Passing Mutliple Arguments to Custom Script in an ARM Template

In a lot of scenarios I find myself adding the custom script extension to my Azure Resource Manage (ARM) templates to further configure the virtual machine. In some cases this script can end up with a lot of different parameters that have to be passed in.

The normal way of doing this is to use the concat() string function in the template, but this starts to get very difficult to read very quickly, for example:

{
   "commandToExecute": "[concat('myscript.sh', ' -o install,config -u ', variables('username'), ' -p \"', concat(variables('password'), '\"')]"
}

Not only is this very hard to read, it is also very hard to debug and only gets worse when more arguments are added, especially when the need arises for double quotes where escaping is required (as shown above).

This post shows a way to pass in a Base64 encoded JSON string of all the parameters that need to be passed in. The scripts themselves need to be able to handle this, but it makes it so much easier to edit the parameters and see what is being passed in.

I work with both Windows and Linux in Azure, so the examples will show to accomplish this using both Bash and PowerShell.

Read More

Share Comments

Cross Cloud Kubernetes

Last year I wrote an article about setting up Docker Swarm on my local home network, Taming the Docker Swarm - Part 1. Since then I have been looking at Kubernetes and have now replaced my local cluster as well as created a cross cloud cluster on the Internet.

This post shows how I have got a cross cloud Kubernetes cluster up and running using a VPN to connect all the nodes together.

Read More

Share Comments

Enabling Programmatic Access in Azure

In order to be able to deploy Azure Marketplace solutions into Azure using an ARM template it is necessary to enable programmatic access for that offering within your Azure Subscription.

This used to be a clumsy exercise through the Azure Portal, but it can now be done through the AZ CLi and PowerShell. This post shows how this can be achieved.

Read More

Share Comments

Splunking with Chef Automate

Chef Automate has the ability to send out notifications of Chef Client failures and InSpec failures. These notifications can be to a Slack channel and / or to a Webhook.

This post shows how it is possible to send such notification to Splunk using a Webhook. This webhook is an Azure Function which acts as a relay to send the data to Splunk in the correct format. By sending the data into Splunk it allows such notifications to be searched and trends to be identified.

Read More

Share Comments

Taming the Docker Swarm - Part 2

In Taming the Docker Swarm - Part 1 I showed how I created a three node Docker Swarm Cluster, added a load balancer with support for Let’s Encrypt SSL certificates and deployed a service to monitor other services in the cluster.

In this post I will take this further by deploying more services and adding shared storage using NFS from my FreeNas machine. To make things easier for myself I created a wrapper cookbook that uses my docker-swarmm so that Chef could manage the deployment of services for me.

Read More

Share Comments

Taming the Docker Swarm - Part 1

Over the past few months I have been playing around with Docker Swarm mode. I wanted to see if I could get various services up and running within my home network and whether this would translate through to real world scenarios using multiple cloud providers.

I am happy to say that by using some different software, such as Traefik, changing the responsibility of services and updating my local domain settings I have come up with a practical and usable solution for running multiple services in Docker Swarm.

This post discusses the foundation for getting all of this up and running and running one service which provides a web based portal for managing the services. I will write a following up post that shows how to deploy other services, such as ElasticSearch into the cluster.

Read More

Share Comments

Using Let's Encrypt for Internal Servers

When playing around with new software or developing new web sites SSL is something that is not only desired but is required and expected. In the past this has meant creating self signed certificates for local development machines and then requesting valid certificates for production.

This can cause issues however. Many applications allow you to connect to an API that has a self signed certificate, but an option has to be enabled to allow it to ignore SSL verification. For example Chef can be deployed using a self signed certificate but all the managed nodes have to have ssl_verify_mode :verify_none added to their configuration.

As this meant that there was more things that needed to be managed by the environment I was very pleased when Let’s Encrypt launched which allowed free SSL certificates. However it did not work immediately for internal systems because the challenge method needed to be able to access a website on a public address! I was not prepared to punch a hole through my firewall every 90 days. But now there is a DNS challenge for Let’s Encrypt.

Read More

Share Comments

Managing Multiple Rubies on Windows

One thing that I have missed about my move from an Apple MacBook Pro to a Windows Surface Book was the ability to easily configure multiple Ruby versions on the machine. In the past I have done this with chruby and direnv and whilst the latter is written in Go the way in which Windows executes scripts means this setup does not work.

So I set about finding an alternative. After much research I found one that works almost as well and it is called URU. It is Go application that manages multiple Ruby versions for any platform.

Read More

Share Comments

Chef Cookbook Pipeline with VSTS

In May 2017 Chef released a new Visual Studio Team Services (VSTS) extension with several tasks to help with cookbook and application development. After these were written I started to play around with VSTS with a view to creating a cookbook CI/CD pipeline, this post is about how I did this. An overview of the tasks can be found here.

Read More

Share Comments

Speed Up Local Test Kitchen runs

I had an initial thought and that was whether it would be possible to create a Squid proxy Docker container and configure Test Kitchen and related cookbooks to use it. This should be simple right? Wrong!

At first it was, with simple HTTP requests, but then came the issue if making Squid intercept and cache SSL objects. This meant:

  • Understanding how Squid can intercept SSL traffic
  • Squid package in Ubuntu is not compiled with SSL or the option to generate dynamic certificates
  • Compile own Squid with these two options
  • Create new Docker image using the new Squid
  • Update the CA certificates in Ubuntu
  • Rebuild image
  • Push image to dockerhub
  • Create self signed CA for Squid to create certificates with

This last one is where things are not as clean as they could be and that although I have created something that does work, it is not as perfect as I would like it to be and there are some caveats. Needless to say I have been doing a lot of yak shaving.

Read More

Share Comments