jkordish

[Verifying my cryptographic key:openpgp4fpr:F6702B8967ACA8FCC9A1EDCBE64F44FCA8569544]

jkordish

# not really needed anymore as consul supports the ability to filter our ec2 instances now
#create initial consul server config sans server IPs
cat<<EOF > /tmp/consul_config.json
{
    "datacenter": "${dc}",
    "retry_join": [
    ]
}
EOF

jkordish

# consul-template generated
127.0.0.1   localhost {{with node}}{{.Node.Node}}{{end}}
{{with node}}{{.Node.Address}}  {{.Node.Node}}{{end}}
::1         localhost

# hosts by service
{{range services}}}# {{.Name}}{{$Name :=.Name}}{{range $index, $service := service .Name "any" }}
{{.Address}}  {{.Node}} {{$Name}}0{{$index | add 1}}
{{end}}{{end}}

jkordish

aws ec2 describe-instances --filter "Name=tag:Name,Values=blah*" --output text --query "Reservations[].Instances[].Tags[?Key=='Name'].Value"

jkordish

# haproxy HA monitor

description "monitor the haproxy EIP for HA"

start on runlevel [2345]
stop on runlevel [!2345]
console log
limit nofile 65535 65535

respawn

jkordish

#!/bin/bash -e
# /etc/profile.d/creds.sh
iam_role=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/)

export AWS_ACCOUNT_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | /usr/bin/jq -r .accountId)
export AWS_DEFAULT_REGION=$(/usr/bin/curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | /usr/bin/jq -r .region)
export AWS_ACCESS_KEY_ID=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role | /usr/bin/jq -r .AccessKeyId)
export AWS_SECRET_ACCESS_KEY=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role | /usr/bin/jq -r .SecretAccessKey)
export AWS_SECURITY_TOKEN=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$iam_role | /usr/bin/jq -r .Token)
export AWS_SESSION_TOKEN=$AWS_SECURITY_TOKEN

jkordish

# Add an ARN to existing statement
policy=$(aws s3api get-bucket-policy --bucket <bucket> --query Policy --output text | jq '.Statement[0].Principal.AWS |= [.][]+ ["<resource arn>"]')

# push changes
aws s3api put-bucket-policy --bucket <bucket> --policy "${policy}"

###

# Merge statement lists from remote to your local (policy.json)
policy=$(aws s3api get-bucket-policy --bucket <bucket> --query Policy --output text | jq ".Statement |= .+ $(jq .Statement policy.json)")

jkordish

  hostA$ tar c mydir | lzop | socat - tcp-listen:1234
  hostB$ socat tcp:hostA:1234 | lzop -d | tar x

jkordish

- name: get multirust
  get_url:
    url: https://raw.githubusercontent.com/brson/multirust/master/blastoff.sh
    dest: /tmp/blastoff.sh
    mode: 0755

- name: install multirust
  become: yes
  become_user: "{{lookup('env', 'USER')}}"
  become_method: sudo

jkordish

pre-start script
  set -e
  MEM=$(awk '/^MemFree/ {free=$2 * 1024 - 1610612736}; END \
    { if ( free > 4294967296 ) print 4294967296; \
     else if  ( free < 134217728 ) print 134217728; \
      else print free }' /proc/meminfo)
  CPU=$(awk '/^processor/ { n++ }; END { if ( n > 2) print n-2; else print n+0}' /proc/cpuinfo)

  sed -i "s/^chunkMemQueueBytes.*/chunkMemQueueBytes\ =\ $MEM/" /opt/tap-cbs/config.txt
  sed -i "s/^nDigesters.*/nDigesters\ =\ $CPU/" /opt/tap-cbs/config.txt