I have an existing IBM Cloud Private 2.1.0.2 cluster and I want to apply an updated ssl certificate to the docker registry, tiller, and the ICP Management Console UI. The goal is for end-users to connect without setting "--tls", "insecure-registry", etc...
What is the best way to accomplish this and how do I rollback if they go wrong? Can I use an existing wildcard ssl certificate for this?
Thank you!
I THINK you mean the Kubernetes cluster... not the Cloud Foundry install...(yes ICP has a CF version =P)
You can just edit the config file as described in the first link below, and "reinstall". At that point, terraform will recognize that you just want to add the certs and it will do that.
So do this first(skip all the stuff you've already done to make the certs and etc, I'm assuming you got that already by your post and a CA lined up and all that... if not, feel free to correct me):
https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.2/installing/create_ca_cert.html
The just re-run the "install" and it should set you up, only thing changed is the new certs added.
https://www.ibm.com/support/knowledgecenter/en/SSBS6K_2.1.0.2/installing/install.html
As far as wildcard certs, Im thinking no, but hey, I havent tried. Just done canonical/literal so far. If its doable, please test and let us know! Thanks!
Related
It's my first time with sorry cypress, I'm trying to get it up but I can't connect it with documentDB.
I would also like to hear experiences with sorry cypress.
I think I need to introduce a .pem to docker-compose.
I don't have experience with SorryCypress, but my assumptions for connecting to Amazon DocumentDB are:
Yes, you need the .pem file: https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem
Specify the MONGODB_URI, something like this: mongodb://sample-cluster.node.us-east-1.docdb.amazonaws.com:27017/?tls=true&tlsCAFile=rds-combined-ca-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false - see https://docs.sorry-cypress.dev/configuration/mongodb-configuration for the other variables.
How to introduce the .pem file? I see you're using docker-compose, which means you have several options , see which one is convenient for you.
Good luck!
I know that https://forge.laravel.com/auth/register is available for $12/month*, but I'd like to understand how to accomplish the same thing myself.
What I assume is possible (and what I'm looking for): I create a server that has only Ubuntu 18.04.3 installed and nothing else, and I upload a script that installs all the appropriate software and sets up MySQL with the correct passwords, etc (without manual intervention).
I've tried Laradock and had tons of problems with Docker and don't want to do that anymore.
I see that https://cloud.digitalocean.com/droplets/new lets me create a LEMP droplet (Ubuntu, Nginx, MySQL, PHP-FPM) with one click. But it lacks Redis, and its versions are outdated (e.g. PHP 7.2).
I've heard people mention Chef (maybe this?), but that seems to be more complicated than what I'm imagining.
Unfortunately I'm not even sure how to search for what I'm trying to do (or how to tag this question); is this called "server provisioning"? I've been searching phrases like "automatic install script redis mysql server for laravel".
Thanks in advance for pointing me in the right direction.
* I also just found https://getcleaver.com/ and https://runcloud.io/server-management, which each look like Forge + Envoyer (and RunCloud offers a free plan).
It is called server provisioning and Chef would be a good fit for this, check out Ansible too - another thing you could do is setup the server yourself and create an image from that server and then base your new servers out of that image, that way you'll have all your services installed from the start.
This sounds like a job or something like Puppet (or Chef/Ansible), however Laravel Envoy may be another tool to look at if you haven't already for the second part of your problem.
I highly recommend Heroku (or similar service), as this is all done out of the box, and has a ton of other great features that make developing a pipeline a breeze.
I have a private bitbucket php project repository, codeship account and a vidahost cloud hosting. How to implement continuous integration and deployment? What is the workflow to achieve this? I did googling but could not find complete tutorial.
Ahoy Dipendra,
Marko from the Codeship crew here. Could you send me an in app message with a link to your project, so I can take a look at your current setup and help get you started?
As for deploying to Vidahost, you have multiple options. You could use a tool like Capistrano (or Mina, or something similar in your preferred programming language) or you could use SCP or FTP directly to copy your files. For the latter option, please see our documentation at https://codeship.com/documentation/continuous-deployment/deployment-with-ftp-sftp-scp/. (You'll find documentation on Capistrano and a bunch of other deployment options via this link as well.)
I'll update this answer with more specific details, once I know more about your setup!
Cheers,
Marko
I would just like to ask if anybody here has run Turbogears2 from an Amazon EC2 instance. I've been looking for a way to do it, but so far searching the Web hasn't given me anything I could use as an example. I did see one here:
http://codersbuffet.blogspot.com/2010/05/announcing-turbpgears-ec2-images.html
Though I think the person used an earlier version of TG in his post.
I thought it would be as simple as changing the host parameter in the development.ini, but that did not work. I've also tried connecting to the instance with the -L option for ssh, but it did not work as well (I did this approach for web2py way back, and it worked).
I'm wondering if I need to configure some file somewhere in the TG2 application. I've also tried searching the TG2 documentation. Either I'm not using the right keywords, or I'm just not getting the right results.
Thanks in advance for any help!
DM
By itself EC2 doesn't provide a platform, you can freely choose a deploy environment from mod_wsgi, circus, gunicorn or whatever your prefer. It's not strictly a TurboGears problem, it can be deployed like any other WSGI application.
There are some tutorial for a step by step deploy on Apache+mod_wsgi and Circus+chausette on the TurboGears documentation, you can find them here: http://turbogears.readthedocs.org/en/latest/cookbook/deploy/index.html
Avoid deploying on gearbox+wsgiref because it is not meant for production usage, if you want to use gearbox I suggest you give a try to waitress
We use ACLs to grant access to svn repositories. The users/groups are stored in LDAP (openLDAP 2.4 (LDAP3). Does anyone know or used libraries/package (gems) I can use. Basically, I will traverse LDAP DIT and update my svn file based on that.
Connect to ldaps://xxxxxxxxxxx:636
Traverse DIT (subtree based on 'ou')
Read attributes
Write svn ACL file.
That's the high-level overview of what I would need to do. So, my question is regarding ldap package/library that I could use. I have heard of Net::LDAP. I'm very new to Ruby, so, I'm learning it as I go along.
Also, please correct me if I am mistaken. We are using ldaps:// that means when I connect to ldap server, the server will send a certificate. Do I need to do anything special to handle the certificate? Thank you
I have used Ruby/LDAP before, things worked fine with me.
There is a code example that comes with the gem. Also have a look at the documentation.