#!/usr/bin/env bash # 30_work.sh — Work / Juniper environment config # # Loaded when MACHINE_PROFILE=work OR hostname matches work patterns. # Secrets (passwords, tokens, API keys) are NOT stored here. # They live in ~/.bashrc.local on each work machine. # ============================================================================ # ----------------------------------------------------------------------- # Host detection helper — true on work Mac and all work servers # ----------------------------------------------------------------------- _is_work_host() { # Check MACHINE_PROFILE first (set in .bashrc.local on managed machines) [[ "${MACHINE_PROFILE:-}" == "work" ]] && return 0 # Fallback hostname pattern for work servers where .bashrc.local may not exist case "$(hostname -s)" in kenjim-mbp*|etqc-*|etbg-*|engtech-dev-*|zet*) return 0 ;; *) return 1 ;; esac } _is_work_host || return 0 # exit this file silently on personal machines # ----------------------------------------------------------------------- # PATH additions (work only) # ----------------------------------------------------------------------- PATH="${HOME}/bin:${HOME}/.local/bin:${PATH}" export PATH # Juniper lab tools (Linux work servers) if [[ -d /volume/labtools/bin ]]; then export PATH="${PATH}:/volume/labtools/bin" fi # ----------------------------------------------------------------------- # Domain: Juniper # ----------------------------------------------------------------------- case "${HOSTDOMAIN:-}" in juniper.net|jnpr.net) export PGUSER=ddladmin export PGHOST=localhost ;; esac # ----------------------------------------------------------------------- # Work Mac (kenjim-mbp) specific # ----------------------------------------------------------------------- case "$(hostname -s)" in kenjim-mbp*) export CLICOLOR=1 export RAILS_ENV=development export AWS_SDK_LOAD_CONFIG=1 # AWS profiles — work Mac uses named profile via ~/.aws/config # Override AWS_PROFILE in ~/.bashrc.local if needed per-project export AWS_PROFILE="${AWS_PROFILE:-kenjim-qnc}" alias aws-pgdb-qnc-du="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'" alias aws-pgdb-bng-du="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'" alias aws-pgdb-qnc-ls="aws --profile pgdb-qnc s3 ls s3://engtech-pgdb-s3-qnc/ --recursive" alias aws-pgdb-bng-ls="aws --profile pgdb-bng s3 ls s3://engtech-pgdb-s3-bng/ --recursive" function k8proxy() { export KUBECONFIG="${HOME}/Juniper/K8_Configs/kenjim-k8-config" export no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com" export http_proxy="socks5://localhost:3133/" export https_proxy=$http_proxy export ftp_proxy=$http_proxy export rsync_proxy=$http_proxy echo "k8s proxy set via localhost:3133" } function killcrashplan() { sudo launchctl unload /Library/LaunchDaemons/com.crashplan.engine.plist } ;; # ----------------------------------------------------------------------- # Work servers (etqc-*, etbg-*, engtech-dev-*) # ----------------------------------------------------------------------- etqc-*|etbg-*|engtech-dev-*) export AWS_SDK_LOAD_CONFIG=1 export AWS_PROFILE=pgdb-qnc alias aws-pgdb-qnc-du="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'" alias aws-pgdb-bng-du="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive | awk 'BEGIN {total=0}{total+=\$3}END{print total/1024/1024/1024\" GB\"}'" alias aws-pgdb-qnc-ls="aws s3 ls s3://engtech-pgdb-s3-qnc/ --recursive" alias aws-pgdb-bng-ls="aws s3 ls s3://engtech-pgdb-s3-bng/ --recursive" # Bash completion on Linux work servers [ -f /usr/share/bash-completion/bash_completion ] && \ source /usr/share/bash-completion/bash_completion ;; esac # ----------------------------------------------------------------------- # Ansible — Juniper infra-ansible shortcuts # ----------------------------------------------------------------------- _ANSIBLE_CFG="${HOME}/Juniper/git/infra-ansible/ansible_cli.cfg" _ANSIBLE_INV="inventory/cmdb_rendered/engtech.yml" if [[ -f "$_ANSIBLE_CFG" ]]; then alias apy="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default" alias aps="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=selective ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default" alias apa="rm -f ~/ansible.log; ANSIBLE_CONFIG=${_ANSIBLE_CFG} ANSIBLE_STDOUT_CALLBACK=actionable ansible-playbook -i ${_ANSIBLE_INV} --vault-id vault_engtech_default" alias ai="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible-inventory -i ${_ANSIBLE_INV}" alias ans="ANSIBLE_CONFIG=${_ANSIBLE_CFG} ansible -i ~/ansible/inventory/cmdb/now.py -i ~/ansible/inventory/engtech_prod" fi unset _ANSIBLE_CFG _ANSIBLE_INV # ----------------------------------------------------------------------- # AWX / Tower # ----------------------------------------------------------------------- alias awxjobs='awx jobs list -f human --filter id,name,limit,failed --all' function setawx() { echo -n "AWX Host: "; read -r TOWER_HOST echo -n "AWX Username: "; read -r TOWER_USERNAME echo -n "AWX Password: "; read -r -s TOWER_PASSWORD; echo export TOWER_HOST TOWER_USERNAME TOWER_PASSWORD awx -k -f human login awx config -f human | grep base_url } # ----------------------------------------------------------------------- # Monit helpers (remote) # ----------------------------------------------------------------------- function tmls() { ssh "$1" ls /etc/monit.d; } function tmlog() { ssh "$1" tail -f /var/log/monit.log; } # ----------------------------------------------------------------------- # Postgres shortcuts (Juniper TIM environments) # ----------------------------------------------------------------------- alias pgtimdev='psql -U tim_api tim_api_dev' alias pgtimtest='psql -U tim_api tim_api_test' alias pgtimqdev='psql -U tim_api -h ttqc-tim-mmonit-02 kenjim_devel' alias pgtimint='psql -h ttqc-tim-mm-02.juniper.net -U tim_api tim_api_int' alias pgtimint2='psql -h ttsv-db-03.juniper.net -U tim_api tim_api_int2' alias pgtimprod='psql -h ttqc-tim-mm-02.juniper.net -p 5432 -U tim_api tim' alias pgtimloc='psql -U tim_api kenjim_tim' alias pgtimweekly='psql -h ttqc-testdb-01 -U tim_api weekly_systest_live' alias pgtimqmm='psql -h ttqc-tim-mmonit-02 -U mmonit mmonit' alias pgtimbmm='psql -h ttbg-tim-mmonit-01 -U mmonit mmonit' alias pgbdrqc='psql -h ttqc-bdr-db01.juniper.net -U tim_api systest_live' alias pgbdrbg='psql -h ttbg-bdr-db01.juniper.net -U tim_api systest_live' alias pgdlm='psql -h ttqc-dlm-db-ms.ttglb.juniper.net -U ddladmin systest_live' # ----------------------------------------------------------------------- # Juniper proxy shortcut # ----------------------------------------------------------------------- alias j_proxy_on='proxy_on qcwebproxylb.juniper.net:3128' # ----------------------------------------------------------------------- # k8configs env (if checked out) # ----------------------------------------------------------------------- [[ -f "${HOME}/k8configs/engtech_k8_env.sh" ]] && \ source "${HOME}/k8configs/engtech_k8_env.sh" # ----------------------------------------------------------------------- # RVM (Ruby — if installed) # ----------------------------------------------------------------------- alias rvmi='source "$HOME/.rvm/scripts/rvm"; echo "rvm initialized..."' # ----------------------------------------------------------------------- # LDAP helpers — credentials injected from ~/.bashrc.local # Set JNPR_LDAP_BIND_DN and JNPR_LDAP_BIND_PW in ~/.bashrc.local # ----------------------------------------------------------------------- function ldaps() { local dn="${JNPR_LDAP_BIND_DN:-CN=_eng_jira_bind_new,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}" local pw="${JNPR_LDAP_BIND_PW:?Set JNPR_LDAP_BIND_PW in ~/.bashrc.local}" ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \ -h ldap-eqx-lb.jnpr.net \ -D "$dn" -w "$pw" \ sAMAccountName="$1" | perl -p00e 's/\r?\n //g' } function ldaps2() { local dn="${JNPR_LDAP_BIND_DN2:-CN=_eng_labrsrcmgr_bind,OU=Service Accounts,OU=Misc,OU=Common,DC=jnpr,DC=net}" local pw="${JNPR_LDAP_BIND_PW2:?Set JNPR_LDAP_BIND_PW2 in ~/.bashrc.local}" ldapsearch -LLL -x -b 'dc=jnpr,dc=net' \ -h ldap-qnc-lb.jnpr.net \ -D "$dn" -w "$pw" \ sAMAccountName="$1" | perl -p00e 's/\r?\n //g' } # ----------------------------------------------------------------------- # Network / misc Juniper tools # ----------------------------------------------------------------------- function netseg() { curl -k "https://netseg.juniper.net/api/find_ip?hostname=$1" | jq '.' } # Jira CLI shortcut alias jira='jira-cli --v2 view --oneline --search-jql "assignee=kenjim and status!=closed and status!=resolved order by priority desc, created asc"' # ----------------------------------------------------------------------- # Unified Hub (Artifactory / unified-hub.juniper.net) # Credentials pulled from ~/.bashrc.local: # UNIFIED_HUB_USERNAME e.g. kenjim@juniper.net # UNIFIED_HUB_TOKEN base64 API token from Artifactory # ----------------------------------------------------------------------- function unified-hub-login() { local url="unified-hub.juniper.net" local user="${UNIFIED_HUB_USERNAME:-}" local token="${UNIFIED_HUB_TOKEN:-}" if [[ -z "$user" || -z "$token" ]]; then echo "ERROR: UNIFIED_HUB_USERNAME and UNIFIED_HUB_TOKEN must be set (add to ~/.bashrc.local)" >&2 return 1 fi echo "$token" | docker login -u "$user" --password-stdin "$url" }