Skip to content

DevOps Reference

🛠️ Operations Tools
🖥️ Command Generator

Docker Setup & Build

Docker Core Reference

Docker Operations

Git Reference

GitLab CI/CD
Monitoring live network traffic using PowerShell 
# -------- CDS Image Split and Transfer -------- #
# After production deployment succeeds, pull the CC image, split it in half,
# push each half to Artifactory with a part suffix, and trigger the CDS pipeline for each part.

Get CDS Vault Credentials:
stage: CDS Image Split and Transfer
rules:
    - if: $CI_PIPELINE_SOURCE == "trigger"
extends: .get_vault_secrets

Split and Transfer CC Image via CDS:
stage: CDS Image Split and Transfer
image: $docker_awscli_image
services:
    - name: $org_dind_image
    alias: docker
    command: [ "--insecure-registry=artifactory.guruy.com", "--insecure-registry=artifactory.gurug.com", "--insecure-registry=artifactory.gurur.com", "--insecure-registry=artifactory.guruprm","--tls=false","--max-concurrent-downloads=10","--storage-driver=overlay2"]
needs:
    - "Scheduled CyberCenter Deployment - Production"
    - "Get CDS Vault Credentials"
rules:
    - if: $CI_PIPELINE_SOURCE == "trigger"
variables:
    image_name: "artifactory.gurug.com/team1-docker/aquasec/cc-premium"
    team1_app_tenant: "team1"
script:
    - |
    echo "*** CDS Image Split and Transfer ***"
    echo "Image: $image_name:$image_tag"

    # Docker login and pull the CC image
    echo $registry_pw | docker login $registry_url --username $registry_user --password-stdin
    docker pull "$image_name:$image_tag"

    # Save the image to a tar file
    echo "Saving image to tar..."
    docker save "$image_name:$image_tag" -o cc-premium-${image_tag}.tar
    tar_size=$(stat -c%s "cc-premium-${image_tag}.tar")
    echo "Full image tar size: $tar_size bytes"

    # Split the tar in half
    echo "Splitting image tar in half..."
    half_size=$(( (tar_size + 1) / 2 ))
    split -b "$half_size" -d -a 1 --additional-suffix=.tar "cc-premium-${image_tag}.tar" "cc-premium-${image_tag}-part"
    ls -lh cc-premium-${image_tag}-part*

    # Copy to S3
    echo "Uploading split parts to S3 diode bucket..."
    one_zip="cc-premium-${image_tag}-part0.tar"
    two_zip="cc-premium-${image_tag}-part1.tar"
    SHA=$(sha256sum $one_zip | cut -d ' ' -f 1)
    echo "Copying to diode bucket: $one_zip (sha256: ${SHA:0:12}...)"
    aws s3api put-object \
        --bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
        --key UP/team1/$team1_app_tenant-$one_zip \
        --body $one_zip \
        --acl 'bucket-owner-full-control' \
        --tagging "checksum=$SHA&originator=$team1_app_tenant&product=lambda&version=1&team1_tenant=$team1_app_tenant&cds_user=$cds_user&lambda_file_name=$one_zip" \
        --cli-read-timeout 120 --cli-connect-timeout 30

    SHA=$(sha256sum $two_zip | cut -d ' ' -f 1)
    echo "Copying to diode bucket: $two_zip (sha256: ${SHA:0:12}...)"
    aws s3api put-object \
        --bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
        --key UP/team1/$team1_app_tenant-$two_zip \
        --body $two_zip \
        --acl 'bucket-owner-full-control' \
        --tagging "checksum=$SHA&originator=$team1_app_tenant&product=lambda&version=1&team1_tenant=$team1_app_tenant&cds_user=$cds_user&lambda_file_name=$two_zip" \
        --cli-read-timeout 120 --cli-connect-timeout 30

    echo "*** CDS Image Split and Transfer Complete ***"

# -------- CDS Image Reassembly (Target Environment) -------- #
# Uncomment the stage in the stages list and the job below when ready to
# reassemble the split CC image in the target environment.
#
# Reassemble CC Image:
#   stage: CDS Image Reassembly
#   image: $docker_awscli_image
#   services:
#     - name: $org_dind_image
#       alias: docker
#       command: [ "--insecure-registry=artifactory.guruy.com", "--insecure-registry=artifactory.gurug.com", "--insecure-registry=artifactory.gurur.com", "--insecure-registry=artifactory.guruprm","--tls=false","--max-concurrent-downloads=10","--storage-driver=overlay2"]
#   rules:
#     - if: $CI_PIPELINE_SOURCE == "trigger"
#   variables:
#     image_name: "artifactory.gurug.com/team1-docker/aquasec/cc-premium"
#     team1_app_tenant: "team1"
#   script:
#     - |
#       echo "*** CDS Image Reassembly ***"
#       echo "Reassembling image: $image_name:$image_tag"
#
#       one_zip="cc-premium-${image_tag}-part0.tar"
#       two_zip="cc-premium-${image_tag}-part1.tar"
#
#       # Download both halves from S3
#       echo "Downloading split parts from S3..."
#       aws s3api get-object \
#         --bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
#         --key DOWN/team1/$team1_app_tenant-$one_zip \
#         "$one_zip" \
#         --cli-read-timeout 120 --cli-connect-timeout 30
#
#       aws s3api get-object \
#         --bucket arn:aws:s3:us-west-1:12345680:accesspoint/team1-prod-haps \
#         --key DOWN/team1/$team1_app_tenant-$two_zip \
#         "$two_zip" \
#         --cli-read-timeout 120 --cli-connect-timeout 30
#
#       ls -lh cc-premium-${image_tag}-part*.tar
#
#       # Concatenate the two halves back into the full tar
#       echo "Reassembling tar from parts..."
#       cat "$one_zip" "$two_zip" > "cc-premium-${image_tag}.tar"
#       echo "Reassembled tar size: $(stat -c%s cc-premium-${image_tag}.tar) bytes"
#
#       # Load the reassembled image into Docker
#       echo "Loading reassembled image into Docker..."
#       docker load -i "cc-premium-${image_tag}.tar"
#
#       # Verify the image loaded correctly
#       docker images | grep cc-premium
#
#       # Docker login and push to Artifactory
#       echo $registry_pw | docker login $registry_url --username $registry_user --password-stdin
#       echo "Pushing reassembled image to registry..."
#       docker push "$image_name:$image_tag"
#
#       echo "*** CDS Image Reassembly Complete ***"

AWS Core Services

AWS Infrastructure & Security