Ansible AWX demo environment
Posted on May 9, 2023
| 11 minutes
| 2230 words
| Ton Kersten
As I was planning an Ansible Meetup about the Ansible Automation
Platform (AAP, the successor of Ansible Tower) I was contemplating
about a demo environment for the attendants. This can be done with ease
as it it nothing more than clicky-di-click.
You can imagine that’s not the way I went :-).
There is a simple rule in life:
If you can automate it, automate it.
[Read More]
Let the Cow say moo
Posted on January 30, 2023
| 2 minutes
| 245 words
| Ton Kersten
When working for a customer I was installing an Ansible Automation Platform
cluster and to keep track of all systems I decided to create a nice message of
the day, of course with cowsay.
[Read More]
Getting Ansible info into your playbook
Posted on November 24, 2021
| 3 minutes
| 513 words
| Ton Kersten
Early this week a co-worker asked if it was possible to access the Ansible command-line in a playbook. It seems that is not the case, in a “normal”, clean Ansible environment.
But in the meantime I was creating a playbook that served multiple purposes, stopping and starting services. These playbooks are completely the same, except for the start and stop keywords. Of course I could have solved that with a variabele, either hardcoded or as an extra variable on the commandline.
[Read More]
Web Application Firewall and CRS
Posted on February 10, 2020
| 6 minutes
| 1142 words
| Ton Kersten
During my stay at CfgMgmtCamp I attended the presentation of Franziska Bühler (@bufrasch) titled “Web Application Firewall - Friend of your DevOps pipeline?”. She talked about Web Application Firewalls (WAF) and the Core Rule Set (CRS) for owasp
Being into security and stuff like that myself, I decided I wanted to try to get the web application with ModSecurity up and running in my own test environment.
My test environment consists of a CentOS8 machine with NGINX and it turned out to be a little trickier than I thought.
[Read More]
Ansible with multiple vault ID's
Posted on July 22, 2019
| 3 minutes
| 629 words
| Ton Kersten
In our work environment we have role-based access for passwords (of course). But as we deploy all systems with Ansible, we could end up that someone with only deploy permission ends up with access to all passwords. It’s obvious that we don’t want that, so I started checking in to Ansible’s ability to have multiple vault passwords.
Ansible Vault IDs Starting with Ansible 2.4 and above, vault IDs are supported.
[Read More]
Ansible with loops or lookup
Posted on February 23, 2019
| 4 minutes
| 648 words
| Ton Kersten
Since Ansible version 2.5 there is a lot of discussion and confusion
about the loop syntax.
There is also discussion if with_...:
will be replaced by loop:
deprecating the with_...
keywords. Even Ansibles documentation is not
clear about this.
[Read More]
Ansible: One Role to Rule them All
Posted on February 7, 2019
| 4 minutes
| 759 words
| Ton Kersten
I am a long time Ansible user and contributor (since 2012) and I have been struggling with a decent setup for a multi-environment case. I have been designing and re-designing a lot, until I came up with this design. And what a coincidence, a customer wanted a setup that was exactly this. So this concept is a real world setup, working in a production environment.
Did I get your attention? Read after the break, but take your time.
[Read More]
Running it through Tattr (part 2)
Posted on August 8, 2018
| 1 minutes
| 112 words
| Ton Kersten
Some time ago I created a playbook to show the content of a rendered template. When you keep digging in the Ansible documentation, you suddenly stumble over the template lookup-plugin. And then it turns out that my playbook is a bit clumsy.
A nicer and shorter way to do it:
--- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test.
[Read More]
Ansible, loop in loop in loop in loop in loop
Posted on June 8, 2018
| 1 minutes
| 204 words
| Ton Kersten
A couple of days ago a client asked me if I could solve the following problem:
They have a large number of web servers, all running a plethora of PHP versions. These machines are locally managed with DirectAdmin, which manages the PHP configuration files as well. They are also running Ansible for all kind of configuration tasks. What they want is a simple playbook that ensures a certain line in all PHP ini files for all PHP versions on all webservers.
