#announcements (2018-10)

cloudposse Cloud Posse Open Source Community #geodesic #terraform #release-engineering #random #releases #docs

This channel is for workspace-wide communication and announcements. All members are in this channel.

Archive: https://archive.sweetops.com

2018-10-01

 avatar
04:00:01 PM

There is 1 event this week

Townhall Meeting (SweetOps)

October 3rd, 2018 from 11:00 AM to 11:50 AM GMT-0700 at https://zoom.us/j/299169718

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Please feel free to update

GreetBot avatar
GreetBot
07:42:50 PM

hey everyone give a warm welcome to @MattN! Good to have you here

wave3
1
GreetBot avatar
GreetBot
11:27:34 PM

hey everyone give a warm welcome to @dserodio! Good to have you here

1
dserodio avatar
dserodio

Hi! I just discovered the CloudPosse website and Geodesic, and I was wondering why you chose Chamber for secrets management instead of Hashicorp Vault

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@dserodio welcome!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Sure - so Hashicorp vault is a great solution, but takes considerably more effort to manage over AWS SSM+Parameter Store.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Nothing about our strategy precludes the use of hashicorp vault, but using parameter store + ssm is a turnkey solution with no new overhead to manage.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
11:47:24 PM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this is the prescribed architecture for managing vault, which doesn’t take into account the SDLC including upgrades, backups, DR, etc.

GreetBot avatar
GreetBot
12:30:50 AM

hey everyone give a warm welcome to @jarv! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey Jarv! What brings you around?

jarv avatar

Just a fan of you guy’s work! Figured I’d stop by and say hi

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

awesome! always great to hear when we’re helping out

jarv avatar

Been messing around with the TF modules lately, but impressed with everything I’ve seen. Appreciate all your guy’s work on everything.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

have your seen our latest modules for EKS?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Andriy Knysh (Cloud Posse) has been hard at work on those

jarv avatar

Not yet, will likely soon though. Taking a look at the user/chamber stuff currently actually

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Cool - yea, we developed those mostly for external CI/CD systems (in our case Codefresh)

jarv avatar

Was planning on doing something similar to what you used to do before moving to 99designs/aws-vault, at least for the moment. But figured it was worth taking a quick look at how you have that set up now.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

oh, so we still use aws-vault and chamber

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

they are complimentary

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

aws-vault is the best way to manage local AWS credentials for “assuming roles” (and not to be confused with hashicorp’s vault - in anyway)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so we like to use aws-vault for all local development contexts

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

aha, yes! as soon as we took a look at aws-vault we knew that our own implementation was not worth maintaining anymore

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha

jarv avatar

So I guess my question is (and totally realize I can look this up as well), how is user/permission management done with the new setup?

jarv avatar

Previously I was thinking designated IAM account with users getting something like:

            "Action": "sts:*",
            "Resource": "arn:aws:iam::*:role/${aws:username}",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalType": "User"
                }
            }

then to provision a user in other account’s (that trust’s the iam one) you just need to create a role named after their username. (I think this is somewhat similar to what you did before, could be wrong there though)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hey @jarv

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

take a look at our reference architectures https://docs.cloudposse.com/reference-architectures/

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

in short, we create a few AWS accounts:

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
  1. root (which is billing account) to store all IAM users and roles
jarv avatar

yep, this was just another setup I was considering vs chamber, etc.. (iam account is seperate but doesn’t need to be, similar to the reference-architecture that way)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

this is complementary to chamber. we provision a separate chamber IAM user in all accounts (prod, staging, dev, testing) and use it to access SSM secrets

jarv avatar

ok cool, yeah so sounds like what I need to look into

jarv avatar

I went through the cold start on a test setup a bit ago, didn’t quite understand how this part worked exactly though.

jarv avatar

(I imagine I just need to dig into it a bit though)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

ohh, we keep forgetting it as well

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

can show you if you are stuck

jarv avatar

heh, yeah for sure. Might need to take you up on that

jarv avatar

I’ll go ahead and make an attempt here though first, appreciate the offer

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

ok

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Andriy Knysh (Cloud Posse) I think he’s talking specifically about Chamber

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

segmenting access to SSM (chamber) secrets to IAM users

1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

yea ok

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

using our terraform modules

jarv avatar

Yeah actually personally would like to adopt the whole platform, but more longer term goal I think.

I’m kinda hoping we can use what we need for now and adopt where it makes sense to dedup work.. which also makes getting stuff approved from my end a lot easier as well.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

For sure! Plot a course

1
jarv avatar

and tbh I like to do with anything that get’s adopted really, need to know how it works first imo..

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

let’s move to #terraform

1
justin.dynamicd avatar
justin.dynamicd

Chamber is pretty solid, but be careful/aware that AWS has API rate limits on the param store, so many companies after a certain size end up returning to Consul. But for startups/small businesses, I agree Chamber is too easy to ignore. Unless you have some really fancy dynamic auth/cert needs.

jarv avatar

Thanks good to know, shouldn’t be too many users for now.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I could see that being a problem where there are hundreds of containers getting spawned in an account per minute for example

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but also mitigated by having multiple accounts and never co-mingling prod with dev or staging

2018-10-02

justin.dynamicd avatar
justin.dynamicd

It all depends on use case of course. I first ran into the issue at a Serverless shop. In that scenario it wasn’t just secrets but nearly 100% of the behavior config was stored in param store. So I think we hit Params more than typical.

went looking for a published rate limit on AWS’s site later, but never found one, so no idea where that threshold sits. Best I could find where other people also seeing the boto3 failures and asking the same questions.

Luckily we DID do everything in unique accounts, and we first noticed it while load testing in Stage … so we were able to pivot before being SOL in prod.

Max Moon avatar
Max Moon

for serverless i found that secrets manager worked nicely for me and my use cases

Max Moon avatar
Max Moon

still an aws service but i never ran into any rate limit issues with 50+ lambdas

Max Moon avatar
Max Moon

is anybody else using that?

GreetBot avatar
GreetBot
03:19:35 PM

hey everyone give a warm welcome to @tomweston! Good to have you here

2
GreetBot avatar
GreetBot
05:47:37 PM

hey everyone give a warm welcome to @mallen! Good to have you here

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey @mallen! what’cha working on?

mallen avatar

Hi Erik, I was intrigued by your Unlimited Staging Environments vid on codefresh.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Oh cool! We’ve actually taken that a bit further now and extended it with automatic destruction of environments when PRs are closed

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and using Chamber for secrets and helmfile for deployment of helm releases

mallen avatar

nice, makes a real lot of sense. I would like to take a similar route.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you using k8s + helm?

mallen avatar

yeah we do, i spent a lot of time writing jenkins grooviness and to calm my rage I started to look for fresh ideas.

1
tolstikov avatar
tolstikov

so true…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha yea, Jenkins is a common route, but frankly after working with Codefresh for the past year couldn’t imagine going back.

mallen avatar

I’m not really a jenkins hater if it works i’m ok with it. codefresh and ideas like the unlimited dynamic staging environments are just making soo much better use of the power available (without investing lots of time). I’m also thinking of self service environment with some sort of live code sync would be a great pain easier, something like devspace, but Im in the early research stages.

GreetBot avatar
GreetBot
06:36:44 PM

hey everyone give a warm welcome to @dan! Good to have you here

1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome @dan ! let me know if you need any assistance with our stuff

GreetBot avatar
GreetBot
05:03:25 AM

hey everyone give a warm welcome to @Fizz! Good to have you here

1
Ryan Ryke avatar
Ryan Ryke

hi @Fizz

Ryan Ryke avatar
Ryan Ryke

2018-10-03

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Town hall meeting today at 11am PST, 6pm GMT. For those interested, it’s a chance to meet others “face-to-face” via zoom and hear what everyone is working on.

Agenda: https://cloudposse.quip.com/VHF9A1Qrp3eR Quip: https://zoom.us/j/299169718

GreetBot avatar
GreetBot
04:52:48 PM

hey everyone give a warm welcome to @nathan! Good to have you here

wave1
 avatar
05:45:01 PM
GreetBot avatar
GreetBot
02:47:48 AM

hey everyone give a warm welcome to @ankur! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey @ankur ! Let me know if you need help with anything…

2018-10-04

GreetBot avatar
GreetBot
02:23:23 PM

hey everyone give a warm welcome to @yudi.phanama! Good to have you here

wave3

2018-10-05

2018-10-06

GreetBot avatar
GreetBot
08:49:15 AM

hey everyone give a warm welcome to @blake! Good to have you here

wave2

2018-10-07

antonbabenko avatar
antonbabenko

So many new faces here! Welcome all!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome all! If you came for questions regarding terraform, be sure to check out the #terraform channel

2018-10-08

 avatar
04:00:01 PM

There are no events this week

 avatar
05:32:21 PM
Townhall Meeting (SweetOps)

September 19th, 2018 from 11:00 AM to 11:50 AM GMT-0700 Recurring every 2 weeks on Wednesday at https://zoom.us/j/299169718

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I’m going to be reincarnating this event - we had some good discussions on how to make it better last week

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Proposed format is something like: 1) Show & Tell - present a live demo of something cool (recorded) 2) Gossip - share some cool new link or project, why you liked it; let others share what they’ve done in the past (recorded)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

3) Off the Record - talk shop (not recorded)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Office Hours - Weekly Q&A, AMA for people who need to ask cloudposse for assistance on our tools and projects

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Please share your thoughts on what you’d like to see!

GreetBot avatar
GreetBot
06:30:36 PM

hey everyone give a warm welcome to @vinay.nair! Good to have you here

1
GreetBot avatar
GreetBot
08:06:04 PM

hey everyone give a warm welcome to @geertn! Good to have you here

2

2018-10-09

GreetBot avatar
GreetBot
01:09:19 PM

hey everyone give a warm welcome to @Nathan Preen! Good to have you here

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hey @Nathan Preen and welcome

Nathan Preen avatar
Nathan Preen

wave

GreetBot avatar
GreetBot
05:48:30 PM

hey everyone give a warm welcome to @Gaurav! Good to have you here

Gaurav avatar

Thank you

Gaurav avatar

I need a help

Gaurav avatar

[root@server kubernetes]# kubectl run hello-minikube –image=worpress The connection to the server localhost:8080 was refused - did you specify the right host or port?

Gaurav avatar

In kubectl

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Gaurav are you on OSX with Docker for Mac?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

let’s move to #kubernetes

GreetBot avatar
GreetBot
07:33:18 PM

hey everyone give a warm welcome to @sebas! Good to have you here

2
wave1

2018-10-10

Gaurav avatar

I am using Centos7

Gaurav avatar

GUI

GreetBot avatar
GreetBot
02:55:01 AM

hey everyone give a warm welcome to @ben! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Woohoo @ben ! Welcome. Good seeing you tonight at the Github meetup.

2018-10-11

Zapier avatar
Zapier
12:39:05 PM

@maarten created a new channel #azure. Join if this sounds interesting!

GreetBot avatar
GreetBot
02:47:36 PM

hey everyone give a warm welcome to @bober2000! Good to have you here

bober2000 avatar
bober2000

Hi all. I’m quite new to Terraform so my question could be newbie but I need help. I’m using https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment to create beanstalk nodejs environment. I need to change NodeJS version - as I see I could do it using this namespace https://docs.aws.amazon.com//elasticbeanstalk/latest/dg/command-options-specific.html#command-options-nodejs but I don’t know where could I inject settings for this

cloudposse/terraform-aws-elastic-beanstalk-environment

Terraform module to provision an AWS Elastic Beanstalk Environment - cloudposse/terraform-aws-elastic-beanstalk-environment

Platform Specific Options - AWS Elastic Beanstalk

Configure platform-specific options for your Elastic Beanstalk environment.

bober2000 avatar
bober2000

Like this:

setting {
    namespace = "aws:elasticbeanstalk:container:nodejs"
    name      = "NodeVersion"
    value     = "8.6.4"
  }
Andy avatar

@bober2000 solution_stack_name “Elastic Beanstalk stack, e.g. Docker, Go, Node, Java, IIS. http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html string no ` “

Elastic Beanstalk Supported Platforms - AWS Elastic Beanstalk

Elastic Beanstalk provides pre-configured platforms for programming languages (Java, PHP, Python, Ruby, Go), web containers (Tomcat, Passenger, Puma), and Docker containers, with multiple configurations of each.

