vaultenv
aptly
vaultenv | aptly | |
---|---|---|
2 | 17 | |
432 | 2,512 | |
0.2% | 0.6% | |
4.3 | 8.2 | |
25 days ago | 7 days ago | |
Haskell | Go | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vaultenv
-
Using secrets in kube prom stack helm chart
Having secrets in an external system (like Hashicorp Vault) and then using [vaultenv](https://github.com/channable/vaultenv) to inject these during `helm install/upgrade`. So you end up with something like `vaultenv ... -- helm install --set config.myvar=${VAULTENV_INJECTED_ENV_VALUE}` (or similar). Point is I use vaultenv to run helm with secrets injected as env vars only during the helm run, and use helm's `--set` flag to set individual secrets. This can get tedious if you have many secrets as you have to specify each of them individually with --set. Usually I wrap this in a Makefile or a shell script for easier invoking.
-
Nix is the ultimate DevOps toolkit
> Also, regarding DevOps, the tooling around Nix makes it a little brittle for anything event based--rapidly changing configurations on the fly due to network conditions (Consul, Ansible, etc). This is where configuration management is heading, and due to the static nature of Nix, delegating dynamic changes is hard/anti pattern.
Channable uses Consul, Vault, etc. for dynamic configuration and it works with Nix just fine.
You don't have to use static configuration files with Nix. Either fetch dynamic stuff using the Consul, Vault, etc. APIs at runtime or use a tool like vaultenv [1] or similar if you don't want this logic in your application code.
Put those tools in your systemd service before launching your app, and you're good to go.
(NB: I was DevOps teamlead at Channable while a part of this work was being done. Sad that I won't be able to see the final picture.)
[1]: https://github.com/channable/vaultenv
aptly
- What is an appropriate way to install debian packages in a completely air-gapped environment?
-
About nautilus-typeahead
You should ask in the upstream bug tracker (is it this one? https://github.com/lubomir-brindza/nautilus-typeahead). First step is to get it to build for Debian manually/locally - i.e. patch the official nautilus Debian package. Then it's easy to setup a personal APT repository with aptly
-
WSUS Alternative solution for Linux Systems
Exactly what aptly is for. No idea about CentOS side, for that we just had rsync from official repo + some scripts
-
Zabbix in isolated environment
I'm not sure if this is an option, because it might break the isolation model, but you could setup repo mirrors in whatever tool of choice you like, but for Debian/Ubuntu, I think aptly is really featureful.
-
How can I automate .deb GPG signing procedure?
I know that it is not directly what you asked about, but without knowing how the signed debs are being used, I can say that if you were to use aptly to create an apt repo to house your debs to then be installed on whatever machines offline (assuming network connectivity, which may be an incorrect assumption), it requires you to sign a published repo/mirror, and also requires you to install and trust the key on any systems that you then want to use to install package unless you specifically use [trusted=yes] in the apt repo list file.
-
Are there any extra steps to creating a Debian repository mirror?
There's also Aptly but I've never used it. Looks neat, though.
-
Archiving Debian ISO
I personally just mirror the packages for what ever I'm using with aptly and use the netinstall iso and point it to that local mirror. The netinstall iso will pull any needed updated from the repo.
-
Linux Host Patch Management
Take a look at Aptly.
-
Centralized patching for Ubuntu
Aptly is a purpose-built DEB content management solution. Never used but I've heard good things.
-
Linux Package repo server
The last time I got involved in repo/package management, we used aptly Later moved to Jfrog artifactory. The latter is very expensive.There is also pulp some said it is good, which I personally never managed in production environment, so I can't recommend for or against.
What are some alternatives?
nixos - My NixOS Configurations
apt-mirror - Official apt-mirror source.
haskell-nix - Nix and Haskell in production
Moby - The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
nickel - Better configuration for less
s5cmd - Parallel S3 and local filesystem execution tool.
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
bosun - Time Series Alerting Framework
nixos - NixOS Configuration
refrapt - Tool to create local Debian mirrors using Python
pndev - CLI tool for es-development
awsenv - AWS environment config loader