gathering public SSH keys from the AWS System Log and creating custom SSH host entries using Ansible

what is this and why? I work in private VPCs in AWS a lot. I’m testing, debugging, and fidgeting with instances, requiring SSH access. If DNS isn’t configured, I’ve then had to look up IP addresses for instances through the AWS console (or just memorize the IP). After that, there’s the SSH public host key fingerprint. I either blindly accept it or manually look it up. If I terminate and redeploy the instance, there’s a chance I’ll get that SSH WARNING!

adventures in stunnel and elasticsearch

While deploying a 3 node HIPAA compliant Elasticsearch/Kibana cluster, we ran into a really weird issue where the nodes would disconnect/reconnect, every 12 hours or so. This includes TCP analysis of the connectivity issues, a glimpse into Elasticsearch node TCP connectivity and TCP keepalive settings, discovery of the root cause, and resolution of the connectivity issue. Background We deployed a “secure 3 node cluster”, one that used TLS everywhere; on the inbound elasticsearch clients, between nodes, in front of Kibana.

Google App Engine with server-side Google Analytics

why Google App Engine? I was recently lucky enough to attend Google Next 17 and got to learn about Google Cloud Platform from some ridiculously smart Google engineers. This included some amazing people like Kelsey Hightower, Jessie Frazelle, Alex Mohr, Niels Provos, Terrence Ryan,… These engineers are phenomenal in their areas of expertise and it was awesome to hear their talks. This isn’t even all inclusive, but wait there's more - https://www.

stuffs - an AWS inventory tool

problem I wanted to create a simple inventory website. I wanted to have a collection of information, including all systems, installed software on those systems, and any other relevent stats and details on those systems. The available tools out there, however, I didn’t really like. I just wanted a simple static HTML site, with possible some search features. Why not use some free software out there to generate my own?

another Terraform Ansible Kubernetes

Note - I have updated this for Kubernetes 1.7.x. Deploying Kubernetes, complete with an OpenVPN access point, a CFSSL x509 certificate generation service, and an internal Kubernetes cluster DNS, complete with a Weave CNI daemonset, and kube-dns, the Kubernetes internal DNS resolver. It is a two part process; first, using Terraform, it builds the AWS infrastructure, including VPC settings, IAM roles, security groups, instances, etc. Once the infrastructure is deployed, Ansible is then used to configure the system accordingly.
Ansible snippets - splitting variables

Ansible snippets - splitting variables

A useful Ansible snippet - splitting a variable value in Ansible. the stuffs - splitting a variable using .split Let’s paint a picture. Say there’s an application that needs upgraded. It’s distributed via a tarball. There is a service setup using a symlink - software -> software-1.2.3. The workflow would be something like… Untar a file. Change the symlink to point to the new folder (software -> software-2.0.0). There’s already a variable for the tar file name.

first post - in Google App Engine

First post! Um, again… My name is Bill Cawthra, I’m a DevOps, Sys admin, IT… person. I like to build things and make them work. THIS is the first post here on the new landing spot for my blog and notes, billyc.io. Currently it’s being deployed using Hugo and Google App Engine. There are two sites, http://test.billyc.io, a standard GAE application and the official https://blog.billyc.io. The first is a GAE standard and the second is GAE flexible.

personal AWS VPN using OpenVPN

Using Ansible Container, Ansible, and AWS, deploy a personal VPN server, while also creates a specified user, the appropriate OpenVPN configuration file, and saves it to the local user’s desktop. background Having a personal VPN server is immensely useful; we live in a mobile world with plenty of wifi hotspots. With these open access points, security is definitely a large issue. There are VPN services available, but it is often desirable to manage our own service.

playing with Ansible container

2017-03-16 UPDATE - I’m not sure I see a good use case for Ansible container. It’s neat, but at this time it comes off as overly complicated and REALLY slow. Maybe it will advance and become interesting, but right now, a Dockerfile seems better in many ways. Using ansible-container, the post covers creating Docker images, specifically images for development with AWS and Azure. It will configure the images accordingly, using Ansible playbooks and roles.

securely gathering SSH public keys from the AWS System Log

A spin off from Ansible SSH bastion host for dynamic infrastructure in AWS, this post documents how to gather EC2 instance SSH public key from the AWS System Log. background For a while I was stumped at how to deal with AWS, AMIs and SSH fingerprints/public keys. Initially, it was through pre-baked AMIs. But what if pre-baking AMIs isn’t realistic? Or the AMIs are baked without SSH host keys generated and aren’t known?