b0bu

Previously added this to a response on stackoverflow. In haproxy >2 you now get two values n / n which is the max within a sliding window and the average for that window. The max value remains the max across all sample windows until a higher value is found. On 1.8 you only get the average.

Example of haproxy 2 v 1.8. Note these proxies are used very differently and with dramatically different loads.

So looks like the average response times at least since last reboot are 66m and 275ms.

The average is computed as:

data time + cumulative http connections - 1 / cumulative http connections

b0bu

This is possible:

---
- import_playbook: collection.base.onprem
  vars:
    icinga_servers: ["server1", "server2"]
    auter_cron_prep_spec: "0 5 * * Mon root"
    auter_cron_apply_spec: "0 6 * * Mon root"

However this is not

b0bu

Enable coredumps for the kernel

mkdir /data/corefiles
chmod 777 /data/corefiles
echo /data/corefiles/core > /proc/sys/kernel/core_pattern
echo 1 > /proc/sys/kernel/core_uses_pid
sysctl -w fs.suid_dumpable=2
cat <<SETCORE > /etc/sysctl.d/mariadb_core.conf
kernel.core_pattern=/data/corefiles/core
kernel.core_uses_pid=1

b0bu

Maybe the daftest of all gists. Indeed for timing anything timeout n or sleep n are what you should absolutely use in bash. But I thought the visual was cool for this one.

timer () {
t=${1:-60}
python -c '
import time
import sys
t = int(sys.argv[1])
for i in range(t):
 print(f"\r {t-i}", end="")

b0bu

Here's an example of letting ansible provision certificates and test challenges against a dns provider from the stage api and then rolling on to the production api when it's successful. This ensures you don't hit an api limit with LE and that dns and challenge funcationality is working properly. Note the task file is being reused and vars: are passed like a function signature.

flags is used in the pull.sh and server/quiet are used in the cli.ini. There's a cron element not shown here which would use a renewal script once the initial pull is issued by ansible.

# ansible-playbook -i inventory le.yaml --tags test-letsencrypt-challenge
---
- import_tasks: issue-certificates.yml
  vars:

b0bu

If you're using letsencrypt with a third party public dns provider who don't support a mature api you'll have to ensure that the nameservers have propagated the newly created txt record before exiting your manual-auth scripts, returning control back to LE. LE will issue a challenge expecting the record to exist. Depending on the method used by the provider this challenge can fail, actually it likely will if it takes minutes or even 20 to 30 seconds.

This is part of a larger script which will ensure that your dns record is propagated before returning control to LE. The way that I construct text records in this script (not shown here) is done in such a way that something.something.something...example.com can be chained for as long a domain name is as allowed but here I'm manually setting the _acme-challenge. prefix which always comes at the start regardless of the length.

Also note that I'm using 8.8.8.8 to gather a list of public provider NS servers for doamin example.com. This is an api problem solved i

b0bu

Remove the difference between 2 lists.

- name: Get a file list of deployed post-hooks
  command: ls /etc/letsencrypt/renewal-hooks/post/
  register: st

- name: Strip file extensions from file list
  set_fact:
 deployed_post_hooks: "{{ st.stdout_lines|map('regex_replace', '(.sh)', '')|list }}"

b0bu

I isolate dependencies using python virtual environments. The base system's os python version can be leaverage inside of these environments when tools clash. Like for certbot or ansible password files where the base configurations doesn't change. But not to muddy the waters here's exactly what I mean. The azure.azcollection for ansible has a requirements.txt file. They requirements are only necessary for one of our ansible repos. There are clashing dependencies between this collection and our ansible vault_pass file. So how do you have the vault_pass file called by ansible from within a virtual environment utilise a different version of ansible. The answer is not as simple as you might think, or at least not as simple as I first thought.

If I setup a virtual environment the calling interpreter of ansible (the interpreter of my environment) will call the /usr/bin/az command, which is fine, if it has the dependencies in PATH to run it, which it doesn't.

# ansible.cfg
vault_password_file     = 

b0bu

I want to create a list of items from a string that would be useful in yaml json or python, so ["1","2"] from 1 2 (and back again). First understand you have to match a pattern before you can manipulate it. Second understand exactly what that pattern is. My pattern is a list of yum packages I'd like to quickly move to a yaml list for ansible. Here I have alphanumeric words with 1 sometimes 2 dashes. I have a word with no dashes and one with a dot ..

python2-mock python-zope-interface pytz pyOpenSSL.x86_64

The answer is, or at least my answer is

[
 {

b0bu

getting set up

As of this writing

# requirements.txt
ansible==3.3.0

Install ansible (personally I use pyenv virtual envs to create a clean environment but you can do what you like)

pip install -r requirements.txt