Remove an organization from Git
Posted on August 23, 2024
| 1 minutes
| 171 words
| Ton Kersten
When I was busy with a late spring-cleaning, I thought it to be a good idea to remove some old repositories from my Git server.
At home I am running Forgejo and when I want to remove a complete organization, I need to click and type a lot.
But Forgejo, just as Gitea has a wonderful API, so, why not use that??
I saw this at Justyns site and I stole ^W borrowed this script.
[Read More]
The nginx webserver as HTTPS/SSL proxy
Posted on June 17, 2024
| 2 minutes
| 304 words
| Ton Kersten
As CentOS 7 is getting to the end of it’s live it’s time to start thinking about an upgrade.
On my old server I tried LEAPP a couple of times (on a clone, of course), but success was not really guaranteed. So, a complete reinstall is in order.
But, as I move from CentOS 7 to Rocky Linux 9, this automatically means some packages are no longer available. I was using sslh to connect though SSH and HTTPS on port 443.
[Read More]
Ansible AWX demo environment
Posted on May 9, 2023
| 11 minutes
| 2230 words
| Ton Kersten
As I was planning an Ansible Meetup about the Ansible Automation Platform (AAP, the successor of Ansible Tower) I was contemplating about a demo environment for the attendants. This can be done with ease as it it nothing more than clicky-di-click.
You can imagine that’s not the way I went :-). There is a simple rule in life: If you can automate it, automate it. The complete environment is going to be a multipart environment, so that the attendants can experiment and have an environment that slightly resembles real live.
[Read More]
Let the Cow say moo
Posted on January 30, 2023
| 2 minutes
| 245 words
| Ton Kersten
When working for a customer I was installing an Ansible Automation Platform cluster and to keep track of all systems I decided to create a nice message of the day, of course with cowsay.
Something like this:
___________________________ < Member of the AAP Cluster > | Host name : thunderbolt --------------------------- | Host alias : cn01 \ ^__^ | Function : Ansible AAP Control node \ (oo)\_______ | Location : Amsterdam (__)\ )\/\ | IP address : 192.
[Read More]
Getting Ansible info into your playbook
Posted on November 24, 2021
| 3 minutes
| 513 words
| Ton Kersten
Early this week a co-worker asked if it was possible to access the Ansible command-line in a playbook. It seems that is not the case, in a normal, clean Ansible environment.
But in the meantime I was creating a playbook that served multiple purposes, stopping and starting services. These playbooks are completely the same, except for the start and stop keywords. Of course I could have solved that with a variabele, either hardcoded or as an extra variable on the commandline.
[Read More]
Web Application Firewall and CRS
Posted on February 10, 2020
| 6 minutes
| 1142 words
| Ton Kersten
During my stay at CfgMgmtCamp I attended the presentation of Franziska Bühler (@bufrasch) titled Web Application Firewall - Friend of your DevOps pipeline?. She talked about Web Application Firewalls (WAF) and the Core Rule Set (CRS) for owasp
Being into security and stuff like that myself, I decided I wanted to try to get the web application with ModSecurity up and running in my own test environment.
My test environment consists of a CentOS8 machine with NGINX and it turned out to be a little trickier than I thought.
[Read More]
Ansible with multiple vault ID's
Posted on July 22, 2019
| 3 minutes
| 629 words
| Ton Kersten
In our work environment we have role-based access for passwords (of course). But as we deploy all systems with Ansible, we could end up that someone with only deploy permission ends up with access to all passwords. It’s obvious that we don’t want that, so I started checking in to Ansible’s ability to have multiple vault passwords.
Ansible Vault IDs Starting with Ansible 2.4 and above, vault IDs are supported.
[Read More]
Ansible with loops or lookup
Posted on February 23, 2019
| 4 minutes
| 648 words
| Ton Kersten
Since Ansible version 2.5 there is a lot of discussion and confusion about the loop syntax. There is also discussion if with_…: will be replaced by loop: deprecating the with_… keywords. Even Ansibles documentation is not clear about this.
Should I use loop: or with_…:, in fact nobody really knows. What would the correct syntax be?
--- - name: Loops with with_ and lookup hosts: localhost connection: local gather_facts: no vars: people: - john - paul - mary drinks: - beer - wine - whisky tasks: - name: with nested debug: msg: "with_nested: item[0] is '{{ item[0] }}' and item[1] is '{{ item[1] }}'" with_nested: - "{{ people }}" - "{{ drinks }}" - name: nested and loop debug: msg: "nested_loop: item[0] is '{{ item[0] }}' and item[1] is '{{ item[1] }}'" loop: - "{{ people }}" - "{{ drinks }}" The best indication for this would be the Migrating from with_X to loop section in the Ansible documentation.
[Read More]
Ansible: One Role to Rule them All
Posted on February 7, 2019
| 4 minutes
| 759 words
| Ton Kersten
I am a long time Ansible user and contributor (since 2012) and I have been struggling with a decent setup for a multi-environment case. I have been designing and re-designing a lot, until I came up with this design. And what a coincidence, a customer wanted a setup that was exactly this. So this concept is a real world setup, working in a production environment.
Did I get your attention?
[Read More]
Running it through Tattr (part 2)
Posted on August 8, 2018
| 1 minutes
| 112 words
| Ton Kersten
Some time ago I created a playbook to show the content of a rendered template. When you keep digging in the Ansible documentation, you suddenly stumble over the template lookup-plugin. And then it turns out that my playbook is a bit clumsy.
A nicer and shorter way to do it:
--- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test.
[Read More]
Ansible, loop in loop in loop in loop in loop
Posted on June 8, 2018
| 1 minutes
| 204 words
| Ton Kersten
A couple of days ago a client asked me if I could solve the following problem:
They have a large number of web servers, all running a plethora of PHP versions. These machines are locally managed with DirectAdmin, which manages the PHP configuration files as well. They are also running Ansible for all kind of configuration tasks. What they want is a simple playbook that ensures a certain line in all PHP ini files for all PHP versions on all webservers.
[Read More]
Did you run it through TAttr
Posted on August 15, 2017
| 1 minutes
| 184 words
| Ton Kersten
During my last Ansible training the students needed to create some Ansible templates for them selfs. As I do not want to run a testing template against some, or all, machines under Ansible control I created a small Ansible playbook to test templates.
This is the playbook:
--- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test.
[Read More]
Stupid Fedora
Posted on May 26, 2016
| 1 minutes
| 201 words
| Ton Kersten
Yesterday I removed a simple package from my Fedora 23 machine and after that I got the message
error: Failed to initialize NSS library WTF??????
Searching the interwebs I found out I wasn’t the first, and probably not the last, to run into this problem.
It seems that, one way or another, the DNF package doesn’t know about the dependency it has on SQLite. So, when a package removal requests to remove SQLite, DNF removes it without questions.
[Read More]
Docker panics
Posted on April 14, 2014
| 1 minutes
| 154 words
| Ton Kersten
This morning I was messing around with Docker and I wanted to build me a nice, clean container with Ubuntu in it, to test Ansible thingies. I’ve done that before and everything worked as a charm. Until today.
I have this Dockerfile (I’ve stripped it to the bare bones that still fail):
FROM ubuntu:latest MAINTAINER Ton_Kersten RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list RUN apt-get -y update RUN apt-get -y upgrade RUN apt-get -y install git git-flow RUN apt-add-repository -y ppa:mozillateam/firefox-next RUN apt-get install -y firefox and when I run
[Read More]
Ansible @ Loadays
Posted on April 5, 2014
| 1 minutes
| 132 words
| Ton Kersten
Last Saturday I attended Loadays in Antwerp, Belgium.
After listening to Jan Piet Mens’s talk about Ansible, I was up for it.
At 11:30 sharp, I started my own presentation for an almost packed room. It’s called Ansible, why and how I use it and you can find it on SpeackerDeck.
It was a lovely talk, with a very knowledgeable crowd.
Please, have a look at it and if you have any questions, let me know.
[Read More]
rsync on a not standard port
Posted on January 21, 2013
| 1 minutes
| 106 words
| Ton Kersten
Today a colleague asked me to sync some files to a server that is not listening on SSH port 22.
I normally create a configuration entry in my ~/.ssh/config file, like
Host tosync Hostname syncer.example.com Port 1234 User syncuser and then command
rsync -va --progress --inplace . tosync: But this time I didn’t want to create the entry in my SSH configuration, because I need this trick in a script.
[Read More]
Resize a partition
Posted on October 19, 2012
| 3 minutes
| 551 words
| Ton Kersten
I often have to increase the size of a virtual disk on a virtual machine. But I always seem to forget how to do it. I guess I have done it over a 100 times and I cannot remember exactly how I did it. So this blog entry is to help people on how to do this and as a reminder to myself.
This example is done on a virtual machine with CentOS 6, but it can be done on every Linux.
[Read More]
git status in the prompt
Posted on July 23, 2012
| 2 minutes
| 289 words
| Ton Kersten
Working with git a lot I decided I needed some git status in my prompt.
I searched the web and some solutions where almost what I wanted and this one by Sebastian Celis came very close.
But it didn’t work with my version of zsh, because that didn’t seem to understand the =~ operator.
I also think Sebastian makes things over complicated and so I changed some things aroud.
[Read More]
No network on CentOS 6
Posted on July 17, 2012
| 1 minutes
| 171 words
| Ton Kersten
When installing a minimal CentOS 6 system, minimal really, really means minimal. After a reboot the network interfaces do not start, so network connectivity is non existing.
Looking into that I noticed that the file /etc/sysconfig/network-scripts/ifcfg-eth0 contained
DEVICE=eth0 HWADDR=11:22:33:44:55:66 NM_CONTROLLED=yes ONBOOT=no BOOTPROTO=dhcp TYPE=Ethernet USERCTL=no PEERDNS=yes IPV6INIT=no The lines that mess things up are NM_CONTROLLED=yes meaning the interfaces are managed with NetworkManager, which isn’t actually installed as part of a minimal install.
[Read More]
Finding key codes on Linux
Posted on July 4, 2012
| 2 minutes
| 319 words
| Ton Kersten
It often happens that I get into a situation where I need to know key codes of pressed keys. On my Mac that’s simple. Just use the Key Codes by Many Tricks.
But on Linux I constantly was trying to find out which key produced what.
So I ended up writing a program for that. I started of in the shell, but that ended up being rather tricky and unnecessary complicated.
[Read More]
sed tips and tricks
Posted on June 22, 2012
| 3 minutes
| 599 words
| Ton Kersten
I’m creating a Puppet Starter Kit with some standard manifests included and a complete set of documentation. All documentation should be written in Markdown and will be served by Markdoc. But I want to generate all Markdown files from the Puppet manifests, so I only need to document the manifest file. Generating the Markdown is not that difficult, except that I kept ending up with empty lines at the top of the manifest code and I wanted to get rid of those.
[Read More]
Puppet updates
Posted on June 18, 2012
| 1 minutes
| 155 words
| Ton Kersten
When working with Puppet and a VCS (like git and SVN) it’s nice to have a simple way of updating the Puppet tree.
My tree is always in /etc/puppet and owned by user and group puppet. User puppet is allowed to checkout the complete tree from git or subversion.
I have created two one-liners to update the complete tree and make sure all rights are still correct.
update_svn ~ \{.
[Read More]
Updated Pygments
Posted on May 16, 2012
| 1 minutes
| 185 words
| Ton Kersten
I’m using Pygments for quite some time now and I just noticed there was a new version available (1.5). I installed that and I was wondering if there would be a lexer included for Puppet. Well, it wasn’t, but a short Google action directed me to the Pygments lexer for the Puppet DSL.
Of course my old CentOS 5 system with Python 2.6 doesn’t want to install this, so I hacked the Puppet lexer into Pygments.
[Read More]
FreeBSD PXE boot Part 2
Posted on June 9, 2011
| 6 minutes
| 1150 words
| Ton Kersten
Some posts ago I wrote that I was busy to find out how a FreeBSD machine can be PXE-ed from a Linux server. Well, I found that some time ago, but I didn’t have the time to type it here, yet. Well, as always, once you know how it’s done, it’s quite simple. But because a lot of the FreeBSD documentation is very old (talking about FreeBSD 4, 5 and 6) it takes some time to find it all.
[Read More]
Why does Puppet keep breaking?????
Posted on May 3, 2011
| 2 minutes
| 334 words
| Ton Kersten
In my previous post I stipulated that I was PXE booting FreeBSD. Well this works and I will come back on that. But for the configuration I want to run Puppet. Nice and easy config management.
On my server I run Puppet from source. This because the server is a CentOS box with a very old Ruby and Puppet. So I decided to run the Puppet client from source as well.
[Read More]