Andy avatar

check out their example https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/blob/master/examples/complete/main.tf . They specify solution_stack_name = "64bit Amazon Linux 2018.03 v2.12.2 running Docker 18.03.1-ce"

cloudposse/terraform-aws-elastic-beanstalk-environment

Terraform module to provision an AWS Elastic Beanstalk Environment - cloudposse/terraform-aws-elastic-beanstalk-environment

bober2000 avatar
bober2000

@Andy thanks - solution stack is ok, Node env is installed - but it’s using Node 6.x by default - in AWS Console - I could change version to 8.x/10.x etc - I need to do this in tearraform

Andy avatar
Elastic Beanstalk Supported Platforms - AWS Elastic Beanstalk

Elastic Beanstalk provides pre-configured platforms for programming languages (Java, PHP, Python, Ruby, Go), web containers (Tomcat, Passenger, Puma), and Docker containers, with multiple configurations of each.

Andy avatar

Ah I see they combine multiple version for NodeJs

bober2000 avatar
bober2000

Default platform: 6.14.4 - I need it to be set to 8.11.4 at

 terraform apply
Andy avatar

So the setting you pasted above you’d have to add

Andy avatar
The Node.js platform includes a few Node.js versions in a single configuration. The following table lists them. The default version applies when the NodeVersion option in the aws:elasticbeanstalk:container:nodejs namespace isn't set. For details, see Node.js Platform Options in the AWS Elastic Beanstalk Developer Guide. 
bober2000 avatar
bober2000

That is the question - where should I put those settings section ?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Let’s move the terraform discussion to #terraform

bober2000 avatar
bober2000

Currently I’m using example

bober2000 avatar
bober2000

Oh, sorry

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

No prob! Welcome to the community :-)

GreetBot avatar
GreetBot
06:15:24 PM

hey everyone give a warm welcome to @GFox)(AWSDevSecOps! Good to have you here

wave3

2018-10-12

GreetBot avatar
GreetBot
10:27:18 PM

hey everyone give a warm welcome to @samh! Good to have you here

1
wave1

2018-10-14

GreetBot avatar
GreetBot
07:36:30 AM

hey everyone give a warm welcome to @tobiaswi! Good to have you here

wave2

2018-10-15

 avatar
04:00:01 PM

There are no events this week

GreetBot avatar
GreetBot
04:03:41 PM

hey everyone give a warm welcome to @nicgrayson! Good to have you here

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

welcome @nicgrayson and @tobiaswi!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

let me know if I can help with anything

1
GreetBot avatar
GreetBot
05:19:39 PM

hey everyone give a warm welcome to @Miguel Mendez! Good to have you here

wave1
GreetBot avatar
GreetBot
06:30:14 PM

hey everyone give a warm welcome to @Nizam! Good to have you here

Nizam avatar

Hi There!

Nizam avatar

I’m setting up prometheus to cloudwatch

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hey @Nizam welcome to the community

Nizam avatar

I’m getting these logs:

Nizam avatar

prometheus-to-cloudwatch: published 0 metrics to CloudWatch

Nizam avatar

there is no error

Nizam avatar

what can be the issue?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

did you specify the correct scrapping URL?

Nizam avatar

its right, name of service is same

Nizam avatar

in another form I only mentioned PROMETHEUS_SCRAPE_URL: “http://hardy-ocelot-kube-state-metrics:8080/metrics

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

did you install kube-state-metrics?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/prometheus-to-cloudwatch

Utility for scraping Prometheus metrics from a Prometheus client endpoint and publishing them to CloudWatch - cloudposse/prometheus-to-cloudwatch

Nizam avatar

yes

Nizam avatar

hardy-ocelot-kube-state-metrics

Nizam avatar

above is the name of my service

Nizam avatar

I’ve given instance IAM role to all cloudwatch permissions, its in aws

Nizam avatar

any idea?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

can you get the pods and look into the logs? maybe they were not started correctly. Look into kube-state-metrics pods and prometheus-to-cloudwatch pods

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

kubectl get pods --all-namespaces

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

kubectl logs <xxxxxxx> -n <namespace>

Nizam avatar

let me check

Nizam avatar

User “systemdefault:default” cannot list replicationcontrollers at the cluster scope

Nizam avatar

this is user account permission issue

Nizam avatar

there are many more like this on other resources

Nizam avatar

assigning rbac to default

2018-10-16

GreetBot avatar
GreetBot
04:44:43 PM

hey everyone give a warm welcome to @shaiss! Good to have you here

GreetBot avatar
GreetBot
07:06:36 PM

hey everyone give a warm welcome to @Suresh! Good to have you here

2

2018-10-17

Gabe avatar

thought it could be useful for you to have PR templates on your repos… made an example here https://github.com/cloudposse/terraform-aws-dynamic-subnets/pull/35

Create pull_request_template.md by gabel0287 · Pull Request #35 · cloudposse/terraform-aws-dynamic-subnets

What Add PR Template Why Makes it standard for new PRs to include required information. Providing this PR as an example if you want to include on other repos.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @Gabe! You’re right. We should roll this out to all repos.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I made a small comment. What do you think about using .github/ folder?

Gabe avatar

Yeah that’s how I was going to do it originally lol

Gabe avatar

It could be a little nicer since it keeps it hidden

Gabe avatar

Happy to make the change if that’s your preference

Gabe avatar

done

GreetBot avatar
GreetBot
10:33:34 PM

hey everyone give a warm welcome to @Trey! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks @Gabe

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think I’ll have @vadzim on our team add this to all of our repos.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome @Trey!

rohit.verma avatar
rohit.verma

hi @Erik Osterman (Cloud Posse) Saw this yesterday https://github.com/skyscrapers/terraform-kubernetes. They are using null resources to call kops and helm.

skyscrapers/terraform-kubernetes

Contribute to skyscrapers/terraform-kubernetes development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Igor Rodionov @Andriy Knysh (Cloud Posse)

skyscrapers/terraform-kubernetes

Contribute to skyscrapers/terraform-kubernetes development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

oh cool, and using teleport for ssh

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

looks like a lot of work went into this….

2018-10-18

Ryan Ryke avatar
Ryan Ryke

speaking of teleport for ssh. i have a customer thats asking for ssh type access into a fargate container… as much as ive tried to persuade him against it. hes pretty steadfast in that requirement. looked at ecsctl but wondering if anyone around here has experience with a tool

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

unfortunately, not… this cannot be achieved on fargate using docker exec since that capability is not exposed

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it would require deploying an SSH daemon alongside the other processes inside of the container, which I’m sure you don’t want to do

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if you switch to ECS “classic” then you can do whatever you want since you BYOM to the cluster.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but, hypotheticaly, if you did, here’s a base image for ya: https://github.com/cloudposse/bastion

cloudposse/bastion

Secure Bastion implemented as Docker Container running Alpine Linux with Google Authenticator & DUO MFA support - cloudposse/bastion

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Ryan Ryke would maybe a bastion suffice?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this wouldl allow you to deploy an ECS task to the cluster that you could expose to the internet

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if you ssh to the bastion, you could then curl and access the internal services running on private subnets

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

of course, SSH would still require that those services have that running

Ryan Ryke avatar
Ryan Ryke

yeah bastion is in there, from there i was curious how we could do it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

run the SSM agent in each container?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

…which now has some kind of remote term capability in AWS web console

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

run tmate in every container.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Ryan Ryke avatar
Ryan Ryke

oh i wonder if we could do that

Ryan Ryke avatar
Ryan Ryke

that would be hot

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

let me know what you come up with

GreetBot avatar
GreetBot
03:44:37 PM

hey everyone give a warm welcome to @joshmyers! Good to have you here

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hey @joshmyers

joshmyers avatar
joshmyers

wave

GreetBot avatar
GreetBot
04:05:50 PM

hey everyone give a warm welcome to @ivodvb! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Howdy!

joshmyers avatar
joshmyers

I’ve been following CloudPosse work for a while but just came across geodesic, which looks awesome. How battle tested is it? Am OOO atm but looking forward to getting hands on with it ASAP

1
1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

we’ve been using it for many projects and clients. We are constantly improving it, but it mostly does what we want. @Erik Osterman (Cloud Posse) has more to say about it and future plans

GreetBot avatar
GreetBot
04:18:06 PM

hey everyone give a warm welcome to @ndobbs! Good to have you here

1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@joshmyers it’s currently in use a handful (7+) organizations to power their production, staging, dev, etc. environments

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s actively maintained, supported and receiving a continuous stream of enhancements and updates.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

the power here is that by collaborating on a similar base infrastructure, we all benefit. i’ve been absolutely amazed by all the wonderful contributions (and bug fixes!) we continually receive from the community. would be happy to share more details…..

GreetBot avatar
GreetBot
04:49:10 PM

hey everyone give a warm welcome to @Ion! Good to have you here

wave1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

welcome @Ion!

GreetBot avatar
GreetBot
05:45:20 PM

hey everyone give a warm welcome to @lvh! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

awesome! great to see you here @lvh

GreetBot avatar
GreetBot
10:30:02 PM

hey everyone give a warm welcome to @jsanchez! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey Jesse!

jsanchez avatar
jsanchez

hi. saw the slack channel on a terraform module. figured to join the group.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

awesome! well definitely join the #terraform channel. which module, btw?

jsanchez avatar
jsanchez
cloudposse/terraform-aws-route53-alias

Terraform Module to Define Vanity Host/Domain (e.g. [brand.com](http://brand.com)) as an ALIAS record - cloudposse/terraform-aws-route53-alias

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Cool, what are you working on?

jsanchez avatar
jsanchez

old project at work. cleaning up some old code and trying to use modules already out there.

GreetBot avatar
GreetBot
01:45:12 AM

hey everyone give a warm welcome to @Vi! Good to have you here

1
Vi avatar

Hi everyone

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hey @Vi! what brings you around?

Vi avatar

I am a university graduate, I have started with terraform past week.

Vi avatar

I was looking for automating the creation of cloudfront, route53 records and creation of certificate and I found this github which has helped me alot.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Awesome! well definitely have a look at our #terraform channel

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so you found our terraform-aws-cloudfront-* modules?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

GreetBot avatar
GreetBot
03:30:37 AM

hey everyone give a warm welcome to @sigafoose! Good to have you here

wave1
sigafoose avatar
sigafoose

tanks a latte

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@sigafoose what are you up to?

sigafoose avatar
sigafoose

<– just joined a devops team

sigafoose avatar
sigafoose

im in info overload mode

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, there’s a lot to pick up

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

what’s the tech stack?

sigafoose avatar
sigafoose

we are still working on that

sigafoose avatar
sigafoose

right now we’ve decided on aws

sigafoose avatar
sigafoose

terraform/ansible is about all I am aware is in stone

sigafoose avatar
sigafoose

your teams git is a really good resource

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks! @sigafoose hope you get some good use out of our modules.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we accept nearly all PRs and are very quick to review.

1

2018-10-19

tobiaswi avatar
tobiaswi

Hi @Erik Osterman (Cloud Posse). I had a blats watching the video you did with codefresh on unlimited staging environments. bookmarked it and wanted to rewatch it now but looks like its no longer available on youtube. any idea where i can find it?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Unlimited Staging Environmentsattachment image

How to run complete, disposable apps on Kubernetes for Staging and Development What if you could rapidly spin up new environments in a matter of minutes entirely from scratch, triggered simply by the push of a button or automatically for every Pull Request or Branch. Would that be cool? That’s

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@tobiaswi ^

rohit.verma avatar
rohit.verma

This is really nice, we did same thing using spinnaker though

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@rohit.verma I’d like a demo

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

let’s sync up next week

rohit.verma avatar
rohit.verma

Sure, my laptop screen broke yesterday night. Will connect back when repair complete. On a temp laptop now

rohit.verma avatar
rohit.verma

hey, when do you want to have the demo?

rohit.verma avatar
rohit.verma

i will explain what we needed and how we did

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@tobiaswi thanks for bringing that to my attention !

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

codefresh will be reuploading the video.

tobiaswi avatar
tobiaswi

That is awesome. Thank you so much. We are currently building out our ci/cd on codefresh and your video was a huge inspiration for me

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Thanks so much! We have a lot of updates since then - including automatic destruction when PR closed

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I am going to reach out to Codefresh to find out what happened.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

There is a new video, but it’s only 10 minutes

GreetBot avatar
GreetBot
03:36:17 PM

hey everyone give a warm welcome to @Jay! Good to have you here

Jay avatar

Hey fellers!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hola @Jay!

Jay avatar

hey, I had a question for you guys, is there anyway to do bind mounts with your “terraform-aws-ecs-container-definition” module?

Jay avatar

I’ve been going through the readme but I don’t see mounts mentioned anywhere

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

oh hrm….

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so we’re using it with Fargate mostly, so maybe we didn’t add the fields for that

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Jay if you want to open a PR, we’ll promptly review it

Jay avatar

sure thing! it would be awesome if I could bind mount volumes using the same logic as the port mapping works

1
GreetBot avatar
GreetBot
04:05:39 AM

hey everyone give a warm welcome to @joe! Good to have you here

2
wave3

2018-10-20

GreetBot avatar
GreetBot
05:09:29 PM

hey everyone give a warm welcome to @Nate! Good to have you here

wave1
GreetBot avatar
GreetBot
06:21:33 PM

hey everyone give a warm welcome to @sixarm! Good to have you here

1
GreetBot avatar
GreetBot
12:00:32 AM

hey everyone give a warm welcome to @George! Good to have you here

wave1

2018-10-21

GreetBot avatar
GreetBot
05:20:20 PM

hey everyone give a warm welcome to @SigmundFried! Good to have you here

wave1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome @SigmundFried! What brings you around?

GreetBot avatar
GreetBot
06:12:52 PM

hey everyone give a warm welcome to @EinavF! Good to have you here

wave1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@EinavF welcome!

EinavF avatar

thank

SigmundFried avatar
SigmundFried

hey Erik ! I just recently discovered Cloud Posse SweetOps and I have to say it is very inline with my current role

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

awesome! good to hear it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

What are you working on?

SigmundFried avatar
SigmundFried

A fairly substantial cloud transformation that includes HPC on AWS

SigmundFried avatar
SigmundFried

moving towards containerization

SigmundFried avatar
SigmundFried

Biotech

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Cool - so using Terraform presumably?

SigmundFried avatar
SigmundFried

more and more

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Are you using ECS or EKS (or kops)?

SigmundFried avatar
SigmundFried

currently ECS but kops is pretty alluring

SigmundFried avatar
SigmundFried

kinda what brought me in

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, kops >> EKS >> ECS

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

kops does a great job of simplifying the long-term maintenance of kubernetes on AWS.

SigmundFried avatar
SigmundFried

simplifying the long-term maintenance of kubernetes on AWS you read my mind

SigmundFried avatar
SigmundFried

of course it’s programming people that is always the initial challenge. That’s where I am knee-deep right now

SigmundFried avatar
SigmundFried

specially the sciency types

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha, yea, getting buy-in is the most important part.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you using Tensorflow?

SigmundFried avatar
SigmundFried

no

SigmundFried avatar
SigmundFried

not yet anyhow

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

GPUs?

SigmundFried avatar
SigmundFried

yes

SigmundFried avatar
SigmundFried

LOTS

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

cool

SigmundFried avatar
SigmundFried

protein engineering takes tons

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, that’s one area it really shines… making it easy to autoscale GPU node pools

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

all the way from 0 to N

SigmundFried avatar
SigmundFried

ya so we have (historically) hand rolled our own auto-scaling solutions but I am convinced there is a far better way

SigmundFried avatar
SigmundFried

or at least a better way to roll em

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, it’s basically reinventing the wheel. kubernetes is basically a cloud framework, like rails is a web framework

SigmundFried avatar
SigmundFried

exactly

SigmundFried avatar
SigmundFried

preaching to the choir !!

SigmundFried avatar
SigmundFried

hehe

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

well, if you ever need more material - hit me up

SigmundFried avatar
SigmundFried

I will for sure…. Thanks !!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

preaching is my pasttime

SigmundFried avatar
SigmundFried

coo

GreetBot avatar
GreetBot
09:30:34 PM

hey everyone give a warm welcome to @catdevman! Good to have you here

wave1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@catdevman thanks for the PRs! I just want to have @Andriy Knysh (Cloud Posse) review them tomorrow as well. Also, as you’ve probably noticed, GitHub is barely functional right now

2018-10-22

catdevman avatar
catdevman

@Erik Osterman (Cloud Posse) My pleasure. I have been using FOSS for years now and I am just glad to have found a place that I can give back in.

1
catdevman avatar
catdevman

I was looking at what you do at CloudPosse and I really like the idea of being part of an organization like that even if it is just adding/editing some Terraform code on a repo

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

You found your spot! In addition to accepting nearly all PRs, just to let you know we also accept module donations as well - so long as they conform to some of our standards (like using the terraform-null-label or terraform-terraform-label modules)

catdevman avatar
catdevman

Okay, for now the modules I have written are pretty specific to the company I work at. I am working on making them more configurable and generic picked up a few lessons from Gruntwork talk https://www.youtube.com/watch?v=LVgP63BkhKQ. I am even looking into adding some tests with terratest https://github.com/gruntwork-io/terratest. (I hope that Gruntwork isn’t a curse word to you all at CloudPosse)

gruntwork-io/terratest

Terratest is a Go library that makes it easier to write automated tests for your infrastructure code. - gruntwork-io/terratest

catdevman avatar
catdevman

As a remote DevOps Engineer that is a single guy at the company I am at, managing all our servers from EC2 to RDS any help I can get is much appreciated!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yea exactly! There are so many engineers as yourself in one-man silos. It’s so important to be able talk shop and bang ideas off peers in order to grow in the position.

catdevman avatar
catdevman

For sure. It is funny my background was systems/networking engineer (Linux - Cisco and HP mostly, some Motorola wireless controller stuff as well) then I started working in Software Development and now I found the happy middle ground. I would love to find out more about the process that CloudPosse goes through… I have found it very difficult to get buy-in on true DevOps. Non-Siloed teams where they can deploy their own code whenever they would like and get features out faster… and as someone that worked in Software Development I know I would like to have that power if all it took was learning a few extra tools but management seems to be the stumbling block for me. I have found that I really dislike the title DevOps Engineer… like makes it seem like one group/person is suppose to take care of a lot more then what is possible.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

sure - would be happy to share some thoughts on that. you can always schedule time with me here: https://calendly.com/cloudposse/

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hey @catdevman and welcome

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

GitHub’s database has suffered network partition. https://www.theinquirer.net/inquirer/news/3064898/github-down-major-outage They clearly use a distributed system, in which according to CAP theorem you can have only two out of three:

Consistency: Every read receives the most recent write or an error Availability: Every request receives a response that is not an error Partition tolerance: The system continues to operate despite an arbitrary number of messages being dropped (or delayed) by the network between nodes

They chose CP (no availability)

https://en.wikipedia.org/wiki/CAP_theorem https://towardsdatascience.com/cap-theorem-and-distributed-database-management-systems-5c2be977950e https://jepsen.io/analyses https://github.com/aphyr/partitions-post https://www.consul.io/docs/internals/jepsen.html https://aphyr.com/posts/281-call-me-maybe-carly-rae-jepsen-and-the-perils-of-network-partitions

2
tolstikov avatar
tolstikov

seems like this time consistency was an issue too

 avatar
04:00:01 PM

There are no events this week

GreetBot avatar
GreetBot
04:20:58 PM

hey everyone give a warm welcome to @serhat! Good to have you here

wave1
George avatar

I guess they viewed data loss as worse than downtime

GreetBot avatar
GreetBot
09:41:13 PM

hey everyone give a warm welcome to @sprutner! Good to have you here

sprutner avatar
sprutner

wave

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey @sprutner!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

what are you working on?

sprutner avatar
sprutner

I was trolling through the issues on Atlantis and saw some thoughtful commentary by you and some enhancements you’re working on

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Oh cool! Yea, we’re having a lot of fun with Atlantis. We have an experimental fork going on. Hoping that we can get some of these features upstreamed eventually.

sprutner avatar
sprutner

Yeah Cloudposse rung a bell, not sure where I heard of you before. But why not say hello.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hrmm… maybe some of our terraform modules?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Where are you based?

sprutner avatar
sprutner

I’m in SF

GreetBot avatar
GreetBot
09:58:15 PM

hey everyone give a warm welcome to @steve! Good to have you here

Zapier avatar
Zapier
10:02:39 PM

@Erik Osterman (Cloud Posse) created a new channel #atlantis. Join if this sounds interesting!

GreetBot avatar
GreetBot
12:04:21 AM

hey everyone give a warm welcome to @Benn! Good to have you here

1
GreetBot avatar
GreetBot
02:11:54 AM

hey everyone give a warm welcome to @Wes! Good to have you here

1
Wes avatar

Hello everyone

wave1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hi @Wes, welcome

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey @Wes!

Wes avatar

I’ve been pulling a lot of your terraform modules so I had to drop by and say hello

Wes avatar

Day 2 of Terraform…I think I understand it?

Wes avatar

haha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

awesome - glad you’re enjoying them!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

haha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea - there’s a lot of to learn

Wes avatar

yeah I need to move my AWS account from one to another so I figured this may be a good time to learn how to automate building out AWS accounts

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yea, it’s a bit of upfront investment

Wes avatar

yeah and will be helpful when we need a QA env set up quickly and what not

GreetBot avatar
GreetBot
04:26:03 AM

hey everyone give a warm welcome to @seses! Good to have you here

wave1

2018-10-23

maarten avatar
maarten
Terraform Collaboration for Everyone

HashiCorp announces improved configuration language, remote operations, and new, free collaboration features for HashiCorp Terraform….

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)


Atlantis Team Joins HashiCorp

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Atlantis is an open source tool designed to help teams collaborate on Terraform. It provides a workflow for reviewing and executing Terraform directly from GitHub pull requests.

Anubhav Mishra and Luke Kysow are the engineers behind Atlantis. Mishra started the project at Hootsuite and has been a developer advocate at HashiCorp for the past year. Luke joined Mishra to help open source the project and has been leading the project for the past nine months.

Over the past few months, we have had many discussions between Mishra and Luke and the folks on the Terraform team here at HashiCorp. Through these conversations, we have come to understand that we have a shared vision for providing solutions for Terraform collaboration for teams large and small.

Today we are pleased to announce that both Mishra and Luke are on board as HashiCorp employees and we'll be working together to solve Terraform collaboration for everyone. In the near term, nothing will change for Atlantis and its users. Luke will continue to maintain Atlantis, review pull requests, triage issues, and write code.

We are still working out the details of how Atlantis will fit into the Terraform portfolio, but whatever direction we take, we're committed to keeping Atlantis functionality free and open source.
2
Zapier avatar
Zapier
07:34:24 PM

@Erik Osterman (Cloud Posse) created a new channel #terraform-0_12. Join if this sounds interesting!

GreetBot avatar
GreetBot
07:48:43 PM

hey everyone give a warm welcome to @Jeremy! Good to have you here

wave1
praveen avatar
praveen

Hi

praveen avatar
praveen

am looking for help on tomcat puppet module

praveen avatar
praveen

I am trying to create tomcat image using packer sourcing puppet tomcat module. It is throwing an error -unknown resource type: “concat”

praveen avatar
praveen

I understand the tomcat module is missing dependency of concat & stdlib which I included then in .fixtures file as fixtures: repositories: stdlib: “https://github.com/puppetlabs/puppetlabs-stdlib.git” concat: “https://github.com/puppetlabs/puppetlabs-concat.git” archive: “https://github.com/voxpupuli/puppet-archive.git” augeas_core: “https://github.com/puppetlabs/puppetlabs-augeas_core.git

puppetlabs/puppetlabs-stdlib

Puppet Labs Standard Library module. Contribute to puppetlabs/puppetlabs-stdlib development by creating an account on GitHub.

puppetlabs/puppetlabs-concat

File concatenation system for Puppet. Contribute to puppetlabs/puppetlabs-concat development by creating an account on GitHub.

voxpupuli/puppet-archive

Compressed archive file download and extraction with native types/providers for Windows and Unix - voxpupuli/puppet-archive

puppetlabs/puppetlabs-augeas_core

Manage files using Augeas. Contribute to puppetlabs/puppetlabs-augeas_core development by creating an account on GitHub.

praveen avatar
praveen

am I missing something

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

welcome @praveen!

praveen avatar
praveen

Hello Erik

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I can’t speak for others, but cloudposse doesn’t support any classic configuration management systems (cfengine, salt, chef, ansible, puppet, etc)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we’re using strictly terraform+containers or kubernetes+containers

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

maybe checkout the hangops slack team

praveen avatar
praveen

sure, thank you for letting me know erik

praveen avatar
praveen

will checkout hangops

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

though many here use packer, so you can probably get some tips on that

praveen avatar
praveen

packer is running fine Erik. Thank you very much for the swift responce

GreetBot avatar
GreetBot
12:59:24 AM

hey everyone give a warm welcome to @fnova! Good to have you here

wave1

2018-10-24

Zapier avatar
Zapier
06:06:07 PM

@Erik Osterman (Cloud Posse) created a new channel #terragrunt. Join if this sounds interesting!

praveen avatar
praveen

Hi, I am looking for information on how to source passwords from azure keyvault using remote-exec(terraform). Basically I will have to copy a property file to the server which I will source it from git. I do not want the properties file to have sensitive information like secrets/ passwords. so I would want to append the file to password/secret’s from keyvault in azure platform

sarkis avatar

Who will be the 200th SweetOps member.. 7 more to go

sarkis avatar

Will we be sending them a geodesic t-shirt?

1
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

2 more to go :-)

sarkis avatar

i’m not counting the bots @Erik Osterman (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Haha

GreetBot avatar
GreetBot
04:37:31 AM

hey everyone give a warm welcome to @Bong Aquino! Good to have you here

1

2018-10-25

GreetBot avatar
GreetBot
02:56:43 PM

hey everyone give a warm welcome to @s.p.i! Good to have you here

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hey @s.p.i welcome

s.p.i avatar

hi

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

what are you working on?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
Announcing First-Class Kubernetes Support for HashiCorp Products

As a follow-up to the HashiCorp Consul plus Kubernetes blog series, this blog highlights our recent work to provide first-c…

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
HashiCorp Product Announcements at HashiConf 2018

Today at HashiConf 2018 in San Francisco, we are announcing major updates across our entire suite of open source and enterprise products. Our mission…

s.p.i avatar

I’m DevOps on AWS & Azure loving Terraform & CI/CD

3
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

looks like you are SweetOps user #200

5
2
3
3
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Lol

maarten avatar
maarten

hehe

lvh avatar

Is there a way to get an ECS task to assume a foreign role (as in from a different account) as the task role? I think the answer is no because the way you make that work is you add a trust policy that allows ecs-tasks.amazonaws.com to assume the role, but i don’t own the role

maarten avatar
maarten

@lvh you can give the role the permission to assume the role of a different account

maarten avatar
maarten

Trust policies on services only work within the same account afaik.

maarten avatar
maarten

What are you trying to achieve ?

lvh avatar

I want to run an ECS container in my AWS account with permissions to view infra; I want to view said infra from my account

lvh avatar

ideally I would do that with the application itself being entirely role-oblivious

maarten avatar
maarten

I don’t think I follow, what do you mean by infra ?

lvh avatar

some infrastructure; could be anything

lvh avatar

imagine I’m deploying something with terraform in a foreign account

lvh avatar

(actually what I’m doing is auditing the foreign account, but who cares – there’s a foreign role that has some permissions that software I control needs; I would like to run said software on ECS in my account)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes, that should be possible

lvh avatar

but ECS already has a concept of giving some permissions to a task: it’s just that it expects that role to be in the same account

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Datadog for example does this

lvh avatar

when you say should be possible you mean possible by explicitly assuming a role inside the application? or by assigning it to ECS directly

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

And it’s a pattern they recommend with Atlantis to assume role into foreign accounts

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

They application needs to support it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

However!!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

One Sec

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
[assume-role] Add simple assume-role utility · Issue #85 · cloudposse/packages

what Add simple assume-role utility why For CI/CD contexts with codefresh, where aws-vault is not suitable references https://github.com/remind101/assume-role/

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

This will facilitate that programmatically I such a way you get a shell that has access to that env.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

But if your are writing something from the ground up, you should just incorporate it into your app

lvh avatar

ah neat, I’ve been using aws-vault but obvs “keychain” makes less sense in a container

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Right, this is like AWS vault but for services rather than humans

lvh avatar

well all I really need is something that takes the output of aws sts assume-role and sets some env vars which sounds pretty doable

maarten avatar
maarten

it’s also easy to script with just aws sts

lvh avatar

jynx

lvh avatar

that tool suggests I configure ~/.aws/config – one would hope it automagically works with the metadata service or env vars too because it just uses the aws sdk

lvh avatar

yeah I’ll probably just script this manually

lvh avatar

well; thanks

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It just uses go sdk for aws

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Which works with metadata api

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

AWS config is probably for local dev (which aws-vault is better suited for). Shouldn’t be required. I was looking to do exactly what you are doing which is what led me down this path

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

AWS cli for STS falls short of what I would want from it.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It’s like curl for AWS api. Great that it returns json, but if I have to “program” to use it, I might as well use the library for my language

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That’s why I like the cli approach that provides me an operational environment. I don’t know why aws cli for sts still doesn’t support that exec capability.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I say this after having used it before I found the simple cli tools

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

:-)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/aws-assumed-role

Easily assume roles that require MFA on AWS. Contribute to cloudposse/aws-assumed-role development by creating an account on GitHub.

2018-10-26

GreetBot avatar
GreetBot
08:56:13 AM

hey everyone give a warm welcome to @Kenny Inggs! Good to have you here

wave1
1
maarten avatar
maarten

Hi Kenny, what are you working on ?

GreetBot avatar
GreetBot
09:51:06 PM

hey everyone give a warm welcome to @Jake Lundberg (HashiCorp)! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

whoot! welcome @Jake Lundberg (HashiCorp); thanks for stopping by

wave1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

#terraform and #terraform-0_12 are our hashicorp specific channels at this time.

2
GreetBot avatar
GreetBot
11:14:01 PM

hey everyone give a warm welcome to @gk! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome @gk! Anything we can help out with?

2018-10-27

GreetBot avatar
GreetBot
07:35:56 AM

hey everyone give a warm welcome to @Dombo! Good to have you here

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome @Dombo ! Working on the weekend?

