# Check SSL connections.
# All the certificates (including the intermediate ones) should be displayed.
# CA certificates bundle on Linux: '/etc/ssl/certs/ca-certificates.crt'.
# '-servername' is used to specify a domain for multi-domain servers.
openssl s_client -connect 'www.google.com:443' -showcerts
openssl s_client -connect 'www.google.com:443' -showcerts -servername 'host.fqdn'
openssl s_client -connect 'www.google.com:443' -showcerts -CAfile 'ca/certificates/bundle.crt'
openssl s_client -connect 'www.google.com:443' -showcerts -CApath '/etc/ssl/certs'