The chef-depot from mediadepot

No data_bags in package

Hi the part where the data_bags cookbook is copied to the /var/chef folder doesn't work since there is no data_bags folder in the packaged cookbooks :)

fix api keys

api keys are hardcoded in the cookbook. should not be specified in there.

make sure the default environment is set as the default for the depot user.

With the api keys of the current user, we should set the default environment for the newly created user, using http://localhost:5000/v1/accounts/1a7/userpreferences endpoint. Only name and value are needed.

"data": [
{
"id": "1up1",
"type": "userPreference",
"links": {
"self": "…/v1/userpreferences/1up1",
"account": "…/v1/userpreferences/1up1/account",
},
"actions": {
"update": "…/v1/userpreferences/1up1/?action=update",
"remove": "…/v1/userpreferences/1up1/?action=remove",
"deactivate": "…/v1/userpreferences/1up1/?action=deactivate",
},
"name": "defaultProjectId",
"state": "active",
"accountId": "1a7",
"created": "2015-11-19T01:53:27Z",
"createdTS": 1447898007000,
"data": { },
"description": null,
"kind": "userPreference",
"removeTime": null,
"removed": null,
"transitioning": "no",
"transitioningMessage": null,
"transitioningProgress": null,
"uuid": "87692399-ffab-4ad6-904a-acbb2575ef2b",
"value": "\"1a5\"",
},
],

[events/backup/updater] check if its possible to use dynamically allocated API keys for events and such

This is awesome! There's an undocumented feature of Rancher that will make it a bit easier to deploy these types of services. Just put the labels

labels:
io.rancher.container.create_agent: true
io.rancher.container.agent.role: environment
What this will do is when you deploy your container we will create an API key for the container and set it as env vars CATTLE_URL, CATTLE_ACCESS_KEY, and CATTLE_SECRET_KEY. Now that I write this I realize those should probably be RANCHER_*. I'll change that at some point...

But honestly we've been having fun writing little utilities similar to this. I'm glad to see others doing it.

http://forums.rancher.com/t/alarms-in-rancher/930

[openvpn_as] move openvpn_as into a container

to do this, we need to figure out the public routing (depot.duckdns.org)
look at automatically setting up letsencrypt ssl on openvpn ports
figure out how to make sure that openvpn connected clients can correctly connect to other docker containers and the host.

[vnc] configure VNC service to work out of the box.

guacamole configuration:

change default username and password: guacadmin:guacadmin
https://github.com/mattgruter/dockerfile-guacamole
http://guac-dev.org/doc/gug/configuring-guacamole.html
rather than using a config file (which the user cannot modify), revert back to a database backed guacamole server.
x11vnc configuration:
show the login screen when using VNC. https://askubuntu.com/questions/229989/how-to-setup-x11vnc-to-access-with-graphical-login-screen
https://wiki.archlinux.org/index.php/X11vnc
http://www.karlrunge.com/x11vnc/x11vnc_opts.html
http://www.richud.com/wiki/Ubuntu_Fluxbox_GUI_with_x11vnc_and_Xvfb

[manager] should be persistent so we can easily update rancher versions.

On the Host, figure out a way to resolve docker containers / lb entries

https://github.com/gliderlabs/resolvable maybe? or the inernal rancher dns service.

[chef] make greyhole an option, rather than a requirement. Look at using other distributed filesystems

Cephs
gluster
mhddfs
zfs

[openvpn_as] disable automatic iptables configuration, do it manually in the docker container

disable automated iptables configuration
manually configure iptables inside container

http://capnjosh.com/blog/prevent-openvpn-access-server-from-opening-up-inbound-firewall-rules-to-all-web-admin-ports/

Samba daemon is panicing

The issue and workaround is specified here: https://answers.launchpad.net/ubuntu/+question/291448 We'll keep this open until the root cause is fixed.

[2016/04/19 15:54:48.429124, 0] ../source3/lib/popt_common.c:68(popt_s3_talloc_log_fn)
  Bad talloc magic value - unknown value
[2016/04/19 15:54:48.429182, 0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 11707): Bad talloc magic value - unknown value
[2016/04/19 15:54:48.430295, 0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 28 stack frames:
   #0 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(log_stack_trace+0x1a) [0x7f2a709be16a]
   #1 /usr/lib/x86_64-linux-gnu/samba/libsmbregistry.so.0(smb_panic_s3+0x20) [0x7f2a709be240]
   #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f2a717348ef]
   #3 /usr/lib/x86_64-linux-gnu/libtalloc.so.2(_talloc_free+0x4de) [0x7f2a6e4bd2fe]
   #4 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x1246c) [0x7f2a7172b46c]
   #5 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x19c9f7) [0x7f2a713889f7]
   #6 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(get_share_mode_lock+0x17e) [0x7f2a7138949e]
   #7 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x107b8b) [0x7f2a712f3b8b]
   #8 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x10c1bc) [0x7f2a712f81bc]
   #9 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(create_file_default+0x1cf) [0x7f2a712f964f]
   #10 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x1dab6e) [0x7f2a713c6b6e]
   #11 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smb_vfs_call_create_file+0xd8) [0x7f2a712ffe78]
   #12 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_smb2_request_process_create+0xaff) [0x7f2a7132d9ff]
   #13 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_smb2_request_dispatch+0xc4d) [0x7f2a713263ed]
   #14 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x13b072) [0x7f2a71327072]
   #15 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x16c) [0x7f2a6f656a8c]
   #16 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x25ce0) [0x7f2a6f656ce0]
   #17 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f2a6e2b0cbd]
   #18 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f2a6e2b0e5b]

data sidekicks keep restarting

[IpTables] Haproxy routing is blocked by Iptables when accessing over VPN

Workaround:

On Ubuntu, iptables is not a service. In order to stop it, you have to do the following :

sudo iptables-save > /root/firewall.rules
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

In order to restore your previous rules :

iptables-restore < /root/firewall.rules

http://serverfault.com/a/129338

some services with data containers are not able to find configuration template files.

[chef] make sure that chef-client can run repeatedly (add only_if and not_if locks on resources)

[events] use rancher websocket api to listen/subscribe to events, rather than the docker events api/gem

I don't think the /v1/subscribe?eventNames=resource.change WebSocket works with this kind of key to give you change events for all the projects/environments. You can try it but may end up having to poll for changes to balancers, or open a WebSocket per-project by adding &projectId=.

http://forums.rancher.com/t/api-key-for-all-environments/279/3?u=analogj

The UI also uses websockets to dynamically update. Can you check whether the UI is successfully making websocket connections?

To do so:
1. Open up rancher in your browser
2. Open up the developer tools for your browser and go to the network tab,
3. Refresh the browser.
You should see a request to /v1/subscribe. Was it made successfully and is the response code to that request 101 "Switch Protocols"?

http://forums.rancher.com/t/aws-elb-ws-problems/1202/2?u=analogj

var url = 'ws://'+accessKey+':'+secretKey+'@'+host+'/v1/subscribe?eventNames=resource.change';
var socket = new WebSocket(url);
https://gist.github.com/vincent99/491afed2306ba448dd89