Skip to main content

Hubot and Hipchat

Many of us have struggle with concept of L1, and L2 support and maintenance which can be very expensive and transitioning is a living hell. What we wish is the ability for both of them to work together and make a smooth transition.

So I have started to think it would be cool to make this happen for a organization which runs 1200+ servers and have teams to support product and infra both. The Idea was to start with collaboration between teams which can be extended to request and support basis. To extend it further we discovered  that product team works for 24x7 and infra team is 18x7. Now it is important to design it in a way that product team can manage it 24x7 with minimum and no help from infra team(L2). 

Solution:

Solution was to use a collaboration tool which supports API for our tools to maintain alert level. For that please refer my previous blog describing configuration of Icinga and Hipchat. Next logical step is to configure hipchat to support robot system which can perform housekeeping like infra, with appropiate roles and permission. This is where we discovered Hubot a robot which can respond to certain request on chat channels. An opensource tool written in NodeJS, with a community support. So we can pretty much do anything that NodeJS has to offer us. 

Installation of Hubot: 
In order to install hubot we need to install NodeJS+Npm first, which is out of scope of this document. We are going to use Redis-brain so we need to install redis-server as well. With this little pre-configuration lets start the installation of hubot:   


  1. npm install -g coffee-script
  2. sudo apt-get install redis-server
  3. npm install -g hubot
  4. hubot -v # to verify
  5. apt-get install libexpat1-dev libicu-dev
  6. npm install --save hubot-hipchat
  7. npm install -g yo
Steps above will allow you to install hubot, now we need to write our scripts to support our requirements. Now I am hoping that you might be having a configuration tool to manage this infra already, it could be anything from Puppet, CHEF, Ansible to in house tool. If you are not having any such tool, well life pretty much sucks. 


Now i am presuming that you do not have any such tools in place, then your system admin is a traditional system admin, aka GOD. Let write a custom script for GOD,

Lets create a file in script folder inside hubot and name it execute-script.coffee

util= require 'util'
fs = require 'fs'
path= require 'path'
module.exports = (robot) ->
    robot.respond /execute-command (.*?)( on (.*))?$/i, (msg) ->
        msg.send "MSG_ENVELOPE: #{msg.envelope.user.roles} #{process.env.HUBOT_AUTH_ADMIN} "
        if robot.auth.hasRole(msg.envelope.user,'superadmin')
            # msg.send "Command is :  #{msg.match[1]} for host: #{msg.match[3]}"
            #command = "ssh hubot@#{msg.match[3]} #{msg.match[1]}"
            command = "parallel-ssh -i  -O StrictHostKeyChecking=no  -l hubot -H \"#{msg.match[3]}\" -v -i \"#{msg.match[1]}\" "
            @exec = require('child_process').exec
            msg.send "This is the command #{command}."

            @exec command, (error, stdout, stderr) ->
                msg.send error
                msg.send stdout
                msg.send stderr
        else 
            msg.send "To execute these commands you need to be part of superadmin group"
This small script will allow you to login into any of the system in infra controlled by ssh keys and and hubot group role. Of course you have to install role module given by hubot first. 


# npm install "hubot-auth" --save

The above will write the code to package.json and manage an entry inside external-scripts.json file as well.
Lets test it now,


Since this is configured with paralled-ssh this will allow you to manage whole set of servers using their ip. This gives us some control and audit out of box with custom roles based on room and role. 

Happy chatting. 

Labels:

Comments

Post a Comment

Popular posts

Mysql Scripts in Linux Command Line Terminal

In MySQL user always tries to connect with the server via command line interface such as remote login like 'ssh' then they troubled themselves in using graphical interface and get the required output quickly. So they need to automate that task. In this Blog I am going to suggest you a way to do this ... First of all we need to know that a MySQL service is kept in /etc/init.d/mysqld and we need to invoke that in order to use mysql server and client. To do this use following command in terminal : service /etc/init.d/mysqld start or service mysqld start When mysql server is started make a directory like /home/anduril/shubham_Script and after entering into that directory use this command in your terminal. vi connect_string.sh It will create a file with the name connect_string.sh you can give any name you want. Press 'i' to edit and enter the following text : mysqlshow -u root -proot mysqladmin version -u root -proot mysqladmin variables -u root -proot mysqladmin ping -u roo...
Post a Comment
Read more

Change password of mysql users

Change MySQL user's password in bulk Sometimes we need to change the password of mysql users at bulk. Lets say your company has fired a group of peoples or dissolved a project. This requirement can be supplied as : We can achieve the same by changing the password field in mysql.user table. Password() is a predifined method in mysql which generates encrypted value of a certain string. host update mysql.user set password = PASSWORD("passwd") where host IN (<Comma separated list of HostName/IP>); user update mysql.user set password = PASSWORD("passwd") where user IN (<Comma separated list of ‘user’@’host’>);
Post a Comment
Read more

Using except command with bash

1.Use the interpreter for bash at first line . #!/bin/bash 2. Use variables as per requirement and pass it to except if needed. HOST="localhost" USER="chitti" PASS="123" CMD=$@ 3. Use expect script as required. XYZ=$(expect -c " spawn ssh $USER@$HOST expect \"password:\" send \"$PASS\r\" expect \"\\\\$\" send \"$CMD\r\" expect -re \"$USER.*\" send \"logout\" ") 4.Print the result of except using echo like echo "${XYZ}"
Post a Comment
Read more

Helm generic springboot templates

With the dramatically increasing demand for container orchestration specifically Kubernetes, demand to template K8S manifests(Json/Yaml) also came to light. To handle increasing manifests, new CRDs(Custom resource definition), etc… it became obvious that we need a package manager somewhat like yum, apt, etc… However, the nature of Kubernetes manifest is very different than what one used to have with Yum and Apt. These manifests required a lot of templates which is now supported by Helm, a tool written in GoLang with custom helm functions and pipelines. Neutral background on templating Templating has been a driver for configuration management for a long time. While it may seem trivial for users coming from Ansible, Chef, Puppet, Salt, etc…, it is not. Once one moves to Kubernetes, the very first realization is hard declarative approach that Kubernetes follows. It is difficult to make generic templating with declarative form since each application may have some unique feature and r...
Post a Comment
Read more

Allowing users to have ssh access

Allowing users to have ssh access Hi Readers, It is one of the tasks we need to complete in order to allow users to log-in into your server without compromising your security. We are going to accomplish the following tasks, 1.) Allow the users for given domain only 2.) Must allow access to a given domain 3.) Block access for a specific domain. These questions are asked in RedHat certification examination RHCE6 We are going to complete the above mention task using iptables To give proper example we are taking 192.168.20.0/255.255.255.0 as our domain and 192.168.21.0/255.255.255.0 as other domain. Assuming that your system is a fresh installation we can remove all rules previously applied. # iptables -F  The above mention command will flush all the previously applied rules. Insert a rule in your input chain by below mention command, # iptables -I INPUT -s <ip of your domain>/<subnet mask> -p <protocal tcp/udp> --dport <port> -...
Post a Comment
Read more

Enter your email address: