Skip to main content

Hubot and Hipchat

Many of us have struggle with concept of L1, and L2 support and maintenance which can be very expensive and transitioning is a living hell. What we wish is the ability for both of them to work together and make a smooth transition.

So I have started to think it would be cool to make this happen for a organization which runs 1200+ servers and have teams to support product and infra both. The Idea was to start with collaboration between teams which can be extended to request and support basis. To extend it further we discovered  that product team works for 24x7 and infra team is 18x7. Now it is important to design it in a way that product team can manage it 24x7 with minimum and no help from infra team(L2). 

Solution:

Solution was to use a collaboration tool which supports API for our tools to maintain alert level. For that please refer my previous blog describing configuration of Icinga and Hipchat. Next logical step is to configure hipchat to support robot system which can perform housekeeping like infra, with appropiate roles and permission. This is where we discovered Hubot a robot which can respond to certain request on chat channels. An opensource tool written in NodeJS, with a community support. So we can pretty much do anything that NodeJS has to offer us. 

Installation of Hubot: 
In order to install hubot we need to install NodeJS+Npm first, which is out of scope of this document. We are going to use Redis-brain so we need to install redis-server as well. With this little pre-configuration lets start the installation of hubot:   


  1. npm install -g coffee-script
  2. sudo apt-get install redis-server
  3. npm install -g hubot
  4. hubot -v # to verify
  5. apt-get install libexpat1-dev libicu-dev
  6. npm install --save hubot-hipchat
  7. npm install -g yo
Steps above will allow you to install hubot, now we need to write our scripts to support our requirements. Now I am hoping that you might be having a configuration tool to manage this infra already, it could be anything from Puppet, CHEF, Ansible to in house tool. If you are not having any such tool, well life pretty much sucks. 


Now i am presuming that you do not have any such tools in place, then your system admin is a traditional system admin, aka GOD. Let write a custom script for GOD,

Lets create a file in script folder inside hubot and name it execute-script.coffee

util= require 'util'
fs = require 'fs'
path= require 'path'
module.exports = (robot) ->
    robot.respond /execute-command (.*?)( on (.*))?$/i, (msg) ->
        msg.send "MSG_ENVELOPE: #{msg.envelope.user.roles} #{process.env.HUBOT_AUTH_ADMIN} "
        if robot.auth.hasRole(msg.envelope.user,'superadmin')
            # msg.send "Command is :  #{msg.match[1]} for host: #{msg.match[3]}"
            #command = "ssh hubot@#{msg.match[3]} #{msg.match[1]}"
            command = "parallel-ssh -i  -O StrictHostKeyChecking=no  -l hubot -H \"#{msg.match[3]}\" -v -i \"#{msg.match[1]}\" "
            @exec = require('child_process').exec
            msg.send "This is the command #{command}."

            @exec command, (error, stdout, stderr) ->
                msg.send error
                msg.send stdout
                msg.send stderr
        else 
            msg.send "To execute these commands you need to be part of superadmin group"
This small script will allow you to login into any of the system in infra controlled by ssh keys and and hubot group role. Of course you have to install role module given by hubot first. 


# npm install "hubot-auth" --save

The above will write the code to package.json and manage an entry inside external-scripts.json file as well.
Lets test it now,


Since this is configured with paralled-ssh this will allow you to manage whole set of servers using their ip. This gives us some control and audit out of box with custom roles based on room and role. 

Happy chatting. 

Labels:

Comments

Post a Comment

Popular posts

Helm generic springboot templates

With the dramatically increasing demand for container orchestration specifically Kubernetes, demand to template K8S manifests(Json/Yaml) also came to light. To handle increasing manifests, new CRDs(Custom resource definition), etc… it became obvious that we need a package manager somewhat like yum, apt, etc… However, the nature of Kubernetes manifest is very different than what one used to have with Yum and Apt. These manifests required a lot of templates which is now supported by Helm, a tool written in GoLang with custom helm functions and pipelines. Neutral background on templating Templating has been a driver for configuration management for a long time. While it may seem trivial for users coming from Ansible, Chef, Puppet, Salt, etc…, it is not. Once one moves to Kubernetes, the very first realization is hard declarative approach that Kubernetes follows. It is difficult to make generic templating with declarative form since each application may have some unique feature and r...
Post a Comment
Read more

Istio multicluster, gotchas ....

istio.md Istio lets you connect, secure, control, and observe services. At a high level, Istio helps reduce the complexity of these deployments, and eases the strain on your development teams. It is a completely open source service mesh that layers transparently onto existing distributed applications. It is also a platform, including APIs that let it integrate into any logging platform, or telemetry or policy system. Istio’s diverse feature set lets you successfully, and efficiently, run a distributed microservice architecture, and provides a uniform way to secure, connect, and monitor microservices. In context of Vuclip istio allows us to reduce the code and environment configurations while keeping the similar or more feature sets at our disposal. Since istio is designed to bridge the gap for both development teams and SRE, it is essential to see and visualize that in practice. Istio will affect us in our ability to connect , secure(HTTPs TLS, mtls [Phase-2]), control(external comm...
Post a Comment
Read more

Sent mail from perl

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 sub Mail_Mailer { my $destination_directory = '/data/' ; my $from_address = "abc@gmail.com" ; my $to_address = "abc@gmail.com" ; my $subject = "SOFT DATA " ; my $body = "Dear Sir\nPlease find the complete set of data on sftp\n." ; my $cc = "test@gmail.com" ; opendir (DES, $destination_directory ); my @files = readdir (DES); close (DES); my @mail_sent_file = @file ; foreach my $mail_file_names ( @mail_sent_file ) { $body = $ {body} . "\n" . $mail_file_names . "\n" ; } $body = $ {body} . "\nRegards\nreportsadmin." ; my $mailer = Mail:: Mailer -> new ( "sendmail" ) or die ; $mailer -> open ( { From => $from_address , To => $t...
Post a Comment
Read more

Using Flash in your HTML

Edit your Publish settings for Flash SWFs and HTML to reflect how you want your Flash SWF to appear in your web page. Export your Flash movie as HTML. Locate your HTML file on your computer, right-click, and select "Open With". Choose either NotePad or another text editor. Copy the source code from the HTML file. Paste it into your web page's source code in the appropriate location where you want your SWF file to display. Edit the file path to reflect the location of the SWF file on your web server, and upload both your HTML and SWF file to the appropriate directories on your server. ( Note:  this also applies if you're using PHP, JSP, ASP, CGI, or other web page extensions.) Your code should look something like this: <OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="320" HEIGHT="240" id="You...
Post a Comment
Read more

A few useful sql functions

Start mysql in Ubuntu without having root privilege:- If you want to use mysql in Ubutu you can use following command which will use a root level privilege   $ mysql -u root -p Enter password: Welcome to the MySQL monitor.  Commands end with ; or \g. Your MySQL connection id is 147 Server version: 5.1.49-1ubuntu8.1-log (Ubuntu) When it demands to enter the password fill it with 'root' and hopefully you'll get logged in .   Last_insert_id():- (with no argument) returns the first automatically generated value that was set for an AUTO_INCREMENT column by the most recently executed INSERT statement to affect such a column. For example, after inserting a row that generates an AUTO_INCREMENT value, you can get the value like this:   mysql> SELECT LAST_INSERT_ID(); Database():- Database() method returns the current selected database and you can use it in your communication and your queries. The syntax is :   mysql>select Database (); User():- It a...
Post a Comment
Read more

Enter your email address: