srinivasmohan

#Run this from your Knife folder with "knife exec /pathto/knife_status.rb"
stats=Array.new
sizes=[0,0,0]
TimeFormat="%F %R"
Sep='|'

nodes.all do |thisnode|
  checkintime=Time.at(thisnode['ohai_time']).to_i
  rubyver = thisnode['languages']['ruby']['version']
  recipes = thisnode.run_list.expand(thisnode.chef_environment).recipes.join(",")

srinivasmohan

#!/usr/bin/ruby
require 'rubygems'
require 'hipchat-api'
require 'getopt/long'
require 'socket'
require 'erb'
 
#Do not modify these constants! (after you set these up, of course)
HipApiKey='ABCDEFGHKJHKJHKJHKJH'
Room='Nagios'

srinivasmohan

#!/bin/bash
#/etc/network/if-up.d/update_hosts
set -e
#Variable IFACE is setup by Ubuntu network init scripts to whichever interface changed status.
[ "$IFACE" == "eth0" ] || exit

myname=`cat /etc/hostname`
shortname=`cat /etc/hostname | cut -d "." -f1`
hostsfile="/etc/hosts"
#Knock out line with "old" IP

srinivasmohan

#Knife invocations supply FQDN as the node name at creation time and this becomes hostname( option -N)

execute "Configure Hostname" do
  command "hostname --file /etc/hostname"
  action :nothing
end

#Ensure the hostname of the system is set to knife provided node name
file "/etc/hostname" do
  content node.name

srinivasmohan

###Nginx config to make Chef servers WebGUI (localhost:4040) and 
###REST API (localhost:4000) both available over SSL in the same vhost.
#If your SSL certificate requires a CA Cert bundle, then you may also need to install/symlink a copy of the 
#bundle pem in folder /etc/ssl/certs/ and run "c_rehash /etc/ssl/certs/" on the machines that 
#need to access these SSL endpoints. 
# This is typically needed for RapidSSL/Geotrust issued SSL certificates, YMMV.

#I have these upstreams in the main nginc.conf:
#rest api
upstream chef_webui {

srinivasmohan

net.ipv4.ip_forward=1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0

srinivasmohan

#!/bin/bash

# Configure the instance to run as a Port Address Translator (PAT) to provide 
# Internet connectivity to private instances. 
# This is pretty much the same as the configure-pat.sh script from a AWS AmazonLinux NAT instance except that we tweak 
#the iptables rule to NOT NAT traffic that has to flow over the VPN but NAT anything that does'nt match our remote ends 
#VPC CIDR value. This way access to remote subnet over VPN will be normally routed and not NATted to IP of our NAT instance.
#E.g. in this script, the assumption is that the VPC CIDR for the "other" end is 172.19.0.0/16. YMMV.
#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle.
# Srinivas - 20120820.

srinivasmohan

#Base ipsec.conf for openswan
#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle.
version 2.0 # conforms to second version of ipsec.conf specification
config setup
  nat_traversal=yes
  oe=off
  protostack=netkey
  #klipsdebug=all
  #plutodebug=all
include /etc/ipsec.d/*.conf

srinivasmohan

#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle.
#This is the config for the US-East Openswan. For the west side openswan config, swap the left and right values accordingly.
conn eastwest
  authby=secret
  auto=start
  type=tunnel
  #Left is "this" side
  left=172.18.0.254
  leftid=4.5.6.7
  leftsubnet=172.18.0.0/16

srinivasmohan

1.2.3.4 4.5.6.7: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING'
4.5.6.7 1.2.3.4: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING'