I came into a new project recently. One of the challenges was that the CICD pieces almost worked for developers, but fell short and all of the QA was being done because of that on the developer’s local laptop. It works on my local… Actually and in fact. Each developer would announce to the group…
Continue Reading
ssh -i localkey -L local_port:localhost:remote_port user@ip I had to look this up again. I haven’t had to use this in a while, maybe five years? I also wanted multiple ports forwarded, and that works like ssh -i localkey -L local_port:localhost:remote_port -L local_port:localhost:remote_port user@ip And… jenkins host inside remote VPC: ssh -i catalyst -L 8080:localhost:18080 centos@bastion-host-ip…
Continue Reading
I tend to code and architect devops with an eye toward NOT being locked into any particular cloud or service. Netsaint -> Nagios -> Icinga Hudson -> Jenkins VMWare -> Vagrant -> Docker -> Kubernetes -> ECS Everything changes. That ideal cloud you are moving on to right now – will change in five years,…
Continue Reading
When companies move their development over to scrum they feel they’ve found a holy grail. For a while, anyway. Then the realities of scrum and agile development creep in. The separate Operations division finds the response time they can manage and the training of developers on using repositories, CICD servers, packer, ansible, tooling, plus trying…
Continue ReadingGithub sends the full branch and committed information with the notifyCommit it sends to Jenkins. Jenkins passes just the repo url through to the git plugin. The plugin then does calculations to find the correct commit id to build. If Jenkins has state, and has built this job in the past, and there’s a commit…
Continue ReadingAs part of building a Jenkins agent AMI in Amazon Web Services, the last plays strip any private keys or authentication tokens off the image. Once it is saved and at rest, no secrets are stored on the image. At boot I have extensive scripting that pulls in the secrets and places them, verifies and…
Continue ReadingI constructed five of our jenkins agent AMI builds into an ansible_role-jenkins-[function]-agent piece, and then an aggregation jenkins pipeline build repo. The idea is – code from the role(s) are layered in the jenkins pipeline build repo. For example the base agent build (all the basic stuff we want on all of our agent AMIs)…
Continue ReadingI created an automagically configured Jenkins controller. It spun up in Amazon Web Services, it grabbed and installed its private keys for access, and it was stateless. But… But the Jenkins AMI came with a Jenkins config.xml configured with agent AMI ids when it was built. As development moved forward (CICD, after all), the config.xml…
Continue ReadingIn working with Hashicorp vault I used an AWS role to automagically enable an instance to communicate with vault. That worked really well. But in developing and testing sometimes I needed that AWS instance to be reverted in vault – to no longer be registered. That required tracing down where and how that auth happens…
Continue ReadingI had an existing GitHub organization. It had working code on it, but I needed to duplicate the repos on a separate organization, not through forking off or any connection to the first organization. bash it is… #! /bin/bash # arg is list file # directory to work in DIR=”/Users/dsm/construct” # GitHub server address…
Continue Reading