pingmany, simple bash script to ping a bunch of hosts

It came up twice that I had to do this, so I decided to see if I could make something simple that solved my problem. I'm sure there's a project to do this already, but here goes. I have a list of machines, I want to see if they respond to a ping so I can determine if they are up or not.

Downloading a file from github enterprise (authenticated/ssl) on Windows using Powershell

I need to download a script from github but I don't have git on the windows machines, on Linux I just used curl -u, for windows it needed more than a one liner.
Here's what I came up with, we have self signed certs so I need to fool System.Net into thinking all certs are good, that's a one liner:

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

Puppet in the Enterprise / Mastering Puppet

Tutorial I gave at LISA 2014

This is a talk about running puppet in the enterprise, or at scale. The original title of Mastering Puppet was Puppet in the Enterprise, the talk was to present the ideas in the book.

The tutorial files are located on github at:

Who's checking in, the mcollective trick.

This keeps coming up so I thought I'd share one trick we've used to figure out if there are stale nodes out there. These are nodes that are failing to update for various reasons that won't be reported in your reporting mechanism. One of the common causes is an expired or revoked certificate. The agent never gets far enough to report a failure.

mcollective and activemq the 800 node limit

I've been running into the 800 node limit on mcollective and splitting up my nodes into subcollectives. I had a spot where I couldn't split up the nodes, so I started looking at why we were hitting this 800 node wall.

Foreman ruby api adding node to hostgroup or puppetclasses to node

I wanted to apply puppet classes to a node using a script, I started looking at the foreman REST API but stumbled upon the foreman_api ruby. I specified hostgroups in foreman and added puppet classes to the hostgroups. The idea is that I want to be able to change the hostgroups using a script.

Running things through irb this is what I came up with for changing the hostgroups.

Why is everyone using sudo wrong? Or is it me?

While configuring OMD (yes, Orchestral Manoeuvers in the Dark, no, not really) I ran into a point at which apache was supposed to run as the OMD user for check_mk. Hard coded into the check_mk configuration is a call to

sudo su - <omduser> check_mk -c check_mk\ --automation\ *

making an xml of facts on the system

I'm not sure of the utility of this, but maybe it'll be useful to someone else. I was requested to output all the facts from a system in xml, not wanting to type much I made the following script...

#!/usr/bin/env ruby
require 'facter'
require 'rubygems'
require 'activesupport'
facts = {}
for fact in Facter.list.sort

Using iptables to proxy a port on a remote machine on a different network


machine A ( provides resource A on port 8888
machine B ( needs to access resource A

without modifying machine B (not allowed), create machine C and have any traffic to machine C on port 8888 forwarded to machine A. Then tell machine B that machine C is machine A and nobody is the wiser. None of the examples I found online had this working properly.

rsync between hosts using commands embedded into authorized_keys (ssh-keys)

I routinely used to transfer data between systems using rsync. Since I wanted the communication to be secure I used ssh-keys, I noticed that my trick for using a command in the key isn't terribly well documented, so here is how I do it...

Goal: Keep /opt/before on machine B in sync with /opt/after on machine A.

On machine A, create an ssh key for this