Chris Clarke xofer

## 0-storm-proxy-readme.md

      
              2 files
            
          
              0 forks
            
          
              0 comments
            
          
              6 stars
            
          
                xofer
                / 0-storm-proxy-readme.md
            
            
              Last active
              June 28, 2021 11:43
            
              
                Storm UI Nginx conf for Nimbus with logviewer proxy
              
          
    We have a setup that I assume is quite common: A publicly accessible Nimbus running Storm UI. The worker
nodes can only be accessed from the Nimbus (via the LAN). All the nodes have internal DNS names (i.e.
node.lan.example.com), which is set in the configuration files; they use these DNS names to reach each
other. The Nimbus has an external DNS name (storm.example.com) for public access. The Nimbus's UI is
behind an Nginx proxy, which provides HTTP Auth and HTTPS.
Because of this setup, the logviewer links in the UI do not work. In order to fix this, we employ an
elaborate hack shown in the conf file below. It uses ngx_http_substitutions_filter_module
to rewrite content returned by the Storm UI and some complicated URL rewrite tricks to proxy the workers'
logviewers through through the Nimbus.

  
## ufw-reset.bash
#!/bin/bash
set -e

ufw disable
iptables -F
iptables -X
ip6tables -F
ip6tables -X
ufw --force enable

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                xofer
                / keybase.md
            
            
              Created
              December 7, 2015 16:33
            
          
    Keybase proof

I hereby claim:

I am xofer on github.
I am xofer (https://keybase.io/xofer) on keybase.
I have a public key whose fingerprint is 540B 21C1 F623 46FC 8B1A  2FE4 4775 2B90 BC19 EC8C

To claim this, I am signing this object:

  
## hostkey.sh
hostkey () {
  for HOST in "$@"; do
    LIST=$HOST
    PARTS=(${HOST//./ })
    if [[ ${#PARTS[*]} -gt 2 && "${PARTS[0]}" != "$HOST" ]]; then
      LIST="$LIST ${PARTS[0]}"
    fi
    IP=$(dig +short $HOST)
    if [ -n "$IP" ]; then
      LIST="$LIST $IP"

## ebs.rb
    ruby_block "wait for #{device_id}" do
      block do
        count = 1
        loop do
          if File.blockdev?(device_id) or count >= 10
            break
          else
            Chef::Log.info("device #{device_id} not ready - sleeping 10s")
            sleep 10
            count += 1

## bash_aliases
alias vadd='vagrant box add'
alias vhalt='vagrant halt'
alias vpro='vagrant provision'
alias vssh='vagrant ssh'
alias vup='vagrant up --no-provision'
	#!/bin/bash
	set -e

	ufw disable
	iptables -F
	iptables -X
	ip6tables -F
	ip6tables -X
	ufw --force enable
	hostkey () {
	for HOST in "$@"; do
	LIST=$HOST
	PARTS=(${HOST//./ })
	if [[ ${#PARTS[*]} -gt 2 && "${PARTS[0]}" != "$HOST" ]]; then
	LIST="$LIST ${PARTS[0]}"
	fi
	IP=$(dig +short $HOST)
	if [ -n "$IP" ]; then
	LIST="$LIST $IP"
	ruby_block "wait for #{device_id}" do
	block do
	count = 1
	loop do
	if File.blockdev?(device_id) or count >= 10
	break
	else
	Chef::Log.info("device #{device_id} not ready - sleeping 10s")
	sleep 10
	count += 1
	alias vadd='vagrant box add'
	alias vhalt='vagrant halt'
	alias vpro='vagrant provision'
	alias vssh='vagrant ssh'
	alias vup='vagrant up --no-provision'