Skip to content

Instantly share code, notes, and snippets.

View ripienaar's full-sized avatar

R.I.Pienaar ripienaar

3.1k followers · 0 following
View GitHub Profile
@ripienaar
ripienaar / nc_latency_test.go
Created March 23, 2023 13:44
package main
import (
"context"
"fmt"
"github.com/choria-io/fisk"
"github.com/nats-io/jsm.go/natscontext"
"github.com/nats-io/nats.go"
"os"
"os/signal"
@ripienaar
ripienaar / 1_app.yaml
Last active June 30, 2022 12:39
name: demo
description: Demo application for Choria App Builder
author: https://github.com/choria-io/appbuilder
commands:
- name: say
description: Say something using the configured command
type: exec
command: |
{{ default .Config.Cowsay "cowsay" }} {{ .Arguments.message | escape }}
@ripienaar
ripienaar / gist:e8aaa8547e1232e9f77b130f2e0931e4
Created March 18, 2021 15:24
Server information for broker-broker-2.broker-broker-ss.choria.svc.cluster.local (ND5KNTKGIJIDQ6SXFIVHM7WOWALPSO5XHBTUANVLNPCUMZNSSHOZ4CAU)
Process Details:
Version: 2.2.1
Git Commit:
Go Version: go1.16.2
Start Time: 2021-03-18 14:56:51.576983822 +0000 UTC
Uptime: 27m6s
@ripienaar
ripienaar / gist:980de4797a467961f7c50167f5c96362
Last active March 18, 2021 15:23
[rip@dev1]% nats --context system.ams server list 3 <16:21:16
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Server Overview |
+-----------------------------------------------------------+------------+----------------------+---------+----+-------+------+--------+-----+---------+-----+------+--------+-------------+
| Name | Cluster | IP | Version | JS | Conns | Subs | Routes | GWs | Mem | CPU | Slow | Uptime | RTT |
+-----------------------------------------------------------+---------
@ripienaar
ripienaar / gist:aa7db58d36133baa0a7a0c70aa3a6ff5
Created March 18, 2021 15:21
{
"type": "io.nats.server.advisory.v1.client_disconnect",
"id": "DncyzipRGFfASo0FGtr3F8",
"timestamp": "2021-03-18T15:20:58.553514622Z",
"server": {
"name": "broker-broker-2.broker-broker-ss.choria.svc.cluster.local",
"host": "choria.example.net",
"id": "ND5KNTKGIJIDQ6SXFIVHM7WOWALPSO5XHBTUANVLNPCUMZNSSHOZ4CAU",
"cluster": "CHORIA",
"ver": "2.2.1",
@ripienaar
ripienaar / mail.txt
Created January 22, 2021 19:20
/etc/puppetlabs/mcollective/client.cfg
loglevel = debug
> mco puppet status
debug 2021/01/21 16:52:15: pluginmanager.rb:162:in `loadclass' Loading Mcollective::Facts::Yaml_facts from mcollective/facts/yaml_facts.rb
debug 2021/01/21 16:52:15: pluginmanager.rb:43:in `<<' Registering plugin facts_plugin with class MCollective::Facts::Yaml_facts single_instance: true
debug 2021/01/21 16:52:15: pluginmanager.rb:162:in `loadclass' Loading Mcollective::Connector::Nats from mcollective/connector/nats.rb
debug 2021/01/21 16:52:15: cache.rb:117:in `block in ttl' Cache miss on 'ddl' key 'connector/nats'
debug 2021/01/21 16:52:15: base.rb:100:in `block in findddlfile' Found nats ddl at /opt/puppetlabs/mcollective/plugins/mcollective/connector/nats.ddl
@ripienaar
ripienaar / execution.txt
Created January 18, 2021 20:23
$ cat list
n1.example.net
n2.example.net
$ ./test --nodes list <21:21:44
Discovering nodes .... 2
2 / 2 0s [====================================================================] 100%
n1.example.net
@ripienaar
ripienaar / gist:cc498b6790fae0af393a2b606eb9b8b7
Created January 8, 2021 18:30
&ApiError{Code: 503, Description: "jetstream not enabled for account"}
&ApiError{Code: 400, Description: "bad request"}
&ApiError{Code: 400, Description: "expected an empty request payload"}
&ApiError{Code: 400, Description: "invalid JSON received in request"}
&ApiError{Code: 400, Description: "template name in subject does not match request"}
&ApiError{Code: 400, Description: "stream name in subject does not match request"}
&ApiError{Code: 400, Description: "stream name in subject does not match request"}
&ApiError{Code: 403, Description: "not allowed to delete internal stream"}
&ApiError{Code: 400, Description: fmt.Sprintf("sequence [%d] not found", req.Seq)}
&ApiError{Code: 400, Description: fmt.Sprintf("stream [%q] already exists", stream)}
@ripienaar
ripienaar / gist:34ae54cc1543bc5c12f3eac386a98a6e
Created September 17, 2020 13:36
[rip@dev1]% nats server list --user system <15:24:12
+----------------------------------------------------------------------------------------------------------------------------+
| Server Overview |
+--------+------------+-----------+---------------+-------+------+--------+-----+---------+-----+------+--------+------------+
| Name | Cluster | IP | Version | Conns | Subs | Routes | GWs | Mem | CPU | Slow | Uptime | RTT |
+--------+------------+-----------+---------------+-------+------+--------+-----+---------+-----+------+--------+------------+
| nc1-c1 | c1 | localhost | 2.2.0-beta.23 | 1 | 71 | 2 | 2 | 9.1 MiB | 0.0 | 0 | 12m31s | 3.573146ms |
| nc2-c1 | c1 | localhost | 2.2.0-beta.23 | 0 | 71
@ripienaar
ripienaar / anontls.md
Last active August 26, 2020 09:34

Certificate free TLS when using Choria AAA

One mainly would use the AAA server when there isn't a managed CA like the one from Puppet easily available, typically clients in that scenario has a desire to have no certificates at all - just a choria client.

We therefor need to support anonymous TLS where the connection is still encrypted using TLS but it's not verified.

When supporting this mode it's very important that the core Choria network does not run in downgraded security mode, so we will use a NATS technology called leafnodes to create a dedicated Choria Broker these clients would