#geodesic (2019-05)

geodesic https://github.com/cloudposse/geodesic

Discussions related to https://github.com/cloudposse/geodesic Archive: https://archive.sweetops.com/geodesic/

2019-05-30

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we’ve release support for terraform 0.12 in geodesic

1
1
cool-doge1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Josh Larsen

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Terraform 0.12 support by osterman · Pull Request #484 · cloudposse/geodesic

what Add support for multiple concurrent versions of terraform why Individual projects need to be pinned to different versions of terraform since not all projects will be updated at the same tim…

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

TL;DR:

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
apk add --update [email protected]
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

and add use terraform 0.12 in your .envrc

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

to support 0.11 as well

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

do apk add --update [email protected] and add use terraform 0.12 in the .envrc

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

if you only care about 0.12 and not 0.11

Mat Geist avatar
Mat Geist

awesome!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

you can skip the brouhaha with installing terraform_0.x packages

2019-05-29

Josh Larsen avatar
Josh Larsen

@Erik Osterman (Cloud Posse) i’m sorry if this has already been asked, but is there a rough timeline on when geodesic will be updated to terraform 0.12?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Working on it as we speak

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Might have it ready by end of day

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Problem is we need to support multiple versions concurrently so introducing a system For that

2
Josh Larsen avatar
Josh Larsen

nice… ok thank you. looking forward to it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

public #office-hours starting now! join us here: https://zoom.us/j/684901853

2019-05-28

Abel Luck avatar
Abel Luck

I’ve followed the reference architecture setup, so i’ve got an admin group in the root account with users added to it, and the users access sub-accounts by assuming a role

Abel Luck avatar
Abel Luck

now, in one sub-account I want to enable SSM Session Manager to allow users to create sessions on instances. I’ve created an appropriate policy, but I’m stuck on where to attach the policy to. I probably should attach this policy to a group, but in the sub-account there are no users/groups of course.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I haven’t tried to use SSM this way, but what I think you want to do is attach the policy to a role in the child account

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

The allow the group in the root account to assume that role

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We have an example of how to do that if you look at the organization access role module

Abel Luck avatar
Abel Luck

Woops I minced my word there, I definitely meant attach the policy to a role and then attach it to a group. But you knew what I meant hah.

Abel Luck avatar
Abel Luck

Ah I see now. I’ve had my admin group setup to assume the OrganizationAccountAccessRole, which gives the AdministratorAccess policy

Abel Luck avatar
Abel Luck

This actually addresses an issue I’ve wanted to fix for awhile: restricting access to the users in the sub-accounts.

Abel Luck avatar
Abel Luck

I didn’t quite understand how assumed role access worked until just now

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Awesome! Yes we should offer some more canned roles

Abel Luck avatar
Abel Luck

But i can’t attach it the group in the root account, because the policy is in the sub-account

Abel Luck avatar
Abel Luck

anyone know the correct approach here?

2019-05-27

SweetOps #geodesic avatar
SweetOps #geodesic
04:00:06 PM

There are no events this week

Cloud Posse avatar
Cloud Posse
04:00:45 PM

Join us for “Office Hours” every Wednesday 11:30AM (PST, GMT-7).

This is an opportunity to ask us questions about geodesic, get live demos and learn from others using it. Next one is Mar 20, 2019 11:30AM.
Add it to your calendar
zoom https://zoom.us/j/684901853
slack #office-hours (our channel)

2019-05-24

2019-05-23

Tega McKinney avatar
Tega McKinney

Just curious, when running reference-architecture, i just realized that it does not add users from /config/root.tfvars as admins on the root accounts. That make sense as those users may not be admins. Should it expose a root_admin_user_names and/or root_readonly_user_names var(s) to ensure the ability to administer the account using IAM vs the root email?

Tega McKinney avatar
Tega McKinney

@Erik Osterman (Cloud Posse) any thoughts on the above?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

might be an oversight

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Oh, i think this is what you were suggesting in #office-hours

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(and agree)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)


brought up a good point that we need to document how to get the outputs for the users created in the reference-architectures

Tega McKinney avatar
Tega McKinney

@Erik Osterman (Cloud Posse) I believe I see my mistake. I logged into the root account using my email / password instead of assuming the <namespace>-root-admin role. All sorted now

Tega McKinney avatar
Tega McKinney

Also, this note was different than the #office-hours report. That references how to obtain the admin user’s password after closing the terminal.

