Commandes en Vrac

jeudi 18 février 2021

Password breaches

https://cybernews.com/personal-data-leak-check/

mercredi 17 février 2021

Run Ansible playbook on AWS target with SSM System manager

AWS configuration

SSM State manager : Association Parameters

documentParameters with an archive (zip) containing multiple yml files

{ "InstallDependencies":"False", "SourceType":"S3", "SourceInfo":"{\"path\":\"https://name_of_bucket_hosting_sources.s3-eu-west-42.amazonaws.com/prefix_key/archive.zip\"}", "PlaybookFile":"main.yml" }

documentParameters with only one yml files

sourceInfo

{ "name": "AWS-ApplyAnsiblePlaybooks" }

* Association Target

Depending on where you want to run the playbook, select what's appropriate

Ansible playbook

example : daily export from an EC2 instance directory to an s3 bucket

- hosts: localhost
become: yes
become_method: sudo
tasks:
- name: Find zips in /path/to/data/*.zip older than 7d
find:
paths: /path/to/data/
patterns: '*.zip'
age: 7d
register: files_to_delete
- name: Remove zips in /path/to/data/ older than 7d
file:
path: "{{ item.path }}"
state: absent
with_items: "{{ files_to_delete.files }}"

- name: Upload content of /path/to/data/ directory, ommiting structure-*.zip files
community.aws.s3_sync:
bucket: target-s3-share-name
key_prefix: s3-prefix-dir-name/subdirectory/
file_root: /path/to/data/
include: "*.zip"
exclude: "structure-*.zip"
delete: no # if set to yes, removes remote files that exist in bucket but are not present in the file root.
- name: Upload content of /path/to/data/ directory
community.aws.s3_sync:
bucket: target-s3-share-name
key_prefix: s3-prefix-dir-name/subdirectory/
file_root: /path/to/data/
include: "*"

References :

mardi 16 février 2021

Atlassian thread dumps

Install the Thready app to make sure that your threads have a meaningful name.

Then use the following scripts :

https://bitbucket.org/atlassianlabs/atlassian-support/src/master/

vendredi 12 février 2021

Jira and Confluence DB setup PostgreSQL

Atlassian Confluence

https://confluence.atlassian.com/doc/configuring-a-datasource-connection-937166084.html

$ sudo -u postgres psql postgres
postgres=# CREATE USER confluence;
CREATE ROLE
postgres=# ALTER USER confluence with PASSWORD 'confluencepwd';
ALTER ROLE
postgres=# CREATE DATABASE confluencedb WITH OWNER = confluence ENCODING 'UNICODE' LC_COLLATE 'C' LC_CTYPE 'C' TEMPLATE template0;
CREATE DATABASE
postgres=# \q

choose the "production install" to make sure you're offered the DB configuration option

Confluence 5.5 confluence.cfg.xml :

confluence5.5$ cat confluence.cfg.xml

<?xml version="1.0" encoding="UTF-8"?>

<confluence-configuration>

<setupStep>finishsetup</setupStep>

<setupType>custom</setupType>

<property name="attachments.dir">${confluenceHome}/attachments</property>

<property name="confluence.license.hash">zdDzjZdbADawoyURqdGzoPaZBAgZKUHUYsHVjDZIEvvPyszv2XGziugEuwkSfQ&tg;Gdt6xeE2Xd9zIm1EpkgsJaGpbCyrw</property>

