Srinivasan Mohan srinivasmohan
srinivasmohan
/ deb_via_dpkg.rb
Created
September 1, 2012 00:07
Install local deb file via dpkg_package in Chef recipe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cookbook_file "/var/chef-package-cache/glusterfs_3.2.1-1_amd64.deb" do | |
| source "glusterfs_3.2.1-1_amd64.deb" | |
| owner "root" | |
| group "root" | |
| mode "0444" | |
| end | |
| #The following did'nt work. | |
| dpkg_package "glusterfs" do | |
| case node[:platform] |
srinivasmohan
/ haproxy_stats.cfg
Created
August 29, 2012 21:38
Sample config to get HA Proxy stats view
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Admin stats - Make admin stats available on http://haproxyservername:8080/statspath/ for user admin | |
| # Assuming port 8080 is free on your haproxy.cfg, add this block to make stats available. | |
| listen admin_stats 0.0.0.0:8080 | |
| mode http | |
| stats uri /statspath | |
| stats realm Global\ statistics | |
| stats auth admin:SOMEPASSWORD |
srinivasmohan
/ haproxy_nagios.cfg
Created
August 29, 2012 21:31
Nagios config blocks for check_haproxy_all.pl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Add to commands.cfg: | |
| #Note that I have the password to http://haproxyname:8080/statspath defined in resources.cfg as USER6 | |
| #And the perl script must be chmodded 555 or even better chowned to nagios:nagios and chmodded 550 | |
| define command{ | |
| command_name poll_haproxy_consolidated | |
| command_line /etc/nagios3/scripts/check_haproxy_all.pl -U $ARG1$ -u $ARG2$ -a $ARG3$ -P $USER6$ | |
| } | |
| # Add to hosts.cfg: | |
| #Add a template called external-hosts - I use this for hosts that need not be health checked at host level |
srinivasmohan
/ check_haproxy_all.pl
Created
August 29, 2012 21:16
Nagios check script to consolidate stats from multiple HAProxy servers and return summary of stats data for performance graphinc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| # | |
| #This polls multiple haproxy servers via their admin stats urls and sums up statistics. | |
| #Scenario for usage is when you have multiple HaProxy boxes behind a load balancer and want to view the | |
| # "sum total" of some key statistics like Bytes In/Out, Sessions etc across all HAProxy servers. | |
| #Usage: Assuming you want to sum up stats across ha proxies lb1,2 and 3 which are have stats available via http://lbname:8080/statspath. | |
| # /etc/nagios3/scripts/check_haproxy_all.pl -u lb1.domain.com,lb2.domain.com,lb3.domain.com -U admin -a '/statspath' -P 'PASSWORD' | |
| # See http://www.onepwr.org/haproxy-consolidated-stats for detailed info. | |
| use strict; # always! :) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1.2.3.4 4.5.6.7: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING' | |
| 4.5.6.7 1.2.3.4: PSK 'REPLACE_WITH_A_COMPLEX_HARD_TO_GUESS_STRING' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle. | |
| #This is the config for the US-East Openswan. For the west side openswan config, swap the left and right values accordingly. | |
| conn eastwest | |
| authby=secret | |
| auto=start | |
| type=tunnel | |
| #Left is "this" side | |
| left=172.18.0.254 | |
| leftid=4.5.6.7 | |
| leftsubnet=172.18.0.0/16 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Base ipsec.conf for openswan | |
| #See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle. | |
| version 2.0 # conforms to second version of ipsec.conf specification | |
| config setup | |
| nat_traversal=yes | |
| oe=off | |
| protostack=netkey | |
| #klipsdebug=all | |
| #plutodebug=all | |
| include /etc/ipsec.d/*.conf |
srinivasmohan
/ configure-pat.sh
Created
August 20, 2012 22:34
configure-pat.sh for VPC NAT Instance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Configure the instance to run as a Port Address Translator (PAT) to provide | |
| # Internet connectivity to private instances. | |
| # This is pretty much the same as the configure-pat.sh script from a AWS AmazonLinux NAT instance except that we tweak | |
| #the iptables rule to NOT NAT traffic that has to flow over the VPN but NAT anything that does'nt match our remote ends | |
| #VPC CIDR value. This way access to remote subnet over VPN will be normally routed and not NATted to IP of our NAT instance. | |
| #E.g. in this script, the assumption is that the VPC CIDR for the "other" end is 172.19.0.0/16. YMMV. | |
| #See http://www.onepwr.org/2012/08/20/link-amazon-vpcs-over-a-ipsec-site-to-site-vpn/ for full atricle. | |
| # Srinivas - 20120820. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| net.ipv4.ip_forward=1 | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.all.send_redirects = 0 | |
| net.ipv4.conf.default.send_redirects = 0 | |
| net.ipv4.conf.eth0.send_redirects = 0 | |
| net.ipv4.conf.default.accept_redirects = 0 | |
| net.ipv4.conf.eth0.accept_redirects = 0 |
srinivasmohan
/ chefsvr-nginx-ssl.conf
Created
August 15, 2012 22:30
Nginx SSL Hosts config to make chefs web GUI and REST API available over SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ###Nginx config to make Chef servers WebGUI (localhost:4040) and | |
| ###REST API (localhost:4000) both available over SSL in the same vhost. | |
| #If your SSL certificate requires a CA Cert bundle, then you may also need to install/symlink a copy of the | |
| #bundle pem in folder /etc/ssl/certs/ and run "c_rehash /etc/ssl/certs/" on the machines that | |
| #need to access these SSL endpoints. | |
| # This is typically needed for RapidSSL/Geotrust issued SSL certificates, YMMV. | |
| #I have these upstreams in the main nginc.conf: | |
| #rest api | |
| upstream chef_webui { |