This thread was just my mistake in logging into the console incorrectly. Thanks a bunch

2019-05-22

paul.mortimer avatar
paul.mortimer

Hi , i’m seeing the same issue as @jober

paul.mortimer avatar
paul.mortimer

just reading through the notes above …

paul.mortimer avatar
paul.mortimer
Tega McKinney avatar
Tega McKinney

I saw the same issue above as well…noticed when I ran make root/shell and manually ran cd /conf/accounts direnv exec . make deps in the shell it would initialize but when running make root/provision it would throw error. I was able to get around it however I was not aware of make reset that @Jeremy (Cloud Posse) mentioned

Tega McKinney avatar
Tega McKinney

@Erik Osterman (Cloud Posse) curious to know how you obtain admin user password. I ran reference-architectures however I didn’t pull the password before closing out my shell and deleting my root creds. I have already committed my repos however now I’m not certain proper way to get admin user console password. Any thoughts?

paul.mortimer avatar
paul.mortimer

@Tega McKinney, thanks , looking at this now

paul.mortimer avatar
paul.mortimer

@Tega McKinney, which directory are you running make reset from ?

Tega McKinney avatar
Tega McKinney

@paul.mortimer Not sure; I did not run it however it looks like it’s available in /conf/accounts. @jober may have some insight

1
Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

Each directory under /conf is a Terraform module to install (except for /conf/helmfiles, which are helmfiles). In a Terraform directory, make deps loads the modules and initializes the Terraform state, and as part of loading the modules, loads a module-specific Makefile. After running make deps you can do all the normal Terraform stuff, but as protection against accidentally overwriting something, you cannot run make deps while there is Terraform state in the current directory. If you are sure you want to clear it out, that is when you run make reset, which deletes everything make deps pulled in and any state Terraform stored in the directory.

jober avatar
jober

@Tega McKinney @paul.mortimer I ran the make reset from the /conf/accounts

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Public/Free Office Hours with Cloud Posse starting now!!

https://zoom.us/j/684901853

paul.mortimer avatar
paul.mortimer

@Jeremy (Cloud Posse) @jober, thanks for the info appreciate the pointers.

paul.mortimer avatar
paul.mortimer

I’m in Australia, so just getting up … is there any chance i could jump on zoom shortly and walk through this issue with someone?

paul.mortimer avatar
paul.mortimer

@Erik Osterman (Cloud Posse) ?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@paul.mortimer best way is to schedule some time here: https://calendly.com/cloudposse

2019-05-20

SweetOps #geodesic avatar
SweetOps #geodesic
04:00:01 PM

There are no events this week

Cloud Posse avatar
Cloud Posse
04:03:38 PM

Join us for “Office Hours” every Wednesday 11:30AM (PST, GMT-7).

This is an opportunity to ask us questions about geodesic, get live demos and learn from others using it. Next one is Mar 20, 2019 11:30AM.
Add it to your calendar
zoom https://zoom.us/j/684901853
slack #office-hours (our channel)

jober avatar
jober

Has anyone run across this error when running make root from the reference architectures?

jober avatar
jober
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@jober not that one in particular

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but I can maybe help you work through it if you want to zoom

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
jober avatar
jober

jober avatar
jober

Trying to run it on an active account not sure if it is conflicting with something

jober avatar
jober

I ran on personal account and everything was ok

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

My hunch is this: see that error in the output about copying overrides? I think maybe that’s preventing it from completing.

jober avatar
jober

i was looking at that as well

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so I makefile will abort on the first failure

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so i think the module is just not getting initialized and that’s maybe causing nothing to be written to SSM

jober avatar
jober

Like it says their is no overrides

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

are you familiar with what we are doing here with overrides?

jober avatar
jober

No

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

(maybe not this exactly spot, but the pattern itself)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ok

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so basically we use the terraform init -from-module=.... pattern everywhere.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That works great, except for the init will bail if there are any .tf files in the current directory

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so what we do is stick all those “overrides” (.tf files) in the overrides/ directory

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

then…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
  1. terraform init -from-module=....
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
  1. cp overrides/* .
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

3 terraform init -from-module= (null modules so that it it doesn’t try to redwnload)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

why do we need overrides?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

…that’s so we can have a general root module like a “users” module, but not define any users

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

then we stick the user accounts in overrides/ e.g. overrides/osterman.tf

jober avatar
jober

ahh ok

jober avatar
jober

is it required to have overrides?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i don’t think it should be required (fundamentally speaking), but that error is complaining about that.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Jeremy (Cloud Posse) do you recall seeing this error when you recently provisioned “that customer”

jober avatar
jober

Is this something new? I copied the reference architectures about a month or 2 ago and setup on a personal account and this did not come up

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hrmmm so actually, it might be “new” in the sense we finally got around to updating the ref arch with our latest customer rollout, but not new in the sense we’ve been doing it for about 6mo

jober avatar
jober

gotcha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

basically, every time we do a customer rollout we revise/polish the ref-arch. it’s still got it’s bugs (first and foremost it’s a device we use to speed up our own engagements)

jober avatar
jober

makes sense

jober avatar
jober

i am just looking at the user module and the code to deal with the overrides to try and gain some insight on the implementation

jober avatar
jober

try and find a work around

jober avatar
jober

I do not have any users setup in the root.tfvars

jober avatar
jober

is this required?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Aha, haven’t tested it without probably

jober avatar
jober

ok so i should add it their an try again

jober avatar
jober

so if i add my user to here in the root.tfvars:


\# Administrator IAM usernames mapped to their keybase usernames for password encryption
users = {
  #  "[email protected]" = "osterman"
}
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Yes, I believe that should be all it takes.

jober avatar
jober

ok so then do i need to create an overrides folder and anything in their?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

no, it should get created for you

jober avatar
jober

ok i will try that

jober avatar
jober

thanks!

jober avatar
jober

well that worked, but now i am getting….

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

hrmmm odd

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that second terraform init should look like:

terraform init -from-module=
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that empty -from-module= is deliberate

jober avatar
jober

this is why noobs are the best QA haha

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks for sticking in there

jober avatar
jober

Hahaha this will put me miles ahead from where i would be otherwise

jober avatar
jober

it looks like the exported worked to /artifacts/accounts.tfvars

jober avatar
jober

btw i am only initializing audit, dev, staging, test and prod

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

@jober @Erik Osterman (Cloud Posse) It is required to have at least 1 user configured in root.tfvars because that is how you are intended to have long-term access to the organization accounts.

jober avatar
jober

@Jeremy (Cloud Posse) thanks! sorry it was not clear that is a requirement. But it makes sense

1
Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

Unfortunately, the reference architecture is intended to get things started. It is not a full-fledged multi-functional tool.

jober avatar
jober

Forsure! And its awesome!

jober avatar
jober

I am still having issues withe the above error. @Jeremy (Cloud Posse) do you have any suggestions/insight?

Jeremy (Cloud Posse) avatar
Jeremy (Cloud Posse)

You need to do make reset to clear the errored state

jober avatar
jober

That worked thanks!!!

2019-05-19

2019-05-18

J A avatar

Could someone help me locate or add aws creds to a built geodesic container? I’m having some issues understanding where geodesic looks for this info, and in what format to provide it. I have no roles yet, and id like to add one for aws so i may assume it.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

So, after building the container, run make install, which will install a simple wrapper script into /usr/local/bin/

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

when you use that wrapper script, it’ll take care of automatically mounting ~/.aws into the container

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we generally use aws-vault

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

also helpful to note, is that $HOME is mounted to /localhost in the container

sarkis avatar
sarkis

Hi Jesse - been a little bit since I had the pleasure to use geodesic, but I think I have a good idea where you are stuck… have you followed along with the documentation here? https://docs.cloudposse.com/documentation/getting-started/

The reference architecture should give you a good idea on where/how the roles to be assumed are meant to be used: https://github.com/cloudposse/terraform-root-modules

cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

J A avatar

Hi, i started reading these docs again, i think i missed the cold start section which seems to cover this.

cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

1

2019-05-16

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Share what you we’re doing …

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Not enough to go on

rohit avatar
rohit

i am just trying to mount S3 bucket using

s3fs bucketname directoryname
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Need ab fstab entry

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

we have a “helper” to make this easier

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/testing.cloudposse.co

Example Terraform Reference Architecture that implements a Geodesic Module for an Automated Testing Organization in AWS - cloudposse/testing.cloudposse.co

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this is an example of how to do it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

after you add the fstab entry, just run mount -a

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

assumes you’ve already run assume-role

rohit avatar
rohit

@Erik Osterman (Cloud Posse)

s3 fstab '${TF_BUCKET}' '/' '/secrets/tf'

what is s3 in this command ?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/geodesic

Geodesic is a cloud automation shell. It&#39;s the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. ★ this repo! h…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Just a helper to make it easier to work with goofys and fstab

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s entirely optional, but you could say it documents how to do it.

rohit avatar
rohit

ohh ok. I am trying to form s3fs command using it

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

so s3fs is intended to be called via mount

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

like the other filesystems (E.g. extfs)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

here’s what my fstab looks like in a geodesic container

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

note, that mount will call the s3fs

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that’s what s3fs#${TF_BUCKET} is saying….