<property name="confluence.license.message">zbAbzjWIpGHwCEPxwadtQDNsBirASzeAvdenNYxIEfgRidiyujEcxrnDWSbWuGVKbgehfZHRPfcxbDFasXfbofNaPgcAwQJuzycjPPOPFvpjyUgxKytaugGgBKevkPAgDRJwDOcKFdTNguqgEqzjtXoOHFbACGavHChWJweOuokZevvxXiTBydzgzbrcXhFWQIHDrqeEHaPXCgzCBqjVBdTyNYCrADHZKIDhcpxTNCjJjewXaicAOvssJvkRQcBqeyoeKcuXyrtvtyDXefYaeffWFbiQYcTBPAdBPGtenCKxZqpubCHYPdaXuqvSARJcuQBzBFvkuovnVJNNDBPpvSDAZpaOaJDOTkqvCXjoIxeDCsqkqdwwsfwnvXWsyzyITiQRPNShDmUESMzT5Imuvab8oNWjYvUj9Xe24N4jL6Wt8GLkwcyaWLBYZgSPeqPgRLozPuPlPjMObtRzOHaqj4m3e4o5KssixIGh&yg;1vT6qpRg0INFzR6OmnAkxOstG9OwNOCev&tg;a7tX9rxXs6u8i1jDyhH3ldYs8QUaqXeMrknEN5cxbIXbp9QAEjM7Z7AMHlaH4mcUgCc1B61j&yg;k&yg;7Ek&tg;fux6A9pr&yg;&yg;Ht&tg;hmHH2q5TFZd5EcZOqJQrp0nFuX9Gi1skZYGOxW&tg;BygPOwDXLkVZpe8WQPAqYCSedTpKGR2nDkWVETxEILEU&tg;kOeNoTlfbviJq4a5egI6eLA6Me3jlfBQL7f9pw&yg;fwS5zmtQJOOz7L&tg;qph1b&yg;DK8pTZNrkCzi4i38f</property>

<property name="hibernate.connection.driver_class">org.postgresql.Driver</property>

<property name="hibernate.connection.password">confluencepwd</property>

<property name="hibernate.connection.url">jdbc:postgresql://localhost:5432/confluencedb</property>

<property name="hibernate.connection.username">confluence</property>

<property name="hibernate.database.lower_non_ascii_supported">false</property>

<property name="hibernate.dialect">net.sf.hibernate.dialect.PostgreSQLDialect</property>

<property name="lucene.index.dir">${localHome}/index</property>

<property name="webwork.multipart.saveDir">${localHome}/temp</property>

</properties>

</confluence-configuration>

Confluence 6.13.19 confluence.cfg.xml

<?xml version="1.0" encoding="UTF-8"?>

<confluence-configuration>

<setupStep>complete</setupStep>

<setupType>custom</setupType>

<property name="access.mode">READ_WRITE</property>

<property name="admin.ui.allow.daily.backup.custom.location">false</property>

<property name="admin.ui.allow.manual.backup.download">false</property>

<property name="admin.ui.allow.site.support.email">false</property>

<property name="atlassian.license.message">NNNOoN0BQNbCrAc9xI1CtmNHuh/7X0v80EtzME/dxvMBjZxPL8d+fhlzxbBefeX1OrKs27UAe0FGK iFpAa36ChpxmYxkbAmNJX8hoaroopBWk4Mg2Ev9DwHSVIaBPr5L1dI11Jkv5BEp0HDA6EeVF5Rk2 xucHHW2H1WqpSKWEcXiHMYmgXUifEXVRtJtHFTFSMKtHtIx975cLECoXTNWpNar+4nW6ghuorWCz OqFyi1Ul/nC3SB5VdUm5gmqE4H7w9uf4toOOIgxbGtsvPyIg3CEJm30emrwdvpzizdKP3+23GeQi e1z1co1yzEWxZMkOMml5V9/1rzTksbWEWEBcYMRmRZ3IyDbRPFyzLEwBg8ytr/T3gNZpXqwgIcnc X7Vm04xavyaxddq8hxkbQTWxFBt7i6JIkZCwUT1tKbdGuFT3dCw94Xwy+ZLorFPGNGo1NDgA80X0 PTA0kuRPrWf2GH8oonbLruehk/uO4RfhHbjYNVHN70z74+a+XYnayGBhydYW82HVG4PSRna3Jf1k 1m9QN7Jp7sdpRJhgb1yK02uc</property>

<property name="attachments.dir">${confluenceHome}/attachments</property>

<property name="confluence.database.choice">postgresql</property>

<property name="confluence.database.connection.type">database-type-standard</property>

<property name="confluence.setup.server.id">SERVER-ID</property>

<property name="hibernate.c3p0.preferredTestQuery">select 1</property>

<property name="hibernate.c3p0.validate">false</property>

<property name="hibernate.connection.driver_class">org.postgresql.Driver</property>

