Nebula-in-a-Box actually works now. The latest problems were in ssl certificates, vault, consul, DNS, internal addressing, tuning consul to run as basically a single master instance (not designed for that). The Nebula-in-a-Box orion instance comes up now with consul fully functioning as service discovery and DNS. It registers and interacts with the local vault. The…
Continue ReadingRecover id_rsa.pub from id_rsa When Needed…
I run into this about every tenth day. Just enough off the pace of memorization to look it up when a switch misfires… ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub Just in case. A lot of the work I’m doing today, and the last few days, is re-working id_rsa and other secret retrieval from vault, grabbing…
Continue ReadingVault and Self-signed Certs
In a distributed AWS cloud environment, SSL certs live on the ELB instances and are signed by known CA’s. Backend encryption using self-signed certs is seamless. As soon as Jenkins, consul+vault and the nebula utilities API are brought together onto the same box (Nebula-in-a-Box), and are moved to using consul service discovery, SSL naming and…
Continue Readingansible Troubleshooting
I am working through an ansible play setup where a notifyCommit from GitHub (or a curl from the command line…) goes to a Jenkins controller which pulls a Jenkinsfile to guide a pipeline build out of the repo and then that Jenkinsfile first calls an installer.yml play. That installer construct is a git submodule in…
Continue ReadingSSL and Consul Service Discovery
Nebula is an Open Source CICD pipeline. It was developed using Jenkins, ansible, packer, python and AWS as an end-to-end CICD product, distributed across individual self-healing clouds, so recoverable and massively scalable. Spun down to minimize cost in AWS when idling. I started about four weeks ago to bring all of the products together on…
Continue ReadingShip Inside of a Bottle, Repeat
…in other words, DevOps. Github sends a notifyCommit message to Jenkins. That message passes through the Jenkins git plugin, which triggers a job if (1) there is a job configured with a git url matching the notifyCommit git url, and (2) there is a change to the code. If the job does not already exist…
Continue ReadingOrion – Default Values in Ansible Plays
I wanted modular code – edit in one place, use in many. I started trying out git submodules. They were cool, but static. Changing code bases would be a pain to keep track of and manipulate. But the separation of ansible role and builds. allows us to immediately reuse code. I’m building a single instance…
Continue ReadingReload Jenkins Using a Script and the API
Ansible’s system module restarts the jenkins service. If you call this to restart during the install process or during the boot process you cause Jenkins to be unavailable. At one point (because of errant Nessus scan configs) the instances at boot were so loaded that the restart could take 4+ minutes. This caused a cascading…
Continue ReadingJenkins Shared Global Library
Github sends the full branch and committed information with the notifyCommit it sends to Jenkins. Jenkins passes just the repo url through to the git plugin. The plugin then does calculations to find the correct commit id to build. If Jenkins has state, and has built this job in the past, and there’s a commit…
Continue ReadingStateless Jenkins and “checkout scm” Behavior
When you manage to make Jenkins stateless, it exposes internal assumptions throughout Jenkins, all assuming there is a past, a history, a state. In Jenkins pipeline jobs the basic checkout statement is “checkout scm”. This in my experience does the right thing consistently, on a Jenkins controller that has been up for awhile and has…
Continue Reading