While working on my Ansible Galaxy users role I came across a situation where I needed to loop through a list inside a dictionary inside a list. For this specific case I had a list of users, and each user could have multiple authorized sshkeys stored in a “pubkeys” value. To add each sshkey I used subelements in Ansible to loop through multiple lists. Here’s an example variable. Note that there are two users, one user has two public keys, and the other has one: ...

I had all kinds of ceph osd issues in my lab this week. Spend most of that identifying bad/failing hardware. It seems to be more stable now so I can get back to testing! Links for this week: A list of available online tech classes from Universities. Ouroboros keeps popping up in my feeds, it uses python to update your running docker containers. I can never call out linuxserver.io enough, they have some really solid docker images and may deploying new apps to my Homelab a breeze! Ansible 2.7.1 was released, looks like a lot of bug fixes, also changed some things with the yum modules, specifically how it handles lists (threw off one of my playbooks when i upgraded to 2.7). A guide to running AWX (Ansible Tower upstream) on MiniShift. Which leads into the next link.. I was referencing this guide to using Kubespray for a mini lab project (AWX runs on Kubernetes too). Jeff Geerling wrote up a quick article about using Molecule for Ansible role testing. It even has some tidbits about using TravisCI. I referenced this when adding testing to my package role to get that cool “build passing” badge on GitHub. Just need to hit the others now. All the Ansible testing focus lately is coming from the updates about to roll out on Ansible Galaxy, they’re previewing the new features now. Hashicorp released some documentation on secrets management, it’s very clean and well put together. Dell recently released a new version of OpenManage Enterprise, it’s a pretty convenient way for me to manage the dell hardware in my home lab (firmware, logs, console). I recently for an iPhone XR for work and took some pictures with it, they look pretty great! I’m gonna go back to tinkering with this new iPhone, have a safe and fun Halloween!

Thanks for stopping by, I have some more interesting links I wanted to share: Remembering which git branch im on is always a struggle, GitPrompt is an interesting solution. Interesting overview of Haw Hamburg University migrating kubernetes and ceph into a new network. I’ve been kind of obsessed with the idea of having a Lora router or transceiver in my apartment, it’s at the top of my “i want this now!” list. Some free security courses in GitHub! I do a lot of work on Raspberry Pi’s, so when I saw that piwheels makes pulling down python packages quicker for ARM based pcs, I was very excited! Running Hashicop vault is moving up in priority on my to-do list, I came across this article on how to set one up using Raspberry Pis. Would love to run a Stratux server, it allows you keep an eye on aircraft traffic in your area. A well put together article on VT-x, KVM and QEMU. I used the Pocket podcast feature to have this one read to me. Podman is RedHat’s alternative to Docker, interesting to see the how