Skip to content

Instantly share code, notes, and snippets.

View mail.txt
/etc/puppetlabs/mcollective/client.cfg
loglevel = debug
> mco puppet status
debug 2021/01/21 16:52:15: pluginmanager.rb:162:in `loadclass' Loading Mcollective::Facts::Yaml_facts from mcollective/facts/yaml_facts.rb
debug 2021/01/21 16:52:15: pluginmanager.rb:43:in `<<' Registering plugin facts_plugin with class MCollective::Facts::Yaml_facts single_instance: true
debug 2021/01/21 16:52:15: pluginmanager.rb:162:in `loadclass' Loading Mcollective::Connector::Nats from mcollective/connector/nats.rb
debug 2021/01/21 16:52:15: cache.rb:117:in `block in ttl' Cache miss on 'ddl' key 'connector/nats'
debug 2021/01/21 16:52:15: base.rb:100:in `block in findddlfile' Found nats ddl at /opt/puppetlabs/mcollective/plugins/mcollective/connector/nats.ddl
View execution.txt
$ cat list
n1.example.net
n2.example.net
$ ./test --nodes list <21:21:44
Discovering nodes .... 2
2 / 2 0s [====================================================================] 100%
n1.example.net
View gist:cc498b6790fae0af393a2b606eb9b8b7
&ApiError{Code: 503, Description: "jetstream not enabled for account"}
&ApiError{Code: 400, Description: "bad request"}
&ApiError{Code: 400, Description: "expected an empty request payload"}
&ApiError{Code: 400, Description: "invalid JSON received in request"}
&ApiError{Code: 400, Description: "template name in subject does not match request"}
&ApiError{Code: 400, Description: "stream name in subject does not match request"}
&ApiError{Code: 400, Description: "stream name in subject does not match request"}
&ApiError{Code: 403, Description: "not allowed to delete internal stream"}
&ApiError{Code: 400, Description: fmt.Sprintf("sequence [%d] not found", req.Seq)}
&ApiError{Code: 400, Description: fmt.Sprintf("stream [%q] already exists", stream)}
View gist:34ae54cc1543bc5c12f3eac386a98a6e
[rip@dev1]% nats server list --user system <15:24:12
+----------------------------------------------------------------------------------------------------------------------------+
| Server Overview |
+--------+------------+-----------+---------------+-------+------+--------+-----+---------+-----+------+--------+------------+
| Name | Cluster | IP | Version | Conns | Subs | Routes | GWs | Mem | CPU | Slow | Uptime | RTT |
+--------+------------+-----------+---------------+-------+------+--------+-----+---------+-----+------+--------+------------+
| nc1-c1 | c1 | localhost | 2.2.0-beta.23 | 1 | 71 | 2 | 2 | 9.1 MiB | 0.0 | 0 | 12m31s | 3.573146ms |
| nc2-c1 | c1 | localhost | 2.2.0-beta.23 | 0 | 71
View anontls.md

Certificate free TLS when using Choria AAA

One mainly would use the AAA server when there isn't a managed CA like the one from Puppet easily available, typically clients in that scenario has a desire to have no certificates at all - just a choria client.

We therefor need to support anonymous TLS where the connection is still encrypted using TLS but it's not verified.

When supporting this mode it's very important that the core Choria network does not run in downgraded security mode, so we will use a NATS technology called leafnodes to create a dedicated Choria Broker these clients would

View confirmed-ack.go
func(m *nats.Msg) {
// process m
_, err := nc.Request(m.reply, []byte("+ACK"), 2*time.Second)
// err here means ack was not confirmed
}
View docker-compose.yml
---
version: '3'
services:
external.example.net:
image: nats
command: >-
--tlscert /etc/nats/tls/external.example.net.cert
--tlskey /etc/nats/tls/external.example.net_u.key
--tlscacert /etc/nats/tls/ca-cert.pem
--client_advertise external.example.net:4222
View headers.go
nc.Subscribe("test", func(m *nats.Msg) {
for h, vals := range m.Header {
for _, val := range vals {
log.Printf("%s: %s", h, val)
}
}
if m.Reply != "" {
msg := nats.NewMsg(m.Reply)
msg.Header.Add("X-Demo", "value")
View work.go
func main() {
nc, _ := nats.Connect("localhost")
stream := "ORDERS"
consumer := "NEW"
for {
msg, err := nc.Request("$JS.API.CONSUMER.MSG.NEXT."+stream+"."+consumer, 5*time.Second)
if err != nil {
fmt.Printf("pull failed, maybe no work available: %s", err)
View check_httpd.yaml
name: check_httpd
version: 1.0.0
initial_state: unknown
watchers:
# check httpd every minute
- name: check
type: nagios
interval: 1m
properties: