Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript, there’s not […]
Why bother starting Jenkins in neutral? Jenkins can be a dangerous virtual machine to bring up. This situation arises when I’m recovering one, cloning one, or testing provisioning automation. The damage one can cause is hard to predict because it depends on exactly what yours does, but I’ll try to paint a couple common pictures […]
As I talked about last month when trying to demystify “UNDEFINED METHOD `[]’ FOR NIL:NILCLASS” error, it can be challenging to make sure all your attributes are set the way you want, or even at all. One thing that should be detectable is anytime you get nothing (nil) back from a Node[] call, we might as […]
Dear Loyal Readers, The basic scenario for a VPC is a public facing subnet, and a private subnet only accessible via the first subnet (this is the web server w/ data backend scenario, aka Scenario 2). Unlike spawning an instance like I did in my previous post, the challenge to this script is that many […]
My colleague Rich Mills created a great post about a script to get PEM certs into databags. To sum up, the major issue was that the white space was interfering with the knife upload command. The knife script uses the ruby, some chef gems, ruby file manipulation, and the chef api to properly create the […]
In our current continuous delivery pipeline, we have to distribute a number of secure keys to various servers for access to different resources. It’s common to use encrypted data bags in Chef to store protected values such as passwords or, in my case, SSH keys. The typical process for doing this is: 1. Create the […]
I have the problem of working against multiple open-source Chef servers to manage cookbooks, environments, etc in our continuous delivery pipeline. Chef and the “knife” tool, in general, like to use configuration information from ~/.chef/knife.rb. Within that file lies the all-important configuration item: chef_server_url. How do you deal with this if you’re working with multiple […]
Dear Loyal Readers, I’ve been delving into automating AWS deployments and I’m a huge ruby fan for any sort of Linux admin, so I started with the AWS SDK and the samples/ec2/run_instance.rb. The example for deploying an instance was pretty straight forward; I just wanted write about some features/modifications that I found useful. Modification #0 — […]
