I am not good with Ohai. I would like to know if there is any way to find out all ip address (including own) of nodes from respective subnet through Chef recipe.
I have created one layer in AWS Opswork and want to add each node's ip addr and hostname in the configuration file. Any help will highly appreciated.
So this depends a little bit on if you want to get all the instances in a layer, or all the total instances in your stack.
For the first, something like this - untested! - code for your recipe should work:
my_layer_name = "my_database_layer_or_whatever"
node[:opsworks][:layers][my_layer_name][:instances].each do |current_instance, current_instance_data|
puts node[:opsworks][:layers][my_layer_name][:instances][current_instance][:private_dns_name]
end
Note that this will get you the private dns name - so internal to the OpsWorks network. You may or may not want that - there are a dozen or so other attributes on the object, including the public IP address.
If you wanted to get instances for the entire stack, I'm betting you could loop through node[:opsworks][:layers], as I've looped through the instances here. Just another loop.
Also note this code is for Chef 11. In Chef 12 things have changed a bit.
If you're using Chef 12, I found the documentation on how to use/search the Chef Data Bags for OpsWorks.
Related
I am looking for a basic thing yet I have not found not even a single good documentation on getting it done.
I want to allocate a floating IP, then associate it to a network interface of a droplet other than eth0.
The reason is I want to have the ability to very easily switch from one IP to the other with a programming language.
In a few words, I want to be able to do these two commands and both should provide a different response.
curl --interface eth0 https://icanhazip.com
curl --interface eth1 https://icanhazip.com
Also, I want to know what to do once I release the Floating IP, how do I roll back to the starting point.
All documentation I read, rely heavily on "ip route" and "route", most did not even work, some worked but replaced completely the old IP by the floating and that's not what I want, and also they did not show how to rollback the introduced configuration changes.
Please help, I spent 1 whole day now trying to get this to work for a project, and no results so far.
I guess there is no need to know DigitalOcean, how to make this work on other Cloud Providers would apply here too I think.
Update
After asking this on DigitalOcean community forum (https://www.digitalocean.com/community/questions/clear-guide-on-outbound-network-through-floating-ip), they claim that is not supported, although there may be some solutions to this if somebody can provide such a "hacky" solution I would take it too. Thanks
In the cloud (AWS. GCP etc.) ARP is emulated by the virtual network layer, meaning that only IPs assigned to VMs by the cloud platform can be resolved. Most of the L2 failover protocols do break for that reason. Even if ARP worked,the IP allocation process for these IPs (often called “floating IPs”) would not integrate with the virtual network in a standard way, so your OS can't just "grab" the IP using ARP and route the packets to itself.
I have not personally done this on Digital Ocean, but I assume that you can call the cloud's proprietary API to do this functionality if you would like to go this route.
See this link on GCP about floating IPs and their implementation. Hope this is helpful.
Here's an idea that needs to be tested:
Let's say you have Node1(10.1.1.1/24) and Node2(10.1.1.2/24)
Create a loopback interface on both VMs and set the same IP address for both like (10.2.1.1/32)
Start a heartbeat send/receive between them
When NodeA starts it automatically makes an API call to create a route for 10.2.1.1/32 and points to itself with preference 2
When NodeB starts it automatically makes an API call to create a route for 10.2.1.1/32 and points to itself with preference 1
The nodes could monitor each other to withdraw the static routes if the other fails. Ideally you would need a 3rd node to reach quorum and prevent split brain scenarios, but you get the idea right?
I have a list of IP addresses and a specific subnet which are to be allowed access to webapp. I'm able to loop through the IP restrictions using copy function in ARM templates but I'm unable to add the subnet restriction in the same template. Is there a way I can get through this?
According to this documentation you can define the ipAddress property of IpSecurityRestriction as follows:
CIDR notation such as ipv4/mask (leading bit match) e.g. XX.XXX.XXX.XX/32
pure ipv4 address (in this case SubnetMask property is required )
According to what I understand you should be able to achieve your goal with this. But if you want a stricter answer, please provide a sample input and a sample output.
