DavidWittman

A Brief Introduction to Fabric

Fabric is a deployment management framework written in Python which makes remotely managing multiple servers incredibly easy. If you've ever had to issue a change to a group servers, this should look pretty familiar:

for s in $(cat servers.txt); do ssh $s service httpd graceful; done

Fabric improves on this process by providing a suite of functions to run commands on the servers, as well as a number of other features which just aren't possible in a simple for loop. While a working knowledge of Python is helpful when using Fabric, it certainly isn't necessary. This tutorial will cover the steps necessary to get started with the framework and introduce how it can be used to improve on administering groups of servers.

DavidWittman

You can find the MAC address for LAN1/eth0 (not the BMC MAC) via the SuperMicro IPMI interface by running the following command:

$ ipmitool -U $IPMI_USER -P $IPMI_PASS -H $IPMI_HOST raw 0x30 0x21 | tail -c 18

The eth0 MAC address will be output in this format:

00 25 90 f0 be ef

DavidWittman

Automated DevStack deployments on Rackspace with salt-cloud

Preparation

Install salt-master and salt-cloud

These instructions will install salt-master and salt-cloud on recent Ubuntu releases. Consult the SaltStack Installation Documentation should you require instructions for other distributions.

echo deb http://ppa.launchpad.net/saltstack/salt/ubuntu `lsb_release -sc` main | sudo tee /etc/apt/sources.list.d/saltstack.list

DavidWittman

#!/usr/bin/env python

# check_peer_interfaces.py
# Author: David Wittman <david@wittman.com>
#
# Checks to see if two interfaces are on the same network by sending a
# unique broadcast packet out of the first interface and listening for that
# packet on the second interface.
#
# Assumes that you're running a Linux variant, and that both interfaces

DavidWittman

Packet Analysis with Wireshark

Links

• Capture files
• CloudShark

Common filters

Source IP is 192.168.1.1

ip.src == 192.168.1.1

DavidWittman

iptables n'at

Source NAT

Source NAT changes the source address in IP header of a packet. It may also change the source port in the TCP/UDP headers. The typical usage is to change the a private (rfc1918) address/port into a public address/port for packets leaving your network. Available only in the POSTROUTING chain in iptables.

Syntax

iptables -t nat -A POSTROUTING -i eth1 -j SNAT --to-source 1.2.3.4[:port]

Example

DavidWittman

#!/usr/bin/env python
#
# MongoDB-backed dynamic inventory script for Ansible
# http://docs.ansible.com/intro_dynamic_inventory.html

import os

from argparse import ArgumentParser

import pymongo

DavidWittman

#!/usr/bin/env python

# Parses the output from AWS credential reports and displays
# users which have been inactive for 60+ days.
#
# Usage:
#   audit_iam_accounts.py credential_report.csv <days>
#

import csv

DavidWittman

#!/usr/bin/env bash

# Loads and mounts an ISO over SMB via the
# SuperMicro IPMI web interface
#
# usage: supermicro-mount-iso.sh <ipmi-host> <smb-host> <path>
#  e.g.: supermicro-mount-iso.sh 10.0.0.1 10.0.0.2 '\foo\bar\windows.iso'

set -x

DavidWittman

#!/usr/bin/env bash

# Retrieves the plaintext JNLP from a SuperMicro IPMI webserver
# Usage: supermicro-java-console.sh <hostname>
#        supermicro-java-console.sh 10.1.2.34 > login.jnlp

set -x

HOST="$1"
IPMI_USER=${IPMI_USER:-ADMIN}