There’s a run through of how to deploy Ansible AWX (Tower) on kuberenetes. Right now Openshift/Kubernetes deployments are the only ways to scale out AWX. NTP is probably one of the more important services you can run on all your homelab servers. This article on building an NTP client was an interesting read. Graylog, a central log management solution has a 3.0 preview up. Note, preview software has bugs, but it’s fun to play with new features. I’ve used splunk in the past, hit the paywall, moved to Graylog and love it! Started considering it for some work projects. I’ve been trying to find a better way to create static DNS entries, currently have everything pointed at my OPNSense route for DNS. I’m looking to replace it with PowerDNS. Might put it behind a load balancer like LVS. InfluxData is combining a bunch of their services into one. “Platform” A little concerned about this, I’m not a fan of “all in one” solutions. Docker Hub, the main source for public Docker images had a UI update. Looks pretty slick, seems like it has all the same functionality as before.

The holidays are upon us and time is short. Enjoy some interesting links from this past week! This article tears apart a docker image and gives an idea of what’s running whenever you do a “docker run” Mimikatz is a tool to play with Windows security, linikatz is it’s Linux brother. Might be interesting to play with on a sandbox host. This was another well put together run through of Ansible Molecule testing. I had a good time reading about Johnny’s homelab build, pictures included! I really want to start highlighting more of these builds, it’s a blast reading through the Homelab sub-reddit. I’ve been very interested in running a clustered database on Ceph storage. This whitepaper from RedHat had a lot of interesting information about performance and tweaks. Was trying to find a way to host an apt repo of the custom Solarflare drivers (ie a package for Debian/Ubuntu). Might try just using a public Git repo in the lab. A look at running containers in unprivileged mode. There’s very few reasons you should ever need privileged containers anymore. I uploaded my Ansible playbook to provision Proxmox containers. It save me a lot of clicking! Someone recommended this Proxmox Ansible inventory script. Might be cool to use somehow in the future.

I’ve been building a lot of virtual machines and containers on Proxmox lately. To save some time I wrote an Ansible role to provision Proxmox containers for me, I just have to update some variables. The role is available here: https://github.com/engonzal/ansible_role_proxmox Proxmox Variables Below is a basic set of variables, note that the pve_apiuser, pve_apipass and pve_api_host are required. pve_node: pve1 pve_apiuser: root@pam pve_apipass: myAPIpassword pve_api_host: pve1.domain.com pve_hostname: "newhostname" pve_template: local:vztmpl/debian-9.0-standard_9.5-1_amd64.tar.gz pve_netif: net0: "name=eth0,gw=192.168.84.1,ip=192.168.84.36/22,bridge=vmbr0" Proxmox Test Playbook Now we’re going to put those variables in a playbook that will actually do something. If you haven’t setup Ansible before, read about how to set it up with virtualenv. ...

There’s a lot of potential apps to host in a homelab. I’ve started investigating which ones to deploy first! Also some info on getting Ceph and Proxmox up and running at home. I was hitting all kind of ceph “OSD” delays when working on things in my Proxmox cluster. Stumbled upon this gem pointing out that the Proxmox kernel has old Solarflare drivers that may affect Ceph performance. No delays since! With the storage working, I decided to start bind mounting my CephFS mounts in Proxmox LXC containers. Some useful dotfile for setting up a fresh Linux install. Askbot is an open source take of StackOverflow that you can host at home. Polr is a neat looking link shortener. Cachet is an open source status page you can self-host. Plex added support for Tidal, an interesting merging of home and cloud media streaming. Ceph has “S3” support via their RadosGW. Next Ceph project will be to configure that, and see how performance works with “Goofys” as a file-system on S3. Hashicorp Vault is on my to-do list, came across some videos from Hashiconf. Some performance testing of different Kubernetes plugins running on hosts with 10G network interfaces.

I’ve been pretty deep into Ceph. I’m rebuilding my multimedia setup. I was hoping to use Ceph for persistent storage in docker containers, but had some issues doing that. Ended up mounting a share with cephfs and sharing it out via NFS. Not pretty but it’s working! Another post from Michael Dehaan discussing the differences between Ansible and his new tool “OpsMop”. Some pretty interesting discussion early goals for Ansible and how he’s trying to do them better with OpsMop. Just snagged a $5 year of Shodan, then internet scanning tool. Pretty excited to play with it in a new python project. This article covers some basic usage of Shodan. I relied on this cephfs guide from JamesCoyle pretty heavily while fooling around with Ceph storage this week. Google is offering private Git repositories. While I’ll probably move my local Gitea instance to a VPS server, it’s nice to have options for private repos. I listen to the Beers with Talos podcast pretty often, it’s usually pretty interesting to hear some of the cyber security stories they have. This post from FireEye discussed a phising campaign that hit Government/military/defense targets. The “Container Operators Manual” is probably the reallest container talk I’ve ever watched. Alice hit’s all the major pain points that organizations hit when migrating to containers. I found myself saying “Yeah we had this problem! Yes that was so annoying!” Anna Simoroshka has some great advice for working on side projects and managing time. I forgot how hard it is to work on side projects during the winter/holidays. It was refreshing to read some of these tips and remind myself to prioritize project work. Music recommendations for coding (or homelabbing in my case). My Ceph storage setup has a few OSDs (disks) that are slow, and I notice it while working on my VMs. I’m probably gonna have to look into creating a pool with only SSD storage. It’ll be interesting figuring out how to define that in the crush map. Have a great week!