After going through a lot of docs and blogs, I found no way to achieve it using the same ARM template. In my case, I want to add both IP addresses and a subnet while using a copy function(rather call it an ARM foreach loop). So, for adding multiple IP addresses(which are dynamically fetched within the ARM template from an other resource) and a subnet, I've got it resolved by executing the ARM first(this iterates and adds dynamically fetched IPs) and then a simple Az cmd as below which would add a security restriction to the same web app.
Add-AzWebAppAccessRestrictionRule -ResourceGroupName $ResourceGroupName -WebAppName $WebAppName -Name "subnet rule" -Priority 301 -Action Allow -SubnetName $subnetName -VirtualNetworkName $VnetName
That way both are in place :D
In nginx, in order to listen on a specific interface (on a dual-homed server) you must declare the interface via IP address. Obviously this isn't scalable in a Chef recipe, as you can't have the IP be static but instead point to the server's interface. Is there a way to achieve this?
Chef uses Ohai to gather information about the system. The simple form is node['ipaddress'] which is generally the IP corresponding to the interface with the default route. This might not always be what you want though, so we also have a hash of all interface under node['network']['interfaces'] where you can iterate over them, find the interface you want, and grab its address. Run ohai | less from the command line to see all the data available to you.
As you may assume I need a little assistance here.
I have four routers (TP-Link WDR3600) that I need to use to create an Ad-Hoc network. Currently I am only dealing with two of the four routers for simplicity. All of the routers have OpenWRT Chaos Calmer 15.05 OS installed on them and all of them are running the OLSR routing protocol. My question is super simple but the answer eludes me and I would love some direction on the matter.
How do I get these two (and eventually four) routers to talk to each other using HNA (Host and Network Association) and the setup specified above?
Edit: they need to be connected to each other wirelessly too. End edit.
I have followed this specific guide to the T but as soon as it gets to "HOW TO Step 4" the guide breaks down in terms of application because the file they point to (/etc/olsrd.conf) does not exist in my setup. When continuing anyway and running "olsrd start" it spits out: Notice how it says "Could not find specific config file /etc/olsrd/olsrd.conf" and how that differs from earlier when it asked me to modify "/etc/olsrd.conf"
In addition, the folder "/etc/olsrd" also does not exist in case you are wondering. I'm at a loss regarding this. Does anybody have any input on the matter? I'm certain that I'm missing something simple.
Thanks in advance.
I had to create /etc/olsrd.conf using the template provided and uncomment the third line of /etc/config/olsrd. I would also recommend installing olsrd-mod-httpinfo using opkg like he recommends.
One thing I noticed is that he never specifies giving the wireless interface (wlan0 in my case) an IP address to communicate with the mesh. Since I believe that is required, I had to use LuCI to give the interface an IP. I think I have my setup working but I am trying to get my new OpenWRT node to communicate with my previous DD-WRT nodes right now. Might just have to change them all to OpenWRT since it offers more "customization" due to it's bare-bones type configuration.
Can you try to run :
/usr/sbin/olsrd -d -f /etc/olsrd.conf
I have a network of computers connected in form of a graph.
I want to ping from one computer(A) to another computer(B). A and B are connected to each other through many different ways, but I want to PING via only a particular edges only. I have the information of the edges to be followed during pinging available at both A and B.
How should I do this?
You could source route the ping but the return would choose its own path.
Furthermore, source-routed packets are often filtered due to security concerns. (Not always, they are useful and sometimes even required at edge routers.)
If the machines are under your local administrative control, then you could ensure that source-routed packets are permitted. As long as you are able to start a daemon on machine B, you could also easily enough design your own ping protocol that generates source-routed echo returns.
Well, this is actually done by routing protocols that are configured on the media in between the computers (routers I expect). I think there isn't a way where you can say "use that specific route". The routers have different protocols (OSPF, EIGRP, RIPv2) and they do the load balancing. The only way you would be sure of one specific route is to use static routing, but this isn't dynamically done where your computer decides the route.
This is normal because :
if you would be able to chose a route, DoS would be quite easy to do to kill one route.