[Read More]
Did you run it through TAttr
Posted on August 15, 2017
| 1 minutes
| 184 words
| Ton Kersten
During my last Ansible training the students needed to create some Ansible templates for them selfs. As I do not want to run a testing template against some, or all, machines under Ansible control I created a small Ansible playbook to test templates.
This is the playbook:
--- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test.
[Read More]
Stupid Fedora
Posted on May 26, 2016
| 1 minutes
| 201 words
| Ton Kersten
Yesterday I removed a simple package from my Fedora 23 machine and after that I got the message
error: Failed to initialize NSS library WTF??????
Searching the interwebs I found out I wasn’t the first, and probably not the last, to run into this problem.
It seems that, one way or another, the DNF package doesn’t know about the dependency it has on SQLite. So, when a package removal requests to remove SQLite, DNF removes it without questions.
[Read More]
Docker panics
Posted on April 14, 2014
| 1 minutes
| 154 words
| Ton Kersten
This morning I was messing around with Docker and I wanted to build me a nice, clean container with Ubuntu in it, to test Ansible thingies. I’ve done that before and everything worked as a charm. Until today.
I have this Dockerfile (I’ve stripped it to the bare bones that still fail):
FROM ubuntu:latest MAINTAINER Ton_Kersten RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list RUN apt-get -y update RUN apt-get -y upgrade RUN apt-get -y install git git-flow RUN apt-add-repository -y ppa:mozillateam/firefox-next RUN apt-get install -y firefox and when I run
[Read More]
Ansible @ Loadays
Posted on April 5, 2014
| 1 minutes
| 132 words
| Ton Kersten
Last Saturday I attended Loadays in Antwerp, Belgium.
After listening to Jan Piet Mens’s talk about Ansible, I was up for it.
At 11:30 sharp, I started my own presentation for an almost packed room. It’s called “Ansible, why and how I use it” and you can find it on SpeackerDeck.
It was a lovely talk, with a very knowledgeable crowd.
Please, have a look at it and if you have any questions, let me know.
[Read More]
rsync on a not standard port
Posted on January 21, 2013
| 1 minutes
| 106 words
| Ton Kersten
Today a colleague asked me to sync some files to a server that is not listening on SSH port 22.
I normally create a configuration entry in my ~/.ssh/config file, like
Host tosync Hostname syncer.example.com Port 1234 User syncuser and then command
rsync -va --progress --inplace . tosync: But this time I didn’t want to create the entry in my SSH configuration, because I need this trick in a script. So I started to read the rsync manpage and after some experimenting I found
[Read More]
Resize a partition
Posted on October 19, 2012
| 3 minutes
| 551 words
| Ton Kersten
I often have to increase the size of a virtual disk on a virtual machine. But I always seem to forget how to do it. I guess I have done it over a 100 times and I cannot remember exactly how I did it. So this blog entry is to help people on how to do this and as a reminder to myself.
This example is done on a virtual machine with CentOS 6, but it can be done on every Linux.
[Read More]
git status in the prompt
Posted on July 23, 2012
| 2 minutes
| 286 words
| Ton Kersten
Working with git a lot I decided I needed some git status in my prompt.
I searched the web and some solutions where almost what I wanted and this one by Sebastian Celis came very close.
But it didn’t work with my version of zsh, because that didn’t seem to understand the =~ operator.
I also think Sebastian makes things over complicated and so I changed some things aroud.
This is what I came up with:
[Read More]
No network on CentOS 6
Posted on July 17, 2012
| 1 minutes
| 169 words
| Ton Kersten
When installing a minimal CentOS 6 system, minimal really, really means minimal. After a reboot the network interfaces do not start, so network connectivity is non existing.
Looking into that I noticed that the file /etc/sysconfig/network-scripts/ifcfg-eth0 contained
DEVICE=eth0 HWADDR=11:22:33:44:55:66 NM_CONTROLLED=yes ONBOOT=no BOOTPROTO=dhcp TYPE=Ethernet USERCTL=no PEERDNS=yes IPV6INIT=no The lines that mess things up are NM_CONTROLLED=yes meaning the interfaces are managed with NetworkManager, which isn’t actually installed as part of a minimal install.
