Ansible AWX demo environment

 Posted on May 9, 2023  |  11 minutes  |  2230 words  |  Ton Kersten

As I was planning an Ansible Meetup about the Ansible Automation Platform (AAP, the successor of Ansible Tower) I was contemplating about a demo environment for the attendants. This can be done with ease as it it nothing more than clicky-di-click.

You can imagine that’s not the way I went :-). There is a simple rule in life:
If you can automate it, automate it.

[Read More]
ansible  automation  sysadm 

Let the Cow say moo

 Posted on January 30, 2023  |  2 minutes  |  245 words  |  Ton Kersten

When working for a customer I was installing an Ansible Automation Platform cluster and to keep track of all systems I decided to create a nice message of the day, of course with cowsay.

[Read More]
ansible  automation  sysadm  cowsay 

Getting Ansible info into your playbook

 Posted on November 24, 2021  |  3 minutes  |  513 words  |  Ton Kersten

Early this week a co-worker asked if it was possible to access the Ansible command-line in a playbook. It seems that is not the case, in a “normal”, clean Ansible environment. But in the meantime I was creating a playbook that served multiple purposes, stopping and starting services. These playbooks are completely the same, except for the start and stop keywords. Of course I could have solved that with a variabele, either hardcoded or as an extra variable on the commandline. [Read More]
ansible  sysadm  automation  plugin 

Web Application Firewall and CRS

 Posted on February 10, 2020  |  6 minutes  |  1142 words  |  Ton Kersten

During my stay at CfgMgmtCamp I attended the presentation of Franziska Bühler (@bufrasch) titled “Web Application Firewall - Friend of your DevOps pipeline?”. She talked about Web Application Firewalls (WAF) and the Core Rule Set (CRS) for owasp Being into security and stuff like that myself, I decided I wanted to try to get the web application with ModSecurity up and running in my own test environment. My test environment consists of a CentOS8 machine with NGINX and it turned out to be a little trickier than I thought. [Read More]
sysadm  security 

Ansible with multiple vault ID's

 Posted on July 22, 2019  |  3 minutes  |  629 words  |  Ton Kersten

In our work environment we have role-based access for passwords (of course). But as we deploy all systems with Ansible, we could end up that someone with only deploy permission ends up with access to all passwords. It’s obvious that we don’t want that, so I started checking in to Ansible’s ability to have multiple vault passwords. Ansible Vault IDs Starting with Ansible 2.4 and above, vault IDs are supported. [Read More]
ansible  sysadm  vault 

Ansible with loops or lookup

 Posted on February 23, 2019  |  4 minutes  |  648 words  |  Ton Kersten

Since Ansible version 2.5 there is a lot of discussion and confusion about the loop syntax. There is also discussion if with_...: will be replaced by loop: deprecating the with_... keywords. Even Ansibles documentation is not clear about this.

[Read More]
ansible  sysadm 

Ansible: One Role to Rule them All

 Posted on February 7, 2019  |  4 minutes  |  759 words  |  Ton Kersten

I am a long time Ansible user and contributor (since 2012) and I have been struggling with a decent setup for a multi-environment case. I have been designing and re-designing a lot, until I came up with this design. And what a coincidence, a customer wanted a setup that was exactly this. So this concept is a real world setup, working in a production environment. Did I get your attention? Read after the break, but take your time. [Read More]
ansible  sysadm 

Running it through Tattr (part 2)

 Posted on August 8, 2018  |  1 minutes  |  112 words  |  Ton Kersten

Some time ago I created a playbook to show the content of a rendered template. When you keep digging in the Ansible documentation, you suddenly stumble over the template lookup-plugin. And then it turns out that my playbook is a bit clumsy. A nicer and shorter way to do it: --- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test. [Read More]
ansible  sysadm 

Ansible, loop in loop in loop in loop in loop

 Posted on June 8, 2018  |  1 minutes  |  204 words  |  Ton Kersten

A couple of days ago a client asked me if I could solve the following problem: They have a large number of web servers, all running a plethora of PHP versions. These machines are locally managed with DirectAdmin, which manages the PHP configuration files as well. They are also running Ansible for all kind of configuration tasks. What they want is a simple playbook that ensures a certain line in all PHP ini files for all PHP versions on all webservers. [Read More]
ansible  loop  sysadm 