<property name="hibernate.connection.password">confluencepwd</property>

<property name="hibernate.connection.url">jdbc:postgresql://localhost:5432/confluencedb</property>

<property name="hibernate.connection.username">confluencedbuser</property>

<property name="hibernate.dialect">com.atlassian.confluence.impl.hibernate.dialect.PostgreSQLDialect</property>

<property name="jwt.private.key">ZVVT/tVONQNAOtxduxvT9j0ONDRSNNFPOhtjttoxNtRNNbVOtDPDXUoNQgeeET8v/rvaFZCT1XjVJIAl2RhnB1xq5MkWkNoelY+BI3HYicksyT36sySKYJTcsyfG1sPDejf/RniqrH0aU72CL5bOmY/kHlC2TjUF9sokDG+52Y0trfRHKAyehAHqcfiI53LT1fOoV8Q9tSScy7iVdU44qG2XfOMI2wI0Kx2ttwxUVEC4R5Y7kPuQBxH8eQ1kg8RiqZBGhZXUhZ/U7J5hiJ3IweoRZsvRg1W2DgXwNDn0zbcwstUwl/vb+H0JX55f3ZN1eKwqeWG1q8RN/qThvSH/oSiydoGP9XYJhxnV1YxaLiiFp0mnB0Z9Zro3D6hE5OizH/B2vFpXc354xArlalDPL/kG48j9K1xCNaQ6DEXaBD6J39FD/FNPvco9RxH9bRt6rQTtbzOW44HbK/zGIUWofJ39JjL9dSrWm53SrnBt8lB3LcKrGrXwV2suCkjbn3tKEpg7zXHhQsE4muwhDyLHaItZ4HonxW8kfgcxa7fODj3YTz9W+8xPNjRNNDXPNLOenofE3/++mK8O069T9wQdAtm5X5KPCBtLD6OwMaYAuNXxYGPBUkkKL++tFQvdYCGhjPUR6FSm5wHMzIDU6zYx4m1MdLmIPdU2AIaCghAHiHercrpnKRCsqy91yNUW6zHJahVf9qgekfgdmExTm909Ou+wGviqy6504hn4Y/k0r+YLxziR7HZDmAGHD8TOIhrcZNUz82/IP9LzEuc0A3n7Xwza/bVXtMfIEDScegV+RIdtD6biFgE0CoWs78C4hRTkIyKUhY4zMK7ZN/abQzRJGgoGVQrydsXuTqpAnHPkxXBf4qUwGKLJJpjfqBScCC6CRjhD+6rvGsZNm1TFSTMU2W6RK9bPWlJkVWeuoDbsIkpjXALg4pCbQEU+YHoeRqQ1BiV6o0G+85pfBnQhoWYZUS82lQUJR+8czk9tvfXhcWrAkeujokc0M0D7lefG3H1rcmIf0XmnMdjxMub1q3lc4k1RiGKNjrOqW7pC5OkY0u5Wx153pQ4BcEE34kTtbNRPtpRNjhTBOK5SxPfcYtn/P0Esoze7L05FKwP8PH7tQpleO9GSzSY9B2Dqva7d3jmLavlfwscCJLU/LRCF8nENSOvJLXFohFdxfXBiRB6C5gCydXNGZALdG/SOefLvjqRJ1TBut2t+OSVHYxTZuhyKlYOu3igCTc8dD/5FuwFKQm9pDKx0fN8VPxniI3KiYbynS3x2xCciOHaPeJEyTAfApjR6kWTEdTM+bjOX97J/alBmkpxh5UmpkDibIn/59X8uVzf5NbUONY1rtAL4wzT1Sr55RU16E3DPrRGE/8yWgjB43c17IOATIzQh14w/M8SuPVrkvLmO4polItOpLb70L2WwpImW2yE1kTLb+pdqb3CkXdqzxx0oyjMiJXbRiO3jTo09JsKK69nxHyRz3CN0eKSsrIpWV1maHO+dUs9m9GkjPiIRi34bhcA4na7iU2U5QZW6dyMA9WOs5RzxODbj+fqY4pbKc/weiLsYE8EfrjAp665nKKhXW1yqKmCZyWemY96RSJ7SRDXOjDPuZiKWZKCISi6CWrSgYaqW3WOblzMmckuQRf1rKZr0FWaEfNCe1cct7l7HcpztiD9JhMOqI5lbDwVN0351bDwlx/nQdsExpTQyCcNyiJ0tzWvUZi/49UHPKe5gI8wfxvHAw3XAUS+5P1g0IEiM05lOI5gAFN8fNiv8YyNghcyGEmQ/2Z8ejBOISvMfqtmuxqOQPNEOrLit5HFP1A9OT+yPb666s12Z8mpCj3Ga7O5BVzK5qupsajCyeEFmNkVQnURPtpNpLwQCnkF0Dz8lTxISrKTPFhu58Qi1xX30lq3pUhZtYUr/+nlzcEzWT6RdeLdsMJDD7YiSCOBgg6J51bixF4RSQp3ACwRXyVjhHnFPPAn+5soPPFuk+1zl5j0Ry1PUw8PFbUvFU1NLIAm2IRtpdbe5KgMpzXC8nDLS9NyNo/u/0Im9j5h6jA6xHn7+62Uvb7nKrGs/on0igA2kk4oyDckmd+akx5+QXagMdeQZcyQPgcqyEdPOMOJJRNAWk+EdtCRPtpRNxnXoH3SMKxTNTIjqjYt9EvwmPs+RXwzd1zSGlOKNl2PHJL6EzDYzu4py0ys3iUBL0pDUvDCr14AYnR4xItE/ypystGQXNCy7QNzfCJ3xQkrHGnCZAH3EfgnVJ8NjhbPTjCwSxwD9INq/eWlOBmMm9S4i0/H3ds9tAbBl+R7aKv4Dm76O/L95uwfrQ6L5W1DvyxgLQsArCRuaDbG0sKv+TaGVig6JwAg2OIOpLW1ZfS9iviwuoHeY184oDlmhgrSD123123</property>

