Skip to content

Instantly share code, notes, and snippets.


John E. Vincent lusis

View GitHub Profile
View wat.txt
[root@dmcm-base-omnibus-build-lab etc]# yum groupinstall Development
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base:
* epel:
* extras:
* updates:
Setting up Group Process
Checking for new repos for mirrors
Package flex-2.5.35-8.el6.x86_64 already installed and latest version

brevity isn't my strongest skill but I'm seriously going to try here

Questions first

  • Is berkshelf becoming a core chef dep?
  • Is berkshelf becoming a core chef workflow dep?
  • If so, why? (what gap is it filling?)
  • If so, is it being rolled into chef proper?
  • If not, why is it not being rolled into Chef proper?
lusis / 01-omrelp.conf
Created Apr 25, 2014
omrelp rsyslog config
View 01-omrelp.conf
$ModLoad omrelp
$RepeatedMsgReduction off
$template ls_json,"{\"@version\":1,\"@timestamp\":\"%timestamp:1:19:date-rfc3339%.%timestamp:1:3:date-subseconds%+00:00\",%HOSTNAME:::jsonf:source_host%,\"message\":\"%timestamp% %app-name%:%msg:::json%\",%syslogfacility-text:::jsonf:facility%,%syslogseverity-text:::jsonf:severity%,%app-name:::jsonf:program%,%procid:::jsonf:processid%}"
*.* :omrelp:;ls_json
lusis / how I killed
Created May 10, 2014
how I killed
View how I killed

Short answer:

Hubot saw a message from himself that he SHOULD have ignored.

Long answer:

  • hubot listens via irc to slack
  • hubot responds via webhooks to slack

Someone (PEAKSCALE!!!!) typed a standard thing we use all the time:

lusis /
Created May 15, 2014
Needs to be cleaned up and probably doing stupid shit

Basic port of my old rabbitmq+ruby global log tailer to redis+golang.

Still a go newb but it works. Probably lots of edge cases. Managed to port the bits to publish to a websocket instead of stdout. Plan on cleaning all that up and publishing it as two bits - the service and the client.

This is just a basic client. Totally insecure.

Note you would need to customize this. We have our own keys in our logstash events that are pointless to you.

This tool is primarily for our developers to be able to work with our production logs. They have access to our Kibana install but sometimes being able to just hit the command-line and use natural tools makes more sense. There's also an option to display stacktraces as well which is handy to be able to turn on or off.

lusis /
Last active Aug 29, 2015
modified irc hubot adapter to send responses via slack webhook api

What is it?

A modifed version of the IRC adapter for Hubot that responds via Slack webhook api

Is it any good

Not at all. This was the first time I ever touched coffeescript.


  • Enable the slack IRC gateway
  • Create a dedicated account for Hubot
  • Create a new incoming webhook for hubot to use. Set HUBOT_SLACK_WEBHOOK_URL env var to that url
lusis / iptables-slack-notify-chef.rb
Created Aug 19, 2014
View iptables-slack-notify-chef.rb
slack "iptables-rules-changed-#{}" do
message "iptables.sav was updated on #{}! This should be investigated"
icon_url node['chef_client']['handler']['slack']['icon_url']
channel node['chef_client']['handler']['slack']['channel']
username "Chef iptables notifier"
action :nothing
template "/etc/iptables.sav" do
owner "root"
lusis /
Last active Aug 29, 2015
centos7 weirdness in post-install scripts

In rebuilding and testing our omnibus "megapackage" on centos7, we discovered a weirdness where our post install scripts kept bombing out.

Note that this same script in our omnibus package worked on 14.04 ubuntu with no modification as well as the previous centos6 and ubuntu 12.04 setups.

It's possible the centos image we were using to test for centos6 already had selinux disabled (I haven't gone back and retested).

The really WEIRD part is that this work when I run these cookbooks manually logging in as root (the solo run we do in the post-install)

Something about the context of running chef-solo inside the context of a post-install script on centos7 feels like the issue but it could just be an old-fashioned bug.

lusis /
Created Oct 8, 2014
Slack exploit

Folks know I'm pretty gung-ho about slack as a communication tool and several people have brought up the following ValleyWag article:

Obviously we're concerned about it as well but as with most security issues, things aren't so clear cut. In many cases, I've gotten comments from people who don't use slack so there's understandable confusion. Note that I don't work for slack (obviously) and I don't speak for them (I didn't think this would ever need to be said but...there you go)

To be clear, this is an issue and we've already reported it to slack as well that it's unacceptable for us

Some things to note

  • When you create a slack team (the top-level construct), you are given the option of specifying which email domains you want to allow people to "automatically" be able to register with. This is really handy. So someone at apple might say "we want all apple employees to be able to join this slack team".
lusis /
Created Dec 2, 2014
Container Canticle
  • "And so it was in the days before the reign of the unikernel that the hypervisors fought the containers. Then the containers turned inward"
  • "And the one that went by water battled the one that went by air"
  • "And the demon and the daystar waited for the chance to strike"
  • "All the while the operators feasted on the discarded table scraps of the one called G"
  • "And while the bits were lost in the hydra-like pit of abstraction, a voice cried out across the land"
  • "The prophet climbed the mountain and raised his keyboard and said but one word - systemd"
  • "But the people were betrayed by the nspawn saying 'lennart, lennart. lama sabachthani'"
  • "And then did the great moon come forth in the sky"
  • "And whispered not a word. Only drawing symbols in the air...."
  • "In the end all were tested in the distributed fires of the bound one and found lacking"