Navigation

    SOFTWARE-TESTING.COM

    • Register
    • Login
    • Search
    • Jobs
    • Tools
    • Companies
    • Conferences
    • Courses
    1. Home
    2. Duquan
    D
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    Duquan

    @Duquan

    0
    Reputation
    29569
    Posts
    1
    Profile views
    0
    Followers
    0
    Following
    Joined Last Online

    Duquan Follow

    Best posts made by Duquan

    This user hasn't posted anything yet.

    Latest posts made by Duquan

    • What is a good strategy to prevent Ansible playbook runs against the wrong hosts?

      It is too easy to run playbooks on the wrong hosts in Ansible

      I know the best practice would be to use --limit to make sure you can not select the wrong host. I do not trust --limit to ensure Ansible runs playbooks only on the intended hosts.

      Is it a crazy idea to use firewalld to disable communication to all the systems you do not want to update? Is there a more logical way to accomplish the same thing?

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • RE: Terraform conditional block inside a map

      This could be done with a dynamic block but its pretty complicated. This is how I would do it but there are other ways.

      variable "enable_vars" {
        type        = bool
        default     = false
      }
      

      locals {
      default_lambda_vars = {
      FOO = 1
      }
      extra_vars = {
      BAR = 2
      BAZ = 3
      }

      final_lambda_vars = var.enable_vars ? merge(local.default_lambda_vars, local.extra_vars) : local.default_lambda_vars
      }

      resource "aws_lambda_function" "mylambda" {

      #...
      
      environment {
          variables = local.final_lambda_vars
      }
      

      }

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • How to find logs when submitting resource type to Cloudformation Registry?

      I am developing a https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-private.html for AWS https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry.html . I have designed my model schema and developed my handler code, https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-walkthrough.html#resource-type-walkthrough-submit it, and even successfully deployed a stack with my very own private resource type. Yay.

      What i need to do now is inspect the logging thereof. As I had generated the scaffolding using the cfn init command, i merely added logging entries to the existing logger object.

      e.g.

      # Use this logger to forward log messages to CloudWatch Logs.
      LOG = logging.getLogger(__name__)
      TYPE_NAME = "Myself::Test::Resourceful"
      

      resource = Resource(TYPE_NAME, ResourceModel)
      test_entrypoint = resource.test_entrypoint

      @resource.handler(Action.CREATE)
      def create_handler(
      session: Optional[SessionProxy],
      request: ResourceHandlerRequest,
      callback_context: MutableMapping[str, Any],
      ) -> ProgressEvent:
      model = request.desiredResourceState
      progress: ProgressEvent = ProgressEvent(
      status=OperationStatus.IN_PROGRESS,
      resourceModel=model,
      )
      # TODO: put code here

      LOG.info('Creating....')
      

      According to the https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-develop.html#resource-type-develop-log ,

      When you register a resource type using cfn submit, CloudFormation creates a CloudWatch log group for the resource type in your account. This enables you to access the logs for your resource to help you diagnose any faults. The log group is named according to the following pattern:

      /my-resource-type-stack-ResourceHandler-string

      Now, when you initiate stack operations for stacks that contain the resource type, CloudFormation delivers log events emitted by the resource type to this log group.

      When submitting my resource type however (and even deploying it), a cannot see any LogGroup created in CloudWatch whatsoever. There is clearly something i am missing here.

      Please help me understand how to find the logging for my private Cloudformation registry resource types.

      Of course, i will be happy to provide any additional info needed. Thank you!

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • Virtual Machine Monitoring KQL yielding empty results

      I have enabled Azure Monitoring in one of our virtual machine. Is been 4 days the virtual machine is on, below is the query:

      Perf
      | where ObjectName == "Memory" and
      (CounterName == "Available MBytes Memory" or // the name used in Linux records
      CounterName == "Available MBytes") // the name used in Windows records
      |  summarize avg(CounterValue) by bin(TimeGenerated, 15min), Computer, _ResourceId // bin is used to set the time grain to 15 minutes
      | render timechart
      

      The output of Perf itself is empty. The same thing goes for Update, it show me zero results.

