Raúl Sevilla rsevilla87

## masked_flow_lookup.bt
#!/usr/bin/bpftrace

BEGIN
{
    printf("Tracing masked_flow_lookup... Hit Ctrl-C to end\n");
}

kprobe:masked_flow_lookup{
    @start[tid] = nsecs;
    @count++

## fsync.bt
#!/usr/bin/bpftrace

BEGIN
{
    printf("Tracing fsync and fdatasync syscalls... Hit Ctrl-C to end.\n");
}

tracepoint:syscalls:sys_enter_fsync,
tracepoint:syscalls:sys_enter_fdatasync /pid==4320/ {
 @start[tid] = nsecs;

## timer.sh
for p in $(oc get pod -o name -l app=ovnkube-master); do
  oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 2000
  oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 4000
  oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 8000
  oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 16000
  oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-election-timer OVN_Southbound 2000
  oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-election-timer OVN_Southbound 4000
  oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-electio

## enable.sh
for p in $(oc get pod -o name -l app=ovnkube-master -n openshift-ovn-kubernetes -o name); do
  oc exec -c nbdb ${p} -- sh -c "ovn-kube-util ovn-db-exporter &"
done

oc apply -f - << EOF
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    app: ovnkube-master

## OpenShift-OVN flows
root@ip-172-31-71-55: ~ # oc describe svc router-default
Name:                     router-default
Namespace:                openshift-ingress
Labels:                   app=router
                          ingresscontroller.operator.openshift.io/owning-ingresscontroller=default
                          router=router-default
Annotations:              service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2

## gist:12730f8283c96ae9cb0c33d7281d1497
root@ip-172-31-72-85: ~/workloads-shorcuts # oc describe svc -n openshift-ingress router-default
Name:                     router-default
Namespace:                openshift-ingress
Labels:                   app=router
                          ingresscontroller.operator.openshift.io/owning-ingresscontroller=default
                          router=router-default
Annotations:              service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4
                          service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2

## gist:e7bf3c272edd74bac32d2a0675cbb488

sh-4.2# ovn-trace --ct=trk,est --detailed ip-10-0-165-188.us-west-2.compute.internal 'inport == "openshift-ingress_router-default-6cbfff9f69-g5dwj"
&& eth.src == 9a:90:f0:83:04:0a &&
eth.dst ==  0A:58:0A:83:04:01 &&
ip4.src == 10.131.4.9 &&
ip4.dst == 10.128.2.31 &&

## cni.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rsevilla87
                / cni.md
            
            
              Last active
              October 17, 2019 10:12
            
              
                Testing CNI plugins like a boss
              
          
    host-device plugin


Create CNI config

cat > cni.cfg << EOF
{
  "name": "mynet",
  "cniVersion": "0.3.0",
  "type": "host-device",


## openssl.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rsevilla87
                / openssl.md
            
            
              Last active
              October 8, 2018 21:07
            
              
                Generate new CA and signed certificate cheatsheet
              
          
    Generate your own CA and sign a certificate with it

Create a 2048 bit RSA private key
$ openssl genrsa -out ca.key 2048

Its' also possible to generate an encrypted RSA key with the following options
-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea

  
## reboot.yml
- hosts: all
  become: yes
  gather_facts: no
  remote_user: cloud-user
  tasks:
	#!/usr/bin/bpftrace

	BEGIN
	{
	printf("Tracing masked_flow_lookup... Hit Ctrl-C to end\n");
	}

	kprobe:masked_flow_lookup{
	@start[tid] = nsecs;
	@count++
	#!/usr/bin/bpftrace

	BEGIN
	{
	printf("Tracing fsync and fdatasync syscalls... Hit Ctrl-C to end.\n");
	}

	tracepoint:syscalls:sys_enter_fsync,
	tracepoint:syscalls:sys_enter_fdatasync /pid==4320/ {
	@start[tid] = nsecs;
	for p in $(oc get pod -o name -l app=ovnkube-master); do
	oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 2000
	oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 4000
	oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 8000
	oc exec -n openshift-ovn-kubernetes -c nbdb $p -- ovn-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/change-election-timer OVN_Northbound 16000
	oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-election-timer OVN_Southbound 2000
	oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-election-timer OVN_Southbound 4000
	oc exec -n openshift-ovn-kubernetes -c sbdb $p -- ovn-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/change-electio
	for p in $(oc get pod -o name -l app=ovnkube-master -n openshift-ovn-kubernetes -o name); do
	oc exec -c nbdb ${p} -- sh -c "ovn-kube-util ovn-db-exporter &"
	done

	oc apply -f - << EOF
	apiVersion: monitoring.coreos.com/v1
	kind: ServiceMonitor
	metadata:
	labels:
	app: ovnkube-master
	root@ip-172-31-71-55: ~ # oc describe svc router-default
	Name: router-default
	Namespace: openshift-ingress
	Labels: app=router
	ingresscontroller.operator.openshift.io/owning-ingresscontroller=default
	router=router-default
	Annotations: service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2
	root@ip-172-31-72-85: ~/workloads-shorcuts # oc describe svc -n openshift-ingress router-default
	Name: router-default
	Namespace: openshift-ingress
	Labels: app=router
	ingresscontroller.operator.openshift.io/owning-ingresscontroller=default
	router=router-default
	Annotations: service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: 2
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: 5
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: 4
	service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: 2

	sh-4.2# ovn-trace --ct=trk,est --detailed ip-10-0-165-188.us-west-2.compute.internal 'inport == "openshift-ingress_router-default-6cbfff9f69-g5dwj"
	&& eth.src == 9a:90:f0:83:04:0a &&
	eth.dst == 0A:58:0A:83:04:01 &&
	ip4.src == 10.131.4.9 &&
	ip4.dst == 10.128.2.31 &&
	- hosts: all
	become: yes
	gather_facts: no
	remote_user: cloud-user
	tasks: