Srinivasan Mohan srinivasmohan

## check_haproxy_all.pl
#!/usr/bin/perl -w
#
#This polls multiple haproxy servers via their admin stats urls and sums up statistics.
#Scenario for usage is when you have multiple HaProxy boxes behind a load balancer and want to view the
# "sum total" of some key statistics like Bytes In/Out, Sessions etc across all HAProxy servers.
#Usage: Assuming you want to sum up stats across ha proxies lb1,2 and 3 which are have stats available via http://lbname:8080/statspath.
# /etc/nagios3/scripts/check_haproxy_all.pl -u lb1.domain.com,lb2.domain.com,lb3.domain.com -U admin  -a '/statspath' -P 'PASSWORD'
# See http://www.onepwr.org/haproxy-consolidated-stats for detailed info.

use strict; # always! :)

## haproxy_nagios.cfg
#Add to commands.cfg:
#Note that I have the password to http://haproxyname:8080/statspath defined in resources.cfg as USER6
#And the perl script must be chmodded 555 or even better chowned to nagios:nagios and chmodded 550
define command{
    command_name    poll_haproxy_consolidated
    command_line /etc/nagios3/scripts/check_haproxy_all.pl -U $ARG1$ -u $ARG2$ -a $ARG3$ -P $USER6$
}

# Add to hosts.cfg:
#Add a template called external-hosts - I use this for hosts that need not be health checked at host level

## update_hosts.sh
#!/bin/bash
#/etc/network/if-up.d/update_hosts
set -e
#Variable IFACE is setup by Ubuntu network init scripts to whichever interface changed status.
[ "$IFACE" == "eth0" ] || exit

myname=`cat /etc/hostname`
shortname=`cat /etc/hostname | cut -d "." -f1`
hostsfile="/etc/hosts"
#Knock out line with "old" IP

## configure-pat.sh
#!/bin/bash

# Configure the instance to run as a Port Address Translator (PAT) to provide
# Internet connectivity to private instances.
# This is pretty much the same as the configure-pat.sh script from a AWS AmazonLinux NAT instance except that we tweak
#the iptables rule to NOT NAT traffic that has to flow over the VPN but NAT anything that does'nt match our remote ends
#VPC CIDR value. This way access to remote subnet over VPN will be normally routed and not NATted to IP of our NAT instance.
#E.g. in this script, the assumption is that the VPC CIDR for the "other" end is 172.19.0.0/16. YMMV.
#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle.
# Srinivas - 20120820.

## hipchat_notify.rb
#!/usr/bin/ruby
require 'rubygems'
require 'hipchat-api'
require 'getopt/long'
require 'socket'
require 'erb'

#Do not modify these constants! (after you set these up, of course)
HipApiKey='ABCDEFGHKJHKJHKJHKJH'
Room='Nagios'

## thumbnail.rb
#!/usr/bin/ruby

require "streamio-ffmpeg"

class Video
  def initialize(f="", outf="./", at=[20, 50, 80])
    @video=FFMPEG::Movie.new(f)
    @at=at.map { |x| (@video.duration*x/100).to_i}
    $stderr.puts "Video #{f} (#{@video.duration} secs) - Screenshots at #{@at.inspect}"
  @outf=outf

## chef_server_backup.rb
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

## chefsvr-nginx-ssl.conf
###Nginx config to make Chef servers WebGUI (localhost:4040) and
###REST API (localhost:4000) both available over SSL in the same vhost.
#If your SSL certificate requires a CA Cert bundle, then you may also need to install/symlink a copy of the
#bundle pem in folder /etc/ssl/certs/ and run "c_rehash /etc/ssl/certs/" on the machines that
#need to access these SSL endpoints.
# This is typically needed for RapidSSL/Geotrust issued SSL certificates, YMMV.

#I have these upstreams in the main nginc.conf:
#rest api
upstream chef_webui {

## versal-ubuntu1204lts.sh
#!/bin/bash

#Run this on AMI ami-7e2da54e in us-west-2 (Supply this script as userdata) and build an AMI from the resulting instance.
#VPC Bootstrap User-data script generated at 2013-10-09 16:56:44 -0700
function logmsg {
echo "CHEF-VPC-INIT: $1"
}

CHEF_VERSION=11.6.0
RUBY_GEM_VER=1.8.25

## uri-encode
[smohan@dhcpa-111 ~]$ irb
irb(main):001:0> require 'uri'
=> true
irb(main):002:0> p URI::Parser.new.regexp[:UNSAFE]
/[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]]/
=> /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]]/
irb(main):003:0> p Regexp.union([URI::Parser.new.regexp[:UNSAFE],'~','@'])
/(?-mix:[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]])|~|@/
=> /(?-mix:[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]])|~|@/
irb(main):004:0>
	#!/usr/bin/perl -w
	#
	#This polls multiple haproxy servers via their admin stats urls and sums up statistics.
	#Scenario for usage is when you have multiple HaProxy boxes behind a load balancer and want to view the
	# "sum total" of some key statistics like Bytes In/Out, Sessions etc across all HAProxy servers.
	#Usage: Assuming you want to sum up stats across ha proxies lb1,2 and 3 which are have stats available via http://lbname:8080/statspath.
	# /etc/nagios3/scripts/check_haproxy_all.pl -u lb1.domain.com,lb2.domain.com,lb3.domain.com -U admin -a '/statspath' -P 'PASSWORD'
	# See http://www.onepwr.org/haproxy-consolidated-stats for detailed info.

	use strict; # always! :)
	#Add to commands.cfg:
	#Note that I have the password to http://haproxyname:8080/statspath defined in resources.cfg as USER6
	#And the perl script must be chmodded 555 or even better chowned to nagios:nagios and chmodded 550
	define command{
	command_name poll_haproxy_consolidated
	command_line /etc/nagios3/scripts/check_haproxy_all.pl -U $ARG1$ -u $ARG2$ -a $ARG3$ -P $USER6$
	}

	# Add to hosts.cfg:
	#Add a template called external-hosts - I use this for hosts that need not be health checked at host level
	#!/bin/bash
	#/etc/network/if-up.d/update_hosts
	set -e
	#Variable IFACE is setup by Ubuntu network init scripts to whichever interface changed status.
	[ "$IFACE" == "eth0" ] \|\| exit

	myname=`cat /etc/hostname`
	shortname=`cat /etc/hostname \| cut -d "." -f1`
	hostsfile="/etc/hosts"
	#Knock out line with "old" IP
	#!/bin/bash

	# Configure the instance to run as a Port Address Translator (PAT) to provide
	# Internet connectivity to private instances.
	# This is pretty much the same as the configure-pat.sh script from a AWS AmazonLinux NAT instance except that we tweak
	#the iptables rule to NOT NAT traffic that has to flow over the VPN but NAT anything that does'nt match our remote ends
	#VPC CIDR value. This way access to remote subnet over VPN will be normally routed and not NATted to IP of our NAT instance.
	#E.g. in this script, the assumption is that the VPC CIDR for the "other" end is 172.19.0.0/16. YMMV.
	#See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle.
	# Srinivas - 20120820.
	#!/usr/bin/ruby
	require 'rubygems'
	require 'hipchat-api'
	require 'getopt/long'
	require 'socket'
	require 'erb'

	#Do not modify these constants! (after you set these up, of course)
	HipApiKey='ABCDEFGHKJHKJHKJHKJH'
	Room='Nagios'
	#!/usr/bin/ruby

	require "streamio-ffmpeg"

	class Video
	def initialize(f="", outf="./", at=[20, 50, 80])
	@video=FFMPEG::Movie.new(f)
	@at=at.map { \|x\| (@video.duration*x/100).to_i}
	$stderr.puts "Video #{f} (#{@video.duration} secs) - Screenshots at #{@at.inspect}"
	@outf=outf
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	###Nginx config to make Chef servers WebGUI (localhost:4040) and
	###REST API (localhost:4000) both available over SSL in the same vhost.
	#If your SSL certificate requires a CA Cert bundle, then you may also need to install/symlink a copy of the
	#bundle pem in folder /etc/ssl/certs/ and run "c_rehash /etc/ssl/certs/" on the machines that
	#need to access these SSL endpoints.
	# This is typically needed for RapidSSL/Geotrust issued SSL certificates, YMMV.

	#I have these upstreams in the main nginc.conf:
	#rest api
	upstream chef_webui {
	#!/bin/bash

	#Run this on AMI ami-7e2da54e in us-west-2 (Supply this script as userdata) and build an AMI from the resulting instance.
	#VPC Bootstrap User-data script generated at 2013-10-09 16:56:44 -0700
	function logmsg {
	echo "CHEF-VPC-INIT: $1"
	}

	CHEF_VERSION=11.6.0
	RUBY_GEM_VER=1.8.25
	[smohan@dhcpa-111 ~]$ irb
	irb(main):001:0> require 'uri'
	=> true
	irb(main):002:0> p URI::Parser.new.regexp[:UNSAFE]
	/[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]]/
	=> /[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]]/
	irb(main):003:0> p Regexp.union([URI::Parser.new.regexp[:UNSAFE],'~','@'])
	/(?-mix:[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]])\|~\|@/
	=> /(?-mix:[^\-_.!~*'()a-zA-Z\d;\/?:@&=+$,\[\]])\|~\|@/
	irb(main):004:0>