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

note the ${TF_BUCKET} is eval’d by the s3fs command (wrapper) so that we can have dynamic mounts

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

you can cat /usr/bin/s3fs to see what it does

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s just a simple helper script

rohit avatar
rohit

i don’t have /usr/bin/s3fs on my machine

rohit avatar
rohit

i installed s3fs using brew install s3fs

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ok, so I think there’s a disconnect.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We’re in the #geodesic channel

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

brew is for mac

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

geodesic runs alpine

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/geodesic

Geodesic is a cloud automation shell. It&#39;s the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. ★ this repo! h…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

all of our instructions for s3fs are relative to geodesic

rohit avatar
rohit

my bad, sorry

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
cloudposse/geodesic

Geodesic is a cloud automation shell. It&#39;s the fastest way to get up and running with a rock solid, production grade cloud platform built on top of strictly Open Source tools. ★ this repo! h…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

this is our wrapper script

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
kahing/goofys

a high-performance, POSIX-ish Amazon S3 file system written in Go - kahing/goofys

rohit avatar
rohit

I will checkout . thanks again

rohit avatar
rohit

when i cd to the directory i don’t see anything

rohit avatar
rohit

it is trying to fetch all the subdirectories when i run ls command

Alex Siegman avatar
Alex Siegman

s3 is an object store, not a file system. this idea of s3fs confuses me. I’ve never even thought to use s3 in that way. Though I guess a filesystem is just a specialized object store?

rohit avatar
rohit

i know but that’s what s3fs does

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Alex Siegman using goofys is a nice escape-hatch for using S3 as a filesystem

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

not for databases, but great for “legacy” apps that want to read files

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

in the past, we’ve used it to store SSH keys and other configuration files.

2019-05-15

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

office hours starting now https://zoom.us/j/684901853

rohit avatar
rohit

I tried using s3fs but couldn’t mount sub directories. I saw that you are using it as part of geodesic so posting my question here

2019-05-13

SweetOps #geodesic avatar
SweetOps #geodesic
04:00:05 PM

There are no events this week

Cloud Posse avatar
Cloud Posse
04:00:28 PM

Join us for “Office Hours” every Wednesday 11:30AM (PST, GMT-7).

This is an opportunity to ask us questions about geodesic, get live demos and learn from others using it. Next one is Mar 20, 2019 11:30AM.
Add it to your calendar
zoom https://zoom.us/j/684901853
slack #office-hours (our channel)

2019-05-08

oscarsullivan_old avatar
oscarsullivan_old

That’s cool.. What sort of man pages are we talking? Custom?

So I create one called api.md and inside i have say internal instructions for our api?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

yes, exactly!

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

it’s for custom man pages

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

but we are just piggy backing on the existing linux manpage system by installing the generated man pages to /usr/share/man

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

that means it will wrk with system man pages too

2019-05-07

Josh Larsen avatar
Josh Larsen

anyone using packer at all? i’m curious why packer isn’t in the geodesic image.

Josh Larsen avatar
Josh Larsen

nm, i think i see a solution in the slack archives… thanks @oscarsullivan_old for asking this before me. will do RUN apk add --update [email protected] in Dockerfile

2
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Ya just trying to reduce the number binaries. Tempted to remove more from the default distribution in the future, since we have packages for most things.

2019-05-06

SweetOps #geodesic avatar
SweetOps #geodesic
04:00:06 PM

There are no events this week

Cloud Posse avatar
Cloud Posse
04:01:27 PM

Join us for “Office Hours” every Wednesday 11:30AM (PST, GMT-7).

This is an opportunity to ask us questions about geodesic, get live demos and learn from others using it. Next one is Mar 20, 2019 11:30AM.
Add it to your calendar
zoom https://zoom.us/j/684901853
slack #office-hours (our channel)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

geodesic 0.106.0 adds support for man pages in markdown

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

stick all your documentation in /usr/share/docs and run docs update

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

then using man works as expected

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

try man faq to test

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

or help to search

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@oscarsullivan_old

2019-05-01

Kyle avatar

hi everyone, I have a question. Do aws-chamber and vault overlap ?

Kyle avatar
aws-vault for securely storing and accessing AWS credentials in an encrypted vault for the purpose of assuming IAM roles
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

aws-vault only handles AWS credentials, nothing else

1
Kyle avatar
chamber for managing secrets with AWS SSM+KMS and exposing them as environment variables
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

you would use aws-vault first to obtain a session. then with that session you could use chamber. it would be a catch22 if we tried to use chamber for AWS credentials

1
Kyle avatar

seems they’re for managing aws secrets

loren avatar
loren

i think chamber is more general purpose

loren avatar
loren

aws-vault is specifically for retrieving an aws credential and assuming an IAM role

2
Josh Larsen avatar
Josh Larsen

no office hours this week?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
06:49:00 PM
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

ooops

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

i totally lost track of time

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

sorry everyone!

    keyboard_arrow_up