Ditched Disqus

 Posted on May 31, 2018  |  1 minutes  |  80 words  |  Ton Kersten

As the new GDPR finds its way all over Europe I decided to have a closer look at my website. I have been using the Disqus comment system for some time now, but hardly ever someone really takes the time to comment. As the Disqus systems uses a lot of Javascript and cookies, I decided it was time to get rid of these tools and make my site fly, again. [Read More]
gdpr  privacy 

Did you run it through TAttr

 Posted on August 15, 2017  |  1 minutes  |  184 words  |  Ton Kersten

During my last Ansible training the students needed to create some Ansible templates for them selfs. As I do not want to run a testing template against some, or all, machines under Ansible control I created a small Ansible playbook to test templates. This is the playbook: --- # # This playbook renders a template and shows the results # Run this playbook with: # # ansible-playbook -e templ=<name of the template> template_test. [Read More]
ansible  sysadm 

Stupid Fedora

 Posted on May 26, 2016  |  1 minutes  |  201 words  |  Ton Kersten

Yesterday I removed a simple package from my Fedora 23 machine and after that I got the message error: Failed to initialize NSS library WTF?????? Searching the interwebs I found out I wasn’t the first, and probably not the last, to run into this problem. It seems that, one way or another, the DNF package doesn’t know about the dependency it has on SQLite. So, when a package removal requests to remove SQLite, DNF removes it without questions. [Read More]
sysadm 

Building an Ergodox

 Posted on March 3, 2015  |  2 minutes  |  250 words  |  Ton Kersten

After a lot of thought I decided it was time for a new project, one I would enjoy and a project that would be useful for a long time. Searching the web and reading articles I found the ErgoDox. The ErgoDox is a split-hand ergonomic keyboard with mechanical switches and open source, layer-based firmware running on a Teensy microcontroller. While other keyboards offer dip-switches or GUI config tools, the firmware and layouts can be built from source on the command line or through a layout configuration tool. [Read More]
news  keyboard 

Stable Internet

 Posted on October 1, 2014  |  1 minutes  |  122 words  |  Ton Kersten

My stable internet connection Since a couple of years I’m running a fiber connection to the Internet, supplied by XMS-Net. I also have an Atlas probe to do some internet measurements for RIPE. Today I got a status email from RIPE with the connection status of last month. I guess I can say I have a stable internet connection. ;-) This is your monthly availability report for probe xxxx (TonKs Atlas). [Read More]
internet 

Puppet environments

 Posted on May 26, 2014  |  4 minutes  |  684 words  |  Ton Kersten

For my job I do a lot of Puppet and I thought it was about time to write some tips and tricks down. First part of this post is about my environment setup. In my test setup I use a lot of environments. They are not at all useful, but that’s not the point. It’s my lab environment so things need to break once in a while. But with multiple environments Puppetlabs says that you should switch to directory environments (PuppetDoc) but some way or another I cannot get that to work in a good way with my PE version (3. [Read More]
puppet 

Docker panics

 Posted on April 14, 2014  |  1 minutes  |  154 words  |  Ton Kersten

This morning I was messing around with Docker and I wanted to build me a nice, clean container with Ubuntu in it, to test Ansible thingies. I’ve done that before and everything worked as a charm. Until today. I have this Dockerfile (I’ve stripped it to the bare bones that still fail): FROM ubuntu:latest MAINTAINER Ton_Kersten RUN echo "deb http://archive.ubuntu.com/ubuntu precise main universe" > /etc/apt/sources.list RUN apt-get -y update RUN apt-get -y upgrade RUN apt-get -y install git git-flow RUN apt-add-repository -y ppa:mozillateam/firefox-next RUN apt-get install -y firefox and when I run [Read More]
sysadm 

Ansible @ Loadays

 Posted on April 5, 2014  |  1 minutes  |  132 words  |  Ton Kersten

Last Saturday I attended Loadays in Antwerp, Belgium. After listening to Jan Piet Mens’s talk about Ansible, I was up for it. At 11:30 sharp, I started my own presentation for an almost packed room. It’s called “Ansible, why and how I use it” and you can find it on SpeackerDeck. It was a lovely talk, with a very knowledgeable crowd. Please, have a look at it and if you have any questions, let me know. [Read More]
ansible  sysadm 

