- Based on this: https://access.redhat.com/solutions/7141979
- https://access.redhat.com/security/cve/cve-2026-31431
variant: openshift
version: 4.20.0
Dan Clark dmc5179
- Derived from the following access article
https://access.redhat.com/solutions/7130140#ocp_step_10
export NODE_NAME="" # Node name from "oc get nodes"- Make sure to bring the following
- Git Repo: https://github.com/insights-onprem/cost-onprem-chart
- helm binary
- jq and kubectl must be installed on host from which chart is deployed
dmc5179
/ oc-mirror-signature-disable-certified-index.md
Last active
April 23, 2026 18:40
oc mirror signature disable for certified operator index
Certified operator index is complicated when it comes to image signatures. oc mirror 4.21 started to enforce signature pulls. Either use oc mirror 4.20.x binary or use the below workaround.
mkdir registries.d
cat < registries.d/redhat.yaml
dmc5179
/ performance-profile-wrapper.sh
Created
April 21, 2026 21:33
README for performance profile generator
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| readonly CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} | |
| readonly CURRENT_SCRIPT=$(basename "$0") | |
| readonly CMD="${CONTAINER_RUNTIME} run --entrypoint performance-profile-creator" | |
| readonly IMG_EXISTS_CMD="${CONTAINER_RUNTIME} image exists" | |
| readonly IMG_PULL_CMD="${CONTAINER_RUNTIME} image pull" | |
| readonly MUST_GATHER_VOL="/must-gather" | |
| NTO_IMG="registry.redhat.io/openshift4/ose-cluster-node-tuning-rhel9-operator:v4.20" |
dmc5179
/ oc-mirror-race-condition.md
Last active
May 6, 2026 19:15
oc-mirror by catalog image index
-
Note: There is a race conditin in oc mirror during the mirror-to-disk process. If the index image changes, i.e a new one is published, between the time that oc mirror starts pulling images and the time oc mirror finishes, the resulting tar ball will be corrupted
-
HUGE WARNING: This process will has the index image listed by digest in your imageset-config.yaml. That works fine for mirror-to-disk run 1. When you want to update content you will want to do this again and get the digest of the latest version of the index image to put into the imageset-config.yaml. If that is NOT done, your imageset will become static.
podman pull registry.redhat.io/redhat/redhat-operator-index:v4.20
dmc5179
/ aws_bulk_tagger.sh
Created
February 24, 2026 01:14
Bash Script to tag AWS resources in bulk
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Configuration | |
| APP_CODE_VALUE="" | |
| SERVICE_PHASE_VALUE="" | |
| COST_CENTER_VALUE="" | |
| REGION="us-east-1" # Change to your target region | |
| TAG_SET="app-code=${APP_CODE_VALUE},service-phase=${SERVICE_PHASE_VALUE},cost-center=${COST_CENTER_VALUE}" |
dmc5179
/ Dockerfile
Last active
January 9, 2026 14:48
Steps to update the RedHatOfficial ansible roles from the upstream ComplianceAsCode content repo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM registry.fedoraproject.org/fedora-minimal:latest | |
| WORKDIR /content | |
| RUN microdnf -y install cmake make git /usr/bin/python3 python3-pyyaml \ | |
| python3-jinja2 openscap-utils python3-setuptools \ | |
| jq vim scap-security-guide python3-pip python3-pygithub.noarch && \ | |
| python3 -m pip install --upgrade pip && \ | |
| python3 -m pip install --no-cache sh && \ | |
| rm -rf /var/cache/yum /var/cache/dnf |
NewerOlder