Jeff Cook

Gitlab and local dev

Mon, 04 Apr 2022 02:00:00 -0500

GitLab Knowledge

Each team member should have a basic understanding of git and GitLab.

Git features

https://docs.gitlab.com/ee/topics/git/index.html

Commits
Branches
Tags

GitLab Features

https://docs.gitlab.com/ee/gitlab-basics/index.html

Issues https://docs.gitlab.com/ce/user/project/issues/
Merge requests(GitLab) / pull requests(GitHub) https://gitlab.com/help/#merge-requests https://docs.gitlab.com/ce/user/project/merge_requests/
CI/CD Pipelines
Artifacts
Releases

Markdown

GitLab uses markdown within a lot of the features. Every user should have a good understanding of how to read and write markdown.

README.md files and other documentation inside the repositories
Issue and merge request descriptions and comments

Learn markdown.

Setup development workstation

Workstation Installs

Visual Studio Code (VS Code)
- https://code.visualstudio.com/download
Git
- https://git-scm.com/downloads

Configuration

Secure Shell access for GitLab
- https://docs.gitlab.com/ee/user/ssh.html
- https://medium.com/devops-with-valentine/2021-how-to-your-ssh-key-for-gitlab-on-windows-10-587579192be0

Reading about Docker and modern system design

Mon, 19 Oct 2020 02:00:00 -0500

This post is a referance to the sources I read and learn from.

General

The Twelve Factor App
DevOps Roadmap
Conventional Commits
Semantic Versioning
BOB MARTIN PRESENTS: The Future of Agile An amazing talk about teh programing proffession!

DevOps

Docker

Docker Tools

Hadolint

Scrum

The Scrum Guide

Facebook Page

Sat, 07 Mar 2020 01:00:00 -0600

I have added a Facebook page for this website. https://www.facebook.com/jeffcook.info/

I have also setup a automatic post to Facebook when this site is updated. This post was setup using a RSS feed, and a flow in Microsoft Power Automate.

Regex 101

Thu, 05 Mar 2020 01:00:00 -0600

A coworker recommended https://regex101.com/ to me. I have used other regex helpers in the past, but wow this is really good. It also has a Code Genterator tool that will show you how to escape the regex for any different languages.

Highly recommended.

Docker image for OpenConnect

Thu, 26 Sep 2019 02:00:00 -0500

I have been working on building my normal tool set as Docker containers. This would allow me to replace my workstation as needed, and be able to share my tools with my team.

While I was working on this, one of the first tools I needed to look at was how I VPN into private environments. Cisco AnyConnect is a common corporate solution. It doesn’t allow public downloads of the client. Nor does it have an auto-update feature to keep it up to date.

OpenConnect client is an open source replacement for Cisco AnyConnect Client. Yum, APT, brew and chocolatey all have OpenConnect packages. There are Docker images on docker hub for OpenConnect

After trying the public Docker images I was disappointed in the Dockerness of the working ones. I decided to create my own. jeffcook/openconnect

The main issue with creating a Docker container for a VPN with a tunnel interface os the privilege required to make it work. It requires both privileged access for the container and root access for the user. The first round is not super secure. Which is fine for my current use.

I am working on utilizing ocproxy as a way to avoid these security issues. ocproxy is a SOCK5 proxy and would not use a tunnel interface for OpenConnect. This would work with most tools including web browser, SSH and anything else that supports SOCKS proxy. This covers most tools used over a VPN. For any this that doesn’t support SOCKS proxy there is always the option to create the tunnel interface.

JeffCook.info

Sun, 23 Jun 2019 19:00:00 -0500

Today I started a new project. Build and manage (as much as possible) a website and domain from a git pipeline.

Manual steps

Setup new Google account
Get a domain name from Google
Setup a Cloudflare account and attach the domain
Point the registrar to Cloudflare for DNS.

Automated tasks

Jekyll to create the website static pages.
GitLab CI/CD to use a Jekyll Docker image to build the push the content to GitLab Pages.
DNSControl to configure Cloudflare DNS for the domain.

Project constraints

All tasks performed without any tools other than a web browser.
The costs of the project needed to be zero or minimal.
- The costs include…
  - the domain name
Keeping small businesses or non-profits in mind for functionality.

Tools

Secure your system administrative passwords - Microsoft Local Administrator Password Solution (LAPS)

Sat, 25 Feb 2017 18:12:00 -0600

As system administrators, we know how vulnerable passwords are. We require our users to change their passwords on a regular basis. We request they use different passwords for different systems, to limit exposure caused by the loss of a single password. Then we set the administrator password to be the same on all our systems. Then we never change them. The result is one compromised system means every other one can be compromised.

Why do we do this? Because managing the password on every system is a major task in keeping documentation up to date. Over the years I have tried to make this easier. It did not work out because it still had too much manual work. Now Microsoft has created Local Administrator Password Solution (LAPS) great solution that is self-maintaining, easy and free to manage local admin passwords.

Create a new domain user account for all your system admins. This is their admin account to use when they need to elevate their permissions. This means when surfing the web and opening email they do not have elevated permissions that could ruin their day if they open the wrong attachment. Require these admin accounts to have a strong and unique password.

Add those users to a new group and use group policy to add that group to the local “Administrators” group. You now have individual accountability of who is doing what on each system.

Download and configure LAPS. Use a group policy with LAPS to create a new user with the LAPS passwords. This keeps the of a well-known username and stops the reuse of a SID if the systems were cloned from each other. Allow this new group of user to read the LAPS passwords.

Delete the existing/default administrator account via group policy.

Now the staff who need to run processes as a local admin can with their own account and password they can remember. They can the LAPS password from Active Directory when the system can’t authenticate to AD for some reason, such as the system was removed from the network. The great part is if any system is compromised, they don’t have the local admin password and use it on every other system on your network.