Running a little late today, I was at a friendsgiving yesterday and we decided to go bowling in the evening.. Lots happened this past week though! Cloudflare released their SSH VPN alternative. This also discusses some of the pain points they have with using VPN. Unfortunately it relies on their “ArgoTunnel” service, which look an awful lot like a VPN.. Ansible released version 2.7.2, mostly bug fixes, some other fixes to how Ansible interacts with VMWare which I’ll probably test out. Also, Ansible Galaxy moved the community features they’ve been discussing to prod. This key lime pie protein shake is delicious, and not all terrible for you. Sorry, random. Red Hat released the RHEL 8 beta, it’ll be a pretty big release for them, I’m looking forward to trying it out! HomelabOS is a pretty slick way of spinning up some home media apps with Ansible. I really like the idea of this! I’ve been playing with Openshift more lately, this runs through how to build a docker image for a Python app. I finally deployed a small kubernetes cluster with kubespray. It was a pretty big Ansible playbook, but things seem to work fine. My run was interrupted a couple times, and it picked up right where it left off. Anyway, i’ll be checking this out next “Kuberenetes 202” More projects for Kubernetes and OpenShift, this runs through how to put Gitea on kubernetes. Gitea is a pretty slick, light GitHub alternative. Jeff Geerling did an excellent run through of “DevOps” general principals and some examples from his life and experience. Also be sure to check out my refresher post on Ansible “when” statements. All this snow means more time in the lab, enjoy the upcoming holidays!

Using Ansible “when” statements allows you to set parameters for when a task should play out. I’ve put together some examples of how to use basic when statements that I’ve come across. Booleans (True or False) In the example playbook below, I print “Hello world” when the"test_var" variable is true. In the case below we use the “bool” filter to make test_var evaluated as a boolean (ie true or false), then ensure it’s true: ...

I swear, this is the week I’ll do a write up about my lab.. Lots of interesting articles this week! I’ve been reading a lot more about DevOps and security lately. I’m hoping to get some security related projects labbed up in the next few week. This is an interesting take on incorporating Devops into big business culture. I work at a company of 500+ and some of the examples Sacha Labourey mentioned are totally relevant to my experience. This very well thought out and put together piece on Ansible and Molecule testing had a great balance of technical details and examples. Someone on reddit asked for a good first playbook to write. I think the basics like adding packages and users is a great place to start. My package and users role were the first I uploaded to Galaxy and usually the first I import for new projects. Speaking of Ansible Galaxy, they’re still working on adding user ratings for roles. A preview is up. buildahomelab.com is hosted on a shared cpanel/wordpress server. I just wanted to get writing. But this article discussed setting up a WordPress blog using Ansible and Terraform. In the future I plan to migrate it to something I built, maybe use something like Pelican. OKD the community version of OpenShift is available on CentOS now! Some of the talks from AnsibleFest 2018 are available online. I think i’ll probably listen to: “Migrating from Puppet” and “Balancing Security and Velocity”. At a local Red Hat User Group (RHUG) meetup in Chicago I was able to hear an interesting talk about Ansible operators for Kubernetes. Keith Resar’s notes are available here. I really want to start working with Go more. This looked like a pretty useful collection of string utils for Go. The author of GetADevJob.com shares their experience learning to code and land interviews for software development positions. It’s pretty interesting to hear about someone going from little experience to full time development! Michael DeHaan had an interesting blog on ssh, specifically how he’s using ssh-agent in his new app Vespene.io. This was an interesting post on using git-submodules. I’ve used them for projects in the past and they’re pretty convenient for managing multiple repos/dependencies. I saw this DevOps interview question tips post on Twitter a couple times. We’ve been interview for a new Linux Admin at my company, and these do seem like good questions to run by someone. If anything they spark some intriguing conversation. Some Docker image build tips. So many Docker guides discuss running docker images, but they don’t always explain how to build Docker images. Oracle’s changes to JDK have a lot of developers talking. It seems like the consensus is that OpenJDK look very appealing. Red Hat posted about using OpenJDK and the differences compared to Oracles JDK. This neat little tool “cloc” shows how many lines of code a project has. I’d like to take a look at what my Ansible roles look like and see if there are any outliers. I’ve been planning to do some Ansible basics posts and will be releasing one about using different “when” tests for Ansible tasks tomorrow. Keep an eye out!

I didn’t get a ton of work done in the lab this week, but I did write about using subelements with Ansible. Also spent some time working with Graylog and Hashcorp Vault earlier in the week. Vault looks like it will be a bigger project, but the structure is really interesting. An interesting look at how devops has changed companies over the last few years. A lot of sections highlight how general awareness of tech needs and processes is better. I use ssh-copy-id pretty often, however it’s really really useful to know how to manually setup authorized_keys on a remote hosts. Remember: “mkdir .ssh” && “chmod 700 .ssh” && “chmod 600 .ssh/authorized_keys” This many-to-many VPN looks pretty slick and is coming to the kernel soon! I use quite a few different cloud vps services and it would be awesome to have a secure way for them to talk to each other. Someone posted this list of “selfhosted” apps on the Homelab reddit. There’s so many things on there I’d love to add to my lab! I’ve resigned that NFS is always going to be slow, but these changes highlighted by Phoronix indicate a performance boost in the future. Ansible Vault is a great built in way to manage secrets, these tools add some really nice integrations with Git that make it a ton easier to use. Time synchronization is pretty important for most apps. While standard NTP is great, I really like Chrony and use it in my lab. This is a Chrony setup guide that showed up in my feeds. Setting up a VPN to access your Homelab can be a complex process and takes a while to get right. I’ve found that using an SSH SOCKS proxy is a great way to access things while you’re away until you have the time for building a full VPN server. Security Onion, the all-in-one security solutions for monitoring network traffic is migrating from Ubuntu to docker containers. They released a tech preview and explains some of the process of migrating recently. I have a couple Ansible roles to clean up so I can put them on Galaxy this week. Enjoy your week!