<property name="jwt.public.key">ZVVObwNAOtxduxvT9j0ONDRSNNBPNL8NZVVOvtXPNLRNxPu2jN7n60EiVi3bc0wQkgFfPSyGpguYzwgMUrJpFpDT68v/wyq1P76pK5Eg+a5EIl1udK5oR9KjxX8YCkTe3KyAWk+9w2BnNpl/8IZw9ufO0iK28HR/hqv9VUeOSSmMn7wIUnoY1rq2OgoNJlCN/LOEnMr7lXu+BUH9veNJIqb1qS5AbVV5OlRG+OBF+8DbDmcSCXj9posOY3GQx7wPu7wCk+1hoe1g1L62kQU4uYqFqxYFbjRTgWdXL34O48i4dCyASvhroAmNAn143nlH9KsONC3EebuIC2ko5nz0jiFv1ecTvAF5W2Y70aAZ2wgQCGUz90BexrDo5yCmgbxaPdq+rWQKfc8xNzC8H+CZCI9MQjWj+xRFcmxByg/HxC0tNbdJ/EWSCnOVBatkbXWtFrBSXS/5x1ElJ7Sg/IfTCnuKvp+qkKzwbCZwg2XI3x3vblAa4G8pXTg4S0KYr5vyYt30rZ4L7xWJSW1LQBST2cPsZoYnMW+7NHZAlkciFsiWNtZONNR=</property>

<property name="lucene.index.dir">${localHome}/index</property>

<property name="webwork.multipart.saveDir">${localHome}/temp</property>

</properties>

</confluence-configuration>

Atlassian Jira

pg_ctl -D /usr/local/var/postgres start && brew services start postgresql
psql postgres
CREATE ROLE otrs WITH LOGIN PASSWORD 'otrs'; 
ALTER ROLE otrs CREATEDB;
\q
 
#create user and db
psql postgres -U otrs
CREATE DATABASE otrs;
GRANT ALL PRIVILEGES ON DATABASE otrs TO otrs;
 
#show databases
\list 
 
#import dump
psql -h localhost -d otrs -U otrs -f /Users/tokamak/Desktop/IN/MISSIONS/TOTAL/OTRS/Files/psql_otrs_dump.sql
 
