dlbewley
/ read-pull-secret-from-agent-iso.sh
Last active
February 4, 2025 04:30
read pull secret from openshift agent based installer ISO
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| coreos-installer iso ignition show agent.x86_64.iso | jq -s > /tmp/agent.json | |
| # you can read any file of course, but i wanted to verify the pull secret in this case | |
| cat /tmp/agent.json | jq -r '.[].storage.files[] | select(.path | contains("pull-secret.yaml")) | .contents.source' | awk -F, '{print $2}' | base64 -d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # used to lookup vcenter connection details from 1Password | |
| VAULT=development | |
| CLUSTER=vcenter | |
| export GOVC_USERNAME="$(op read op://${VAULT}/${CLUSTER}/username)" | |
| export GOVC_PASSWORD="$(op read op://${VAULT}/${CLUSTER}/password)" | |
| export GOVC_URL="$(op read op://${VAULT}/${CLUSTER}/website)" |
dlbewley
/ View OVS Bridge Mappings
Last active
January 21, 2025 07:37
List the OVS bridge mappings associating 'localnet' networks to bridges on OpenShift Virtualization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # connect to OVN Northbound DB https://gist.github.com/dlbewley/b4d4c85931e7a9c03caf56db1a1a0d2e | |
| $ ovncli.sh | |
| # find local chassis id | |
| sh-5.1# ovn-sbctl find chassis other_config:is-remote="false" | |
| _uuid : a0aad588-f850-4601-b4dc-63199440ab58 | |
| encaps : [fcbeb3fc-d810-49db-ae6c-f043e3441d25] | |
| external_ids : {} | |
| hostname : hub-tq2sk-cnv-xcxw2 | |
| name : "f57f0c4e-5d93-4639-a016-7cea61281c04" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Connect to the OVN northbound database pod. | |
| # Optionally specify the node and or command | |
| # https://guifreelife.com/blog/2024/11/19/Open-Virtual-Network-Inspection-on-OpenShift/ | |
| node=$1; shift; cmd=$* | |
| if [[ -n "$node" ]]; then | |
| nbdbpod=$(oc get pod \ | |
| -l app=ovnkube-node \ |
dlbewley
/ ext-kubeconfig-cacerts.sh
Last active
September 29, 2023 23:17
Extract OpenShift CA Certificates from Install Generated Kubeconfig
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| cat $KUBECONFIG \ | |
| | yq e '.clusters[0].cluster."certificate-authority-data"' \ | |
| | base64 -d > kubeconfig-ca-data.pem | |
| split -p "-----BEGIN CERTIFICATE-----" kubeconfig-ca-data.pem cert- | |
| for c in cert-??; do | |
| subject=`openssl x509 -in $c -noout -subject | sed 's/^.*CN[[:space:]]*=[[:space:]]*\(.*\)/\1/'` | |
| echo $subject |
dlbewley
/ split-policies.sh
Created
November 12, 2022 00:05
decompose policy.open-cluster-management.io/v1 policies into manifests for use with PolicyGenerator Kustomize plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # split a file having multiple policies into multiple files | |
| # each file is named policy-<policy_name> and contains 1 policy | |
| yq e '.|split_doc' -s '.kind + "-" + .metadata.name | downcase' multi-policy.yaml | |
| # create manifests dir for each policy | |
| # place object definitions from each policy into corresponding manifest dir | |
| for p in policy-*; do | |
| policy_name=$(yq '.metadata.name' $p); | |
| mkdir -p "manifests-$policy_name" | |
| yq '.spec.policy-templates[].objectDefinition[].object-templates[].objectDefinition | split_doc' \ |
dlbewley
/ login-pull-secrets.sh
Created
November 2, 2022 22:34
Podman login to all registries in pull secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you don't want to just use --authfile or set REGISTRY_AUTH_FILE for whatever reason | |
| # you may login to each registry in your pull secret thusly | |
| # spoiler alert, here's how to extract usernames and passwords from your pull secret | |
| PULL_SECRET_PATH=pull-secret.json | |
| for R in $(jq -r '.auths|keys[]' $PULL_SECRET_PATH ); do | |
| echo "Logging into $R" | |
| U=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $1}') | |
| P=$(jq -r ".auths.\"$R\".auth" $PULL_SECRET_PATH | base64 -d | awk -F: '{print $2}') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ROXCTL_IMAGE="registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8:3.71" | |
| # Central CA cert: | |
| # oc extract secrets/service-ca -n stackrox --keys=ca.pem --to=- | |
| # read values from 1Password YMMV | |
| CLUSTER="hub-lab-bewley-net" | |
| VAULT="development" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # read values from 1Password, YMMV | |
| CLUSTER="hub-lab-bewley-net" | |
| VAULT="development" | |
| ROX_CENTRAL_ENDPOINT="$(op read op://$VAULT/$CLUSTER/acs/endpoint)" # cluster | |
| ROX_CENTRAL_ENDPOINT_PUB="$(op read op://$VAULT/$CLUSTER/acs/endpoint-pub)" # public | |
| ROX_CA_CERT="$(op read op://$VAULT/$CLUSTER/acs/ca)" | |
| ROX_API_TOKEN="$(op read op://$VAULT/$CLUSTER/acs/admin-token)" |
dlbewley
/ pre-commit
Last active
August 20, 2021 00:57
Git pre-commit hook to allow tracking of example secrets but deny changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # once you have tracked a file, .gitignore will not have an effect on it, even if you | |
| # ignore the enclosing directory. | |
| # be sure to commit example secrets before adding this to .git/hooks/pre-commit | |
| # Redirect output to stderr. | |
| exec 1>&2 | |
| DENY_LIST="secrets|certs" |
NewerOlder