      These are the two extensions I have installed on the VM

      enter image description here

      Also I have created the Data collection rule to send below data to the log analytics

      enter image description here

      Any suggestions?

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • RE: dev/stage/prod in separate AWS accounts, managed via terraform cloud workspaces, how can I use lb ip in DNS records for each env?

      One simple way would be to delegate the subdomain of mydomain.com for each account to that account's Route53 service. After you do this, the credentials that allow Terraform to create load balancers, servers, and other things in the Dev account can also create/update/delete the DNS records for dev.mydomain.com. The different credentials that manage resources in the Stage account can also manage DNS entries in stage.mydomain.com. The DNS for the different accounts is kept separate just like the other resources.

      The way to do this is to create dev.mydomain.com as a public domain in the Dev account's Route53. Take down the list of DNS servers reported there, and add them as NS records for the name dev.mydomain.com in the Root account's Route53. Follow a similar pattern for the subdomains for the other accounts.

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • Why does the Rancher Security Group use TCP Port 10256?

      What does TCP 10256 do and where is to documented. According to the https://rancher.com/docs/rancher/v2.5/en/installation/requirements/ports/#rancher-aws-ec2-security-group it's open. But I don't see any documentation on port 10256 elsewhere.

      It's also documented on the similar https://rancher.com/docs/rancher/v2.6/en/cluster-provisioning/rke-clusters/node-pools/azure/azure-machine-config/

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • RE: Terraform - retrieving arn from another module

      main.tf

        module "s3_bucket" {
        source = "./modules/S3"
        kms_master_key_id = module.kms.kms_arn
      }
      

      module "kms" {
      source = "./modules/kms"
      }

      modules/kms/kms.tf

      resource "aws_kms_key" "key" {
        policy = data.aws_iam_policy_document.cmk.json
      }
      

      resource "aws_kms_alias" "key_alias" {
      name = "alias/kms-key"
      target_key_id = aws_kms_key.key.id
      }

      modules/kms/_outputs.tf

      output "kms_arn" {
        value = aws_kms_key.key.arn
      }
      

      modules/S3/main.tf

      resource "aws_s3_bucket" "bucket" {
      

      bucket = "09432804238423098"
      acl = "private"
      versioning {
      enabled = false
      }
      force_destroy = true
      server_side_encryption_configuration {
      rule {
      apply_server_side_encryption_by_default {
      kms_master_key_id = var.kms_master_key_id
      sse_algorithm = "aws:kms"
      }
      }
      }
      }

      modules/S3/variables.tf

      variable "kms_master_key_id" {
        default = ""
      }
      
      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • How can I find what options I can set with a `helm install` that the chart provides?

      Let's say I want to install an arbitrary helm chart like mysql-operator/mysql-innodbcluster how can I find what options I set with --set?

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • How to apply k8s manifest without scaling replicas

      We have a manifest file that defines a set number of replicas and an autoscaler that scales them up. The problem we have is when we apply the manifest, it immediately scales the replicas down to the number in the manifest. This eventually is fixed by the autoscaler, but in the meantime, it's not great!

      Is there a way to run a manifest and ignore the replica parameter?

      We tried removing it, but then it scaled to the default count of 1.

      posted in Continuous Integration and Delivery (CI
      D
      Duquan
    • RE: Terraform plan does not update AWS Task Definition with last active revision value

      From what I see in your terraform plan, terraform apply will indeed set the latest task definition version and probably run redeploy of your ECS.

      You can keep your state file up-to-date with terraform plan --refresh-only to see the possible changes in infrastructure done manually, and if you are ok with it, terraform apply --refresh-only will save those changes in your terraform state file.

      https://learn.hashicorp.com/tutorials/terraform/refresh is some more info on that subject.

      Hope it helps

      posted in Continuous Integration and Delivery (CI
      D
      Duquan