#show all db sizes
SELECT
    pg_database.datname,
    pg_size_pretty(pg_database_size(pg_database.datname)) AS size
    FROM pg_database;
 
 
 
#Create jiradb and user
CREATE USER jiradbuser WITH PASSWORD 'jiraSQL';
CREATE DATABASE jiradb WITH ENCODING 'UNICODE' LC_COLLATE 'C' LC_CTYPE 'C' TEMPLATE template0;
GRANT ALL PRIVILEGES ON DATABASE jiradb TO jiradbuser;

https://www.codementor.io/engineerapart/getting-started-with-postgresql-on-mac-osx-are8jcopb

jeudi 21 janvier 2021

Opsgenie webinar / ressources

opsgenie is a tool allowing filtering and routing of monitoring-triggered alerts (nagios, AWS SNS, datadog, ...) to specific channels (SMS, phone-call, Slack, Jira, ...).

Main features on top of this :

time-table (who's on-call)
alerts / incident resolution centralization
third party integrations with 100+ tools

Opsgenie Learning Center : https://docs.opsgenie.com/

[video] Opsgenie : "What do we do?" https://www.youtube.com/watch?v=yphtZ9z2TtA&feature=youtu.be

[video] Opsgenie: "First Look" https://www.youtube.com/watch?v=pyM2dROKn6g

Opsgenie Pricing : https://www.atlassian.com/software/opsgenie/pricing

Implement nagios to opsgenie Heartbeats :

vendredi 18 décembre 2020

Webinar notes : General Assembly / Instagram

Add new lines in description texts

https://apps4lifehost.com/Instagram/CaptionMaker.html

Schedule (free plans)

https://later.com/pricing/ 30 / month
https://www.planoly.com/pricing 30 / month

Hashtags Tools

Keyword Tool : https://keywordtool.io/
Instagram Tags (app ?)

http://www.instagramtags.com/

Hashtags (app ?)
Hashtagify (app ?)

10k - 10 M Posts per day ~ sweet spot

others

https://ingramer.com/tools/instagram-hashtag-generator/

mardi 15 décembre 2020

opinion-size-age-shape-colour-origin-material-purpose Noun.

from a book called The Elements of Eloquence: How to Turn the Perfect English Phrase.

Adjectives, writes the author, professional stickler Mark Forsyth, “absolutely have to be in this order:

opinion-size-age-shape-colour-origin-material-purpose Noun.

So you can have a lovely little old rectangular green French silver whittling knife. But if you mess with that order in the slightest you’ll sound like a maniac.”

https://getpocket.com/explore/item/how-non-english-speakers-are-taught-this-crazy-english-grammar-rule-you-know-but-have-never-heard-of

mardi 1 décembre 2020

ansible FQCN for modules names > 2.10

Starting in ansible 2.10, ansible now recommends using the FQCN for each module (Fully Qualified Collection Name)

This might become mandatory in a future release.

To identify the redirection from the default / previous/ still working to the FQCN :

# ansible-playbook deploy.yaml -vv
redirecting (type:module) ansible.builtin.timezone to community.general.timezone

namely, this is an example for the helm (example from Montreal Ansible meetup on 30-sept-2020)

mercredi 25 novembre 2020

OpsGenie : AWS SNS message to Jira Description Wiki markup (+ links to S3 logs and SSM output)

If you're using the AWS SNS opsgenie integration and want to publish to JIRA, you can for example use the following code to present the data in a slightly better way :

I this use-case I'm using the SNS channel to publish outputs from a system manager (AWS SSM) command that also publishes it's outputs to an S3, so we're using this extraction to provide the direct links to the s3 logs and the SSM run command history.

And in the end, we copy the message we received from the SNS channel "raw"..

