Skip to content

Instantly share code, notes, and snippets.

John E. Vincent lusis

Block or report user

Report or block lusis

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View wat.txt
[root@dmcm-base-omnibus-build-lab etc]# yum groupinstall Development
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: linux.mirrors.es.net
* epel: linux.mirrors.es.net
* extras: mirror.supremebytes.com
* updates: linux.mirrors.es.net
Setting up Group Process
Checking for new repos for mirrors
Package flex-2.5.35-8.el6.x86_64 already installed and latest version
View berks-chef-ecosystem.md

brevity isn't my strongest skill but I'm seriously going to try here

Questions first

  • Is berkshelf becoming a core chef dep?
  • Is berkshelf becoming a core chef workflow dep?
  • If so, why? (what gap is it filling?)
  • If so, is it being rolled into chef proper?
  • If not, why is it not being rolled into Chef proper?
@lusis
lusis / 01-omrelp.conf
Created Apr 25, 2014
omrelp rsyslog config
View 01-omrelp.conf
$ModLoad omrelp
$RepeatedMsgReduction off
$template ls_json,"{\"@version\":1,\"@timestamp\":\"%timestamp:1:19:date-rfc3339%.%timestamp:1:3:date-subseconds%+00:00\",%HOSTNAME:::jsonf:source_host%,\"message\":\"%timestamp% %app-name%:%msg:::json%\",%syslogfacility-text:::jsonf:facility%,%syslogseverity-text:::jsonf:severity%,%app-name:::jsonf:program%,%procid:::jsonf:processid%}"
*.* :omrelp:127.0.0.1:20514;ls_json
View chef-rundeck.rb
# run with
# chef-apply chef-rundeck.rb
require 'chef'
require 'chef/node'
require 'chef/mixin/xml_escape'
require 'chef/rest'
require 'chef/role'
require 'chef/environment'
require 'chef/data_bag'
@lusis
lusis / how I killed slack.md
Created May 10, 2014
how I killed slack.md
View how I killed slack.md

Short answer:

Hubot saw a message from himself that he SHOULD have ignored.

Long answer:

  • hubot listens via irc to slack
  • hubot responds via webhooks to slack

Someone (PEAKSCALE!!!!) typed a standard thing we use all the time:

@lusis
lusis / README.md
Created May 15, 2014
Needs to be cleaned up and probably doing stupid shit
View README.md

Basic port of my old rabbitmq+ruby global log tailer to redis+golang.

Still a go newb but it works. Probably lots of edge cases. Managed to port the bits to publish to a websocket instead of stdout. Plan on cleaning all that up and publishing it as two bits - the service and the client.

This is just a basic client. Totally insecure.

Note you would need to customize this. We have our own keys in our logstash events that are pointless to you.

This tool is primarily for our developers to be able to work with our production logs. They have access to our Kibana install but sometimes being able to just hit the command-line and use natural tools makes more sense. There's also an option to display stacktraces as well which is handy to be able to turn on or off.

@lusis
lusis / NOTES.md
Last active Aug 29, 2015
modified irc hubot adapter to send responses via slack webhook api
View NOTES.md

What is it?

A modifed version of the IRC adapter for Hubot that responds via Slack webhook api

Is it any good

Not at all. This was the first time I ever touched coffeescript.

Requirements

  • Enable the slack IRC gateway
  • Create a dedicated account for Hubot
  • Create a new incoming webhook for hubot to use. Set HUBOT_SLACK_WEBHOOK_URL env var to that url
@lusis
lusis / iptables-slack-notify-chef.rb
Created Aug 19, 2014
iptables-slack-notify-chef.rb
View iptables-slack-notify-chef.rb
slack "iptables-rules-changed-#{node.name}" do
message "iptables.sav was updated on #{node.name}! This should be investigated"
icon_url node['chef_client']['handler']['slack']['icon_url']
channel node['chef_client']['handler']['slack']['channel']
username "Chef iptables notifier"
action :nothing
end
template "/etc/iptables.sav" do
owner "root"
@lusis
lusis / 01-README.md
Last active Aug 29, 2015
centos7 weirdness in post-install scripts
View 01-README.md

In rebuilding and testing our omnibus "megapackage" on centos7, we discovered a weirdness where our post install scripts kept bombing out.

Note that this same script in our omnibus package worked on 14.04 ubuntu with no modification as well as the previous centos6 and ubuntu 12.04 setups.

It's possible the centos image we were using to test for centos6 already had selinux disabled (I haven't gone back and retested).

The really WEIRD part is that this work when I run these cookbooks manually logging in as root (the solo run we do in the post-install)

Something about the context of running chef-solo inside the context of a post-install script on centos7 feels like the issue but it could just be an old-fashioned bug.

@lusis
lusis / readme.md
Created Oct 8, 2014
Slack exploit
View readme.md

Folks know I'm pretty gung-ho about slack as a communication tool and several people have brought up the following ValleyWag article:

http://valleywag.gawker.com/slack-is-letting-anyone-peek-at-their-competitors-1643790919/+barrett

Obviously we're concerned about it as well but as with most security issues, things aren't so clear cut. In many cases, I've gotten comments from people who don't use slack so there's understandable confusion. Note that I don't work for slack (obviously) and I don't speak for them (I didn't think this would ever need to be said but...there you go)

To be clear, this is an issue and we've already reported it to slack as well that it's unacceptable for us

Some things to note

  • When you create a slack team (the top-level construct), you are given the option of specifying which email domains you want to allow people to "automatically" be able to register with. This is really handy. So someone at apple might say "we want all apple employees to be able to join this slack team".
You can’t perform that action at this time.