sharmaansh21

#!/usr/bin/env python
# -*- coding: utf-8 -*-
# Run with
#     sudo consul watch -type=service -service=redis ./consul-iptables.py

import json
import subprocess
import sys

def main():

sharmaansh21

• Node - a physical or virtual machine that hosts services
  • Nodes also referred to as members.
  • Examples
    • Your computer
    • An AWS EC2 instance
    • A bare metal machine in your private data center
• Service - executing software that provides utility via an interface
  • Typically long-lived process listening on a port(s)
  • Examples
• A web server (nginx, apache, iis)

sharmaansh21

# How to encrypt/decrypt your text/blob secret with AWS KMS with AWS cli

KEY_ID=alias/my-key
SECRET_BLOB_PATH=fileb://my-secret-blob
SECRET_TEXT="my secret text"

ENCRYPTED_SECRET_AS_BLOB=encrypted_secret_blob
DECRYPTED_SECRET_AS_BLOB=decrypted_secret_blob  # Result of decrypt-blob target

encrypt-text:

sharmaansh21

/*
The code below shows how to encrypt and then decrypt some plaintext into a cyphertext using
KMS's Encrypt/Decrypt functions and secretbox (https://godoc.org/golang.org/x/crypto/nacl/secretbox).

The plaintext message is sealed into a secretbox using a key that is generated by kmsClient.GenerateDataKey().
Note that this procedure reuquires that a master key would *already exist in KMS* and that its arn/alias is specified.
The aws library assumes that the proper credentials can be found in the shared file (~/.aws/credentials)
and opts for the 'default' role.

Once sealed, the cyphertext is then unboxed, again by first getting the key from kms (kmsClient.Decrypt),

sharmaansh21

elasticsearchのindexを定期的にcronを使用して削除するscript。

indexにTTLを設定すればいいじゃないかという指摘もありそうですが、
公式ブログに大量のログを保存するときは、TTL設定しているとオーバーヘッドが大きいと書いてあったので、
cronで消すようにします。
http://www.elasticsearch.org/tutorials/using-elasticsearch-for-logs/

Curatorを使えばこういったことも楽にできそうではあるが、
わざわざそのためにPythonをいじるのもアレなので、簡単にシェルスクリプトで書いてみました。

sharmaansh21

#!/bin/bash
# vim: softtabstop=4 shiftwidth=4 expandtab fenc=utf-8 spell spelllang=en cc=120

set -e

# Check Ubuntu release
[ "$(lsb_release -sc)" = "trusty" ] || {
    echo 'This script should be run on Ubuntu 14.04.' >&2
    exit 1
}

sharmaansh21

Customer Scenario

A customer has a Chef Server 12 (HA - DRBD) in Production. They want to test an in-place upgrade (or maintenance) using their current OPC Production data and config. This gives us a good chance to make corrections if we find that their data is too broken for the migrations to handle, and gives the customer experience in managing the upgrade in Production.

The sequence of events will broadly be these:

• Install the same version of Chef Server on the target HA Test cluster
• Restore data from Production instance backup (LVM snapshot or full-stop backup)
• Test

sharmaansh21

# -*- mode: ruby -*-
# vi: set ft=ruby :

boxes = [
  {
    name: "server1.local",
    eth1: "192.168.0.101",
    mem: 1024,
    cpu: 1
  },

sharmaansh21

'Update or create a stack given a name and template + params'
from __future__ import division, print_function, unicode_literals

from datetime import datetime
import logging
import json
import sys

import boto3
import botocore

sharmaansh21

-- This creates an athena table that can parse ALB logs.
-- Advantage of this over others are this works when the log ends with a trailing space
-- plus it also breaks the http request into route and params for easier grouping

CREATE EXTERNAL TABLE IF NOT EXISTS alb_logs (
    type string, 
    timestamp string, 
    elb string, 
    client_ip string, 
    client_port int,