Remove an organization from Git

When I was busy with a late spring-cleaning, I thought it to be a good idea to remove some old repositories from my Git server. At home I am running Forgejo and when I want to remove a complete organization, I need to click and type a lot. But Forgejo, just as Gitea has a wonderful API, so, why not use that?? I saw this at Justyns site and I stole ^W borrowed this script. [Read More]
sysadm 

The nginx webserver as HTTPS/SSL proxy

As CentOS 7 is getting to the end of it’s live it’s time to start thinking about an upgrade. On my old server I tried LEAPP a couple of times (on a clone, of course), but success was not really guaranteed. So, a complete reinstall is in order. But, as I move from CentOS 7 to Rocky Linux 9, this automatically means some packages are no longer available. I was using sslh to connect though SSH and HTTPS on port 443. [Read More]
sysadm 

Hashicorp Vault weirdness explained

A couple of days ago we where debugging an Ansible AAP problem, when a co-worker mentioned something weird in our Hashicorp Vault. Nothing major, just weird. He told me that sometimes and not with all entries he only could see the JSON blob of the entry and the switch to go back to normal was greyed out. Searching Github it turned out that this is related to pull-request 4913 (https://github. [Read More]
vault 

Ansible AWX demo environment

As I was planning an Ansible Meetup about the Ansible Automation Platform (AAP, the successor of Ansible Tower) I was contemplating about a demo environment for the attendants. This can be done with ease as it it nothing more than clicky-di-click. You can imagine that’s not the way I went :-). There is a simple rule in life: If you can automate it, automate it. The complete environment is going to be a multipart environment, so that the attendants can experiment and have an environment that slightly resembles real live. [Read More]

Let the Cow say moo

When working for a customer I was installing an Ansible Automation Platform cluster and to keep track of all systems I decided to create a nice message of the day, of course with cowsay. Something like this: ___________________________ < Member of the AAP Cluster > | Host name : thunderbolt --------------------------- | Host alias : cn01 \ ^__^ | Function : Ansible AAP Control node \ (oo)\_______ | Location : Amsterdam (__)\ )\/\ | IP address : 192. [Read More]

Getting Ansible info into your playbook

Early this week a co-worker asked if it was possible to access the Ansible command-line in a playbook. It seems that is not the case, in a normal, clean Ansible environment. But in the meantime I was creating a playbook that served multiple purposes, stopping and starting services. These playbooks are completely the same, except for the start and stop keywords. Of course I could have solved that with a variabele, either hardcoded or as an extra variable on the commandline. [Read More]

Web Application Firewall and CRS

During my stay at CfgMgmtCamp I attended the presentation of Franziska Bühler (@bufrasch) titled Web Application Firewall - Friend of your DevOps pipeline?. She talked about Web Application Firewalls (WAF) and the Core Rule Set (CRS) for owasp Being into security and stuff like that myself, I decided I wanted to try to get the web application with ModSecurity up and running in my own test environment. My test environment consists of a CentOS8 machine with NGINX and it turned out to be a little trickier than I thought. [Read More]

Ansible with multiple vault ID's

In our work environment we have role-based access for passwords (of course). But as we deploy all systems with Ansible, we could end up that someone with only deploy permission ends up with access to all passwords. It’s obvious that we don’t want that, so I started checking in to Ansible’s ability to have multiple vault passwords. Ansible Vault IDs Starting with Ansible 2.4 and above, vault IDs are supported. [Read More]

Ansible with loops or lookup

Since Ansible version 2.5 there is a lot of discussion and confusion about the loop syntax. There is also discussion if with_…​: will be replaced by loop: deprecating the with_…​ keywords. Even Ansibles documentation is not clear about this. Should I use loop: or with_…​:, in fact nobody really knows. What would the correct syntax be? --- - name: Loops with with_ and lookup hosts: localhost connection: local gather_facts: no vars: people: - john - paul - mary drinks: - beer - wine - whisky tasks: - name: with nested debug: msg: "with_nested: item[0] is '{{ item[0] }}' and item[1] is '{{ item[1] }}'" with_nested: - "{{ people }}" - "{{ drinks }}" - name: nested and loop debug: msg: "nested_loop: item[0] is '{{ item[0] }}' and item[1] is '{{ item[1] }}'" loop: - "{{ people }}" - "{{ drinks }}" The best indication for this would be the Migrating from with_X to loop section in the Ansible documentation. [Read More]

Ansible: One Role to Rule them All

I am a long time Ansible user and contributor (since 2012) and I have been struggling with a decent setup for a multi-environment case. I have been designing and re-designing a lot, until I came up with this design. And what a coincidence, a customer wanted a setup that was exactly this. So this concept is a real world setup, working in a production environment. Did I get your attention? [Read More]

Running it through Tattr (part 2)

Some time ago I created a playbook to show the content of a rendered template. When you keep digging in the Ansible documentation, you suddenly stumble over the template lookup-plugin. And then it turns out that my playbook is a bit clumsy. A nicer and shorter way to do it: --- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test. [Read More]

Ansible, loop in loop in loop in loop in loop

A couple of days ago a client asked me if I could solve the following problem: They have a large number of web servers, all running a plethora of PHP versions. These machines are locally managed with DirectAdmin, which manages the PHP configuration files as well. They are also running Ansible for all kind of configuration tasks. What they want is a simple playbook that ensures a certain line in all PHP ini files for all PHP versions on all webservers. [Read More]

Ditched Disqus

As the new GDPR finds its way all over Europe I decided to have a closer look at my website. I have been using the Disqus comment system for some time now, but hardly ever someone really takes the time to comment. As the Disqus systems uses a lot of Javascript and cookies, I decided it was time to get rid of these tools and make my site fly, again. [Read More]

Did you run it through TAttr

During my last Ansible training the students needed to create some Ansible templates for them selfs. As I do not want to run a testing template against some, or all, machines under Ansible control I created a small Ansible playbook to test templates. This is the playbook: --- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test. [Read More]

Stupid Fedora

Yesterday I removed a simple package from my Fedora 23 machine and after that I got the message error: Failed to initialize NSS library WTF?????? Searching the interwebs I found out I wasn’t the first, and probably not the last, to run into this problem. It seems that, one way or another, the DNF package doesn’t know about the dependency it has on SQLite. So, when a package removal requests to remove SQLite, DNF removes it without questions. [Read More]
sysadm 

Building an Ergodox

After a lot of thought I decided it was time for a new project, one I would enjoy and a project that would be useful for a long time. Searching the web and reading articles I found the ErgoDox. The ErgoDox is a split-hand ergonomic keyboard with mechanical switches and open source, layer-based firmware running on a Teensy microcontroller. While other keyboards offer dip-switches or GUI config tools, the firmware and layouts can be built from source on the command line or through a layout configuration tool. [Read More]

Stable Internet

My stable internet connection Since a couple of years I’m running a fiber connection to the Internet, supplied by XMS-Net. I also have an Atlas probe to do some internet measurements for RIPE. Today I got a status email from RIPE with the connection status of last month. I guess I can say I have a stable internet connection. ;-) This is your monthly availability report for probe xxxx (TonKs Atlas). [Read More]

Puppet environments

For my job I do a lot of Puppet and I thought it was about time to write some tips and tricks down. First part of this post is about my environment setup. In my test setup I use a lot of environments. They are not at all useful, but that’s not the point. It’s my lab environment so things need to break once in a while. But with multiple environments Puppetlabs says that you should switch to directory environments (PuppetDoc) but some way or another I cannot get that to work in a good way with my PE version (3. [Read More]
puppet 

Docker panics

This morning I was messing around with Docker and I wanted to build me a nice, clean container with Ubuntu in it, to test Ansible thingies. I’ve done that before and everything worked as a charm. Until today. I have this Dockerfile (I’ve stripped it to the bare bones that still fail): FROM ubuntu:latest MAINTAINER Ton_Kersten RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list RUN apt-get -y update RUN apt-get -y upgrade RUN apt-get -y install git git-flow RUN apt-add-repository -y ppa:mozillateam/firefox-next RUN apt-get install -y firefox and when I run [Read More]
sysadm 

Ansible @ Loadays

Last Saturday I attended Loadays in Antwerp, Belgium. After listening to Jan Piet Mens’s talk about Ansible, I was up for it. At 11:30 sharp, I started my own presentation for an almost packed room. It’s called Ansible, why and how I use it and you can find it on SpeackerDeck. It was a lovely talk, with a very knowledgeable crowd. Please, have a look at it and if you have any questions, let me know. [Read More]

Ansible @ CfgMgmtCamp

Last couple of days I attended Configuration Managememt Camp in Ghent, Belgium. On Monday morning we started of with presentations of Mark Burgess (CFEngine), Luke Kanies (Puppet) and Adam Jacob (Chef). Good talks about the future of things. After lunch it got nerdy ans I joined the Ansible room, to see how things went and at 17:00 I started my own presentation for a completely packed room. It’s called `Ansible, why and how I use it' and you can find it on SpeackerDeck. [Read More]

LPI Certification

It’s been a while since the last post, but I’ve been very, very busy.

And in the meantime I also found some time to take the LPI-102 exam. This resulted in a Pass and now I’m officially LPI1 certified.

Well, let’s see what’s next. Puppet exam, Ansible training, LPI2, Python ………

So much to learn, so little time.

LPI 

Puppet Facter Fact

Look at me, I made a Puppet Facter Fact!!! With a lot of thanks to Andrew Beresford who started the initial code. I just tweaked it. What it does is rather simple, it finds the expiration date of the SSL certificate of this host and returns the expiration date and time when there are less than 30 days left. Otherwise it just returns a --sign. In the Puppet manifest I check if it’s this --sign and if not I generate a warning. [Read More]
puppet 

Ansible Day in Antwerp

Today I’m attending the first full day Ansible configuration meeting. This meeting is in Antwerp, Belgium, a drive of almost 2 hours. Thanks to Multi Mho (Maurice Verheesen) I didn’t need to drive, he wanted to try out his nice, new car. It drives perfectly and we arrived about 30 minutes early. For a first meeting of a new tool there where a lot of attendants, amongst others (and I don’t want to forget anybody, so I won’t even try to give a complete list), but below are the people I think that where there. [Read More]

Puppet User Group

Yesterday I attended the first meet up of the Dutch Puppet User Group and I gave a talk about how to start with Puppet.

It was called: Puppet deployment, an introduction and the PDF slideshow can be viewed or downloaded from speakerdeck.

If you have any comment, please send me an email.

puppet