In Opsgenie, in the specific Amazon SNS integration (Incoming Amazon SNS), in the Alert Fields, you can for example modify the "Description" so that it transforms the Message received like this :

h3. Details
|| AWS region | {{ TopicArn.extract(/arn:aws:sns:([^:]*):.*/) }} |
|| Status | {{ Message.extract(/.*"status":"([^"]*)".*/) }} |
|| Instance ID | {{ Message.extract(/.*"instanceId":"([^"]*)".*/) }} [(aws link)|https://{{ TopicArn.extract(/arn:aws:sns:([^:]*):.*/) }}.console.aws.amazon.com/ec2/v2/home?region={{ TopicArn.extract(/arn:aws:sns:([^:]*):.*/) }}#InstanceDetails:instanceId={{ Message.extract(/.*"instanceId":"([^"]*)".*/) }}]|
|| Command ID | {{ Message.extract(/.*"commandId":"([^"]*)".*/) }} [(aws cmd)|https://console.aws.amazon.com/systems-manager/run-command/{{ Message.extract(/.*"commandId":"([^"]*)".*/) }}] [(s3 logs)|https://console.aws.amazon.com/s3/buckets/ssm-output/ssm-log/{{ Message.extract(/.*"commandId":"([^"]*)".*/) }}/{{ Message.extract(/.*"instanceId":"([^"]*)".*/) }}/?region={{ TopicArn.extract(/arn:aws:sns:([^:]*):.*/) }}&showversions=false ]
|
|| documentName | {{ Message.extract(/.*"documentName":"([^"]*)".*/) }} |
|| requestedDateTime | {{ Message.extract(/.*"requestedDateTime":"([^"]*)".*/) }} |
|| eventTime | {{ Message.extract(/.*"eventTime":"([^"]*)".*/) }} |
h3. Opsgenie info
|| EventType | {{eventType}} |
|| Timestamp (opsgenie) | {{Timestamp}}|
|| Tags | {{tags}} |
|| TopicArn | {{TopicArn}} |
|| Actions | {{actions}} |
h3. Original Message (raw):
{code}
{{Message}}
{code}

Nb: this might only be available in certain OpsGenie subscriptions unfortunately :-(

mardi 3 novembre 2020

Gitops & git tracking modifications & Nagios

Context :

I needed to have all my nagios files on my computer to be able to run some python scripts trying to figure out what refactoring needed to be done, and identifying gaps in the configuration I inherited.

I took that opportunity to version all our nagios configuration files, with a git repository configured at the /usr/local/nagios/etc level.

That proved itself useful to gain some confidence that we're not going to loose anything.

Initial idea was taken from :

Script to automatically commit changes done in Nagios and push them to the central repo.
NB : still a few things to investigate, but ...

auto-git-commit-push.sh

#!/bin/bash
cd /usr/local/nagios/etc \
&& /bin/git pull \
&& /bin/git add -A \
&& /bin/git commit -m "updated nagios dynamic files $(date) -- automatic commit" \
&& /bin/git push origin master \
&& /bin/git pull \
&& if ! $(grep -lr '<<<<<<<' . ) ; then grep -lr '<<<<<<<' . | xargs git checkout --ours; ./$0; fi

identified issues :

* why so many conflicts while we are only modifying and thus commiting files locally and pushing them !?

* I thought about putting in place a workflow that would take the files from the git repository and push them to nagios import with some git hooks, but I eventually found the Nagios REST API which is way easier to delivery to the team handling those creations : just 1 script per use-case and they'll do everything at once.

Commandes en Vrac

jeudi 18 février 2021

Password breaches

mercredi 17 février 2021

Run Ansible playbook on AWS target with SSM System manager

AWS configuration

SSM State manager : Association Parameters

Ansible playbook

mardi 16 février 2021

Atlassian thread dumps

vendredi 12 février 2021

Jira and Confluence DB setup PostgreSQL

Atlassian Confluence

Atlassian Jira

jeudi 21 janvier 2021

Opsgenie webinar / ressources

vendredi 18 décembre 2020

Webinar notes : General Assembly / Instagram

mardi 15 décembre 2020

opinion-size-age-shape-colour-origin-material-purpose Noun.

mardi 1 décembre 2020

ansible FQCN for modules names > 2.10

mercredi 25 novembre 2020

OpsGenie : AWS SNS message to Jira Description Wiki markup (+ links to S3 logs and SSM output)

mardi 3 novembre 2020

Gitops & git tracking modifications & Nagios

Labels (alpha.)

Labels (fréq.)