GreetBot avatar
GreetBot
04:38:24 AM

hey everyone give a warm welcome to @hemanth_jayaraman! Good to have you here

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Welcome @hemanth_jayaraman !

2018-10-28

GreetBot avatar
GreetBot
04:04:37 PM

hey everyone give a warm welcome to @Pablo Costa! Good to have you here

1
2
GreetBot avatar
GreetBot
09:28:56 PM

hey everyone give a warm welcome to @OCHOA! Good to have you here

2018-10-29

Dombo avatar

@Erik Osterman (Cloud Posse) just doing some contract work outside of the normal employment. Evaluating atlantis currently actually! Been a terraform user for a year or two now.

Kenny Inggs avatar
Kenny Inggs

Hi @maarten & @Erik Osterman (Cloud Posse) - sorry, I joined last week, but only now got time to read through things. I’m co-founder of two new fin-tech startups in Cape Town South Africa, and we’ve been putting a lot of effort into “doing things right”. Heaps of Terraform, Docker and Serverless stuff (soon to move more towards k8s) in various guises. I kept on bumping into the SweetOps stuff everywhere I go, so decided to look at it in earnest. I feel a little like the local woodworker who became better than anybody else in the village, and then visits the master woodworkers in Japan, only to realise how little he really knew about woodworking. I’m now seriously considering scrapping much of what we did and embracing the SweetOps way. Maybe with Atlantis thrown in. Planning on working through the cold start in an isolated environment within the next week or two.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Haha, well, you’re welcome here! we all learn/grow from each other

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

did you hear AWS is launching a new region in south africa?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
In the Works – AWS Region in South Africa | Amazon Web Servicesattachment image

Last year we launched new AWS Regions in France and China (Ningxia), and announced that we are working on regions in Bahrain, Hong Kong SAR, Sweden, and a second GovCloud Region in the United States. South Africa in Early 2020 Today, I am happy to announce that we will be opening an AWS Region in […]

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

btw, this was just such an awesome analogy. I think we’re going to have to borrow it.

Kenny Inggs avatar
Kenny Inggs

I did hear about aws in Cape Town yes. We’ve been eagerly anticipating it. The only let-down is that it will only be in 2020. So Microsoft will be here way before them.

Kenny Inggs avatar
Kenny Inggs

And you are of course welcome to borrow it.

GreetBot avatar
GreetBot
01:37:51 PM

hey everyone give a warm welcome to @Jon Monts! Good to have you here

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hi @Kenny Inggs nice to meet you

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

welcome @Jon Monts

Jon Monts avatar
Jon Monts

Thanks, just discovered the site cloud posse site. Nice site thus far, I am I am ingesting it all.

1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

nice, let us know what you are working on, can help you find more info to ingest

GreetBot avatar
GreetBot
02:47:23 PM

hey everyone give a warm welcome to @granville! Good to have you here

wave1
 avatar
04:00:01 PM

There are no events this week

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

welcome @granville

lvh avatar

Has anyone seen Fargate errors a la: STOPPED (CannotStartContainerError: API error (500): failed)

lvh avatar

I have no idea what’s up with that; I gave the task role AdministratorAccess and put it in a completely permissive SG just in case, no dice

lvh avatar

logs are empty

lvh avatar

happens repeatedly

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I haven’t seen that particular error. Fwiw, we’re running #atlantis in ECS/Fargate using AdministratorAccess and using this tool: https://github.com/jpignata/fargate

jpignata/fargate

CLI for AWS Fargate. Contribute to jpignata/fargate development by creating an account on GitHub.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Usually, when I don’t see any logs it’s because the task doesn’t even attempt to start which is b/c I use the wrong image tag or don’t have permissions to pull the image

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@maarten might have some other ideas

maarten avatar
maarten

Outbound sg rules should be permissive

maarten avatar
maarten

Otherwise check your routing

maarten avatar
maarten

And if you think ECR might be the problem, try nginx:latest as image to rule that out.

GreetBot avatar
GreetBot
07:16:08 PM

hey everyone give a warm welcome to @ALI! Good to have you here

2
maarten avatar
maarten

Another thing to make sure is that the cloudwatch log group exists and that the task definition has those properties setup correctly including the correct region. Can’t think of anything else.

Zapier avatar
Zapier
08:23:20 PM

@Erik Osterman (Cloud Posse) created a new channel #test. Join if this sounds interesting!

2018-10-30

GreetBot avatar
GreetBot
03:10:41 PM

hey everyone give a warm welcome to @nukepuppy! Good to have you here

wave1
GreetBot avatar
GreetBot
08:52:52 PM

hey everyone give a warm welcome to @mmarseglia! Good to have you here

mmarseglia avatar
mmarseglia

hello.

wave1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Hey there! Whatcha up to?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hi @mmarseglia

mmarseglia avatar
mmarseglia

working with some of these cloudposse modules to build a s3/cloudfront cdn

mmarseglia avatar
mmarseglia

and now i have to go put out a production

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Aha! Bummer about the production fire

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I know there’s an open issue on one of the CDN modules related to regional s3 endpoints

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Let me know if you run into that

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@mmarseglia if your S3 bucket is a website, here is a working example using S3/CDN that we use for our docs (https://docs.cloudposse.com/): https://github.com/cloudposse/terraform-root-modules/blob/master/aws/docs/main.tf

cloudposse/terraform-root-modules

Collection of Terraform root module invocations for provisioning reference architectures - cloudposse/terraform-root-modules

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
October 21 post-incident analysisattachment image

In-depth analysis of the incident that impacted GitHub services on October 21 and 22.

2018-10-31

GreetBot avatar
GreetBot
03:15:45 PM

hey everyone give a warm welcome to @Maycon Santos! Good to have you here

1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

hey @Maycon Santos

Ryan Ryke avatar
Ryan Ryke

wave

Maycon Santos avatar
Maycon Santos

Hello!

wave2
GreetBot avatar
GreetBot
04:51:11 PM

hey everyone give a warm welcome to @tchia04! Good to have you here

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

welcome @tchia04

tchia04 avatar
tchia04

Hey @Andriy Knysh (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

welcome!!

    keyboard_arrow_up