[Read More]
Finding key codes on Linux
Posted on July 4, 2012
| 2 minutes
| 316 words
| Ton Kersten
It often happens that I get into a situation where I need to know key codes of pressed keys. On my Mac that’s simple. Just use the Key Codes by Many Tricks.
But on Linux I constantly was trying to find out which key produced what.
So I ended up writing a program for that. I started of in the shell, but that ended up being rather tricky and unnecessary complicated.
[Read More]
Shell tip
Posted on July 4, 2012
| 1 minutes
| 123 words
| Ton Kersten
During one of my teaching sessions a student asked me if it was possible to find the number of spaces in a variable.
As with all questions in Linux and UNIX the answer is a simple
Of course that’s possible. In UNIX and Linux everything is possible.
With some sed or awk this can be done within seconds. But I wanted it done completely within the shell, in this case bash.
[Read More]
sed tips and tricks
Posted on June 22, 2012
| 3 minutes
| 597 words
| Ton Kersten
I’m creating a Puppet Starter Kit with some standard manifests included and a complete set of documentation. All documentation should be written in Markdown and will be served by Markdoc. But I want to generate all Markdown files from the Puppet manifests, so I only need to document the manifest file. Generating the Markdown is not that difficult, except that I kept ending up with empty lines at the top of the manifest code and I wanted to get rid of those.
[Read More]
Fix a lot of rights
Posted on June 18, 2012
| 1 minutes
| 148 words
| Ton Kersten
A customer called and wanted help with an error they made.
The error was simple, they typed:
chmod -R 660 / and now things broke. Of course things broke. If they would not brake that would be very weird.
Luckily they had a second server and a simple one-liner stole all the rights from this second server and and we could put these on the broken one.
The oneliner
find / -depth -printf 'chmod %m\t\t-- "%p"\nchown %u:%g\t-- "%p"\n' > rights.
[Read More]
Puppet updates
Posted on June 18, 2012
| 1 minutes
| 146 words
| Ton Kersten
When working with Puppet and a VCS (like git and SVN) it’s nice to have a simple way of updating the Puppet tree.
My tree is always in /etc/puppet and owned by user and group puppet. User puppet is allowed to checkout the complete tree from git or subversion.
I have created two one-liners to update the complete tree and make sure all rights are still correct.
update_svn
#!/bin/bash # update_svn su - puppet -c 'cd /etc/puppet; svn up; cd doc; .
[Read More]
Updated Pygments
Posted on May 16, 2012
| 1 minutes
| 185 words
| Ton Kersten
I’m using Pygments for quite some time now and I just noticed there was a new version available (1.5). I installed that and I was wondering if there would be a lexer included for Puppet. Well, it wasn’t, but a short Google action directed me to the Pygments lexer for the Puppet DSL.
Of course my old CentOS 5 system with Python 2.6 doesn’t want to install this, so I hacked the Puppet lexer into Pygments.
[Read More]
Switching to tmux
Posted on July 24, 2011
| 6 minutes
| 1257 words
| Ton Kersten
Some time ago I was fighting my .screenrc again. I wanted to change the status line, but it was hardly possible to read and understand what I typed hardly half a year ago. The screen config file is not exactly poetry.
While searching the web to find how to change the status line I ran into tmux and I thought: “Let’s give it a try”. And after the very simple compile I started configuring it.
[Read More]
FreeBSD PXE boot Part 2
Posted on June 9, 2011
| 6 minutes
| 1150 words
| Ton Kersten
Some posts ago I wrote that I was busy to find out how a FreeBSD machine can be PXE-ed from a Linux server. Well, I found that some time ago, but I didn’t have the time to type it here, yet. Well, as always, once you know how it’s done, it’s quite simple. But because a lot of the FreeBSD documentation is very old (talking about FreeBSD 4, 5 and 6) it takes some time to find it all.
[Read More]