Ansible @ CfgMgmtCamp

 Posted on February 5, 2014  |  1 minutes  |  173 words  |  Ton Kersten

Last couple of days I attended Configuration Managememt Camp in Ghent, Belgium. On Monday morning we started of with presentations of Mark Burgess (CFEngine), Luke Kanies (Puppet) and Adam Jacob (Chef). Good talks about the future of things. After lunch it got nerdy ans I joined the Ansible room, to see how things went and at 17:00 I started my own presentation for a completely packed room. It’s called ‘Ansible, why and how I use it’ and you can find it on SpeackerDeck. [Read More]
ansible 

LPI Certification

 Posted on August 15, 2013  |  1 minutes  |  58 words  |  Ton Kersten

It’s been a while since the last post, but I’ve been very, very busy.

And in the meantime I also found some time to take the LPI-102 exam. This resulted in a Pass and now I’m officially LPI1 certified.

Well, let’s see what’s next. Puppet exam, Ansible training, LPI2, Python ………

So much to learn, so little time.

LPI 

Puppet Facter Fact

 Posted on July 8, 2013  |  1 minutes  |  181 words  |  Ton Kersten

Look at me, I made a Puppet Facter Fact!!! With a lot of thanks to Andrew Beresford who started the initial code. I just tweaked it. What it does is rather simple, it finds the expiration date of the SSL certificate of this host and returns the expiration date and time when there are less than 30 days left. Otherwise it just returns a --sign. In the Puppet manifest I check if it’s this --sign and if not I generate a warning. [Read More]
puppet 

Ansible Day in Antwerp

 Posted on June 29, 2013  |  2 minutes  |  287 words  |  Ton Kersten

Today I’m attending the first full day Ansible configuration meeting. This meeting is in Antwerp, Belgium, a drive of almost 2 hours. Thanks to Multi Mho (Maurice Verheesen) I didn’t need to drive, he wanted to try out his nice, new car. It drives perfectly and we arrived about 30 minutes early. For a first meeting of a new tool there where a lot of attendants, amongst others (and I don’t want to forget anybody, so I won’t even try to give a complete list), but below are the people I think that where there. [Read More]
ansible 

Puppet User Group

 Posted on April 7, 2013  |  1 minutes  |  52 words  |  Ton Kersten

Yesterday I attended the first meet up of the Dutch Puppet User Group and I gave a talk about how to start with Puppet.

It was called: “Puppet deployment, an introduction” and the PDF slideshow can be viewed or downloaded from speakerdeck.

If you have any comment, please send me an email.

puppet 

We-Blog with clouds

 Posted on April 6, 2013  |  1 minutes  |  57 words  |  Ton Kersten

Today I received an email from Chris Hackenschmidt with a patch for a category cloud for my We-Blog program.

Of course I have implemented that and you can see it in action on the right.

So, a new version of We-Blog is out, currently still 0.9, with a big Thank You to Chris.

Download it and enjoy.

blog 

Installing Pandoc

 Posted on January 26, 2013  |  2 minutes  |  339 words  |  Ton Kersten

John Macfarlane released a new version of Pandoc that has a lot of new enhancements. A lot of things have changed in the Markdown input types and it’s now compatible with PHP Markdown. This is very nice, because a lot of implementations use the extensions defined by PHP Markdown. I downloaded the dmg file to install it on my MacBook Pro and it works like a charm. So, I decided to install it on my new CentOS 6 server to build documents there. [Read More]
pandoc  linux 

rsync on a not standard port

 Posted on January 21, 2013  |  1 minutes  |  106 words  |  Ton Kersten

Today a colleague asked me to sync some files to a server that is not listening on SSH port 22. I normally create a configuration entry in my ~/.ssh/config file, like Host tosync Hostname syncer.example.com Port 1234 User syncuser and then command rsync -va --progress --inplace . tosync: But this time I didn’t want to create the entry in my SSH configuration, because I need this trick in a script. So I started to read the rsync manpage and after some experimenting I found [Read More]
sysadm  linux