Skip to content

Instantly share code, notes, and snippets.

View ripienaar's full-sized avatar

R.I.Pienaar ripienaar

3k followers · 0 following
View GitHub Profile
@ripienaar
ripienaar / gist:34ae54cc1543bc5c12f3eac386a98a6e
Created September 17, 2020 13:36
[rip@dev1]% nats server list --user system <15:24:12
+----------------------------------------------------------------------------------------------------------------------------+
| Server Overview |
+--------+------------+-----------+---------------+-------+------+--------+-----+---------+-----+------+--------+------------+
| Name | Cluster | IP | Version | Conns | Subs | Routes | GWs | Mem | CPU | Slow | Uptime | RTT |
+--------+------------+-----------+---------------+-------+------+--------+-----+---------+-----+------+--------+------------+
| nc1-c1 | c1 | localhost | 2.2.0-beta.23 | 1 | 71 | 2 | 2 | 9.1 MiB | 0.0 | 0 | 12m31s | 3.573146ms |
| nc2-c1 | c1 | localhost | 2.2.0-beta.23 | 0 | 71
@ripienaar
ripienaar / anontls.md
Last active August 26, 2020 09:34

Certificate free TLS when using Choria AAA

One mainly would use the AAA server when there isn't a managed CA like the one from Puppet easily available, typically clients in that scenario has a desire to have no certificates at all - just a choria client.

We therefor need to support anonymous TLS where the connection is still encrypted using TLS but it's not verified.

When supporting this mode it's very important that the core Choria network does not run in downgraded security mode, so we will use a NATS technology called leafnodes to create a dedicated Choria Broker these clients would

@ripienaar
ripienaar / confirmed-ack.go
Created August 19, 2020 12:31
func(m *nats.Msg) {
// process m
_, err := nc.Request(m.reply, []byte("+ACK"), 2*time.Second)
// err here means ack was not confirmed
}
@ripienaar
ripienaar / docker-compose.yml
Created July 30, 2020 12:48
---
version: '3'
services:
external.example.net:
image: nats
command: >-
--tlscert /etc/nats/tls/external.example.net.cert
--tlskey /etc/nats/tls/external.example.net_u.key
--tlscacert /etc/nats/tls/ca-cert.pem
--client_advertise external.example.net:4222
@ripienaar
ripienaar / detect_event_type.txt
Last active July 24, 2020 18:16
$ nats -s demo.nats.io req 'registry.detect_type' '{
"schema": "io.nats.jetstream.advisory.v1.api_audit",
"id": "uafvZ1UEDIW5FZV6kvLgWA",
"timestamp": "2020-04-23T16:51:18.516363Z",
"server": "NDJWE4SOUJOJT2TY5Y2YQEOAHGAK5VIGXTGKWJSFHVCII4ITI3LBHBUV",
"client": {
"host": "::1",
"port": 57924,
"cid": 17,
"account": "$G",
@ripienaar
ripienaar / headers.go
Last active July 23, 2020 08:33
nc.Subscribe("test", func(m *nats.Msg) {
for h, vals := range m.Header {
for _, val := range vals {
log.Printf("%s: %s", h, val)
}
}
if m.Reply != "" {
msg := nats.NewMsg(m.Reply)
msg.Header.Add("X-Demo", "value")
@ripienaar
ripienaar / work.go
Created July 17, 2020 11:01
func main() {
nc, _ := nats.Connect("localhost")
stream := "ORDERS"
consumer := "NEW"
for {
msg, err := nc.Request("$JS.API.CONSUMER.MSG.NEXT."+stream+"."+consumer, 5*time.Second)
if err != nil {
fmt.Printf("pull failed, maybe no work available: %s", err)
@ripienaar
ripienaar / check_httpd.yaml
Created June 19, 2020 19:52
name: check_httpd
version: 1.0.0
initial_state: unknown
watchers:
# check httpd every minute
- name: check
type: nagios
interval: 1m
properties:
@ripienaar
ripienaar / gist:a3b5c06390a8d0bc75e48c14bc8ee3ea
Created June 12, 2020 15:02
$ helm install --namespace choria-iot broker choria/broker --values values.yaml
$ kubectl -n choria-iot logs pod/broker-broker-6bf64bb74d-5j75t
time="2020-06-12T15:01:44Z" level=info msg="Attempting to enroll with Cert Manager in namespace \"choria-iot\" using issuer \"provisioner-provisioner\"" component=security ssl=certmanager
time="2020-06-12T15:01:44Z" level=info msg="Submitting CSR for \"broker-broker-6bf64bb74d-5j75t\" to Cert Manager" component=security ssl=certmanager
time="2020-06-12T15:01:44Z" level=info msg="Attempt 1 at fetching certificate \"broker-broker-6bf64bb74d-5j75t\"" component=security ssl=certmanager
time="2020-06-12T15:01:44Z" level=info msg="Enrollment with Cert Manager completed in namespace \"choria-iot\"" component=security ssl=certmanager
time="2020-06-12T15:01:44Z" level=info msg="Choria Broker version 0.14.0 starting with config /etc/choria/config/broker.conf"
time="2020-06-12T15:01:44Z" level=info msg="Starting Network Broker"
time="2020-06-12T15:01:44Z" level=error msg="SRV lo
@ripienaar
ripienaar / gist:d8091a4278084b15f10d67a1da65be6c
Created June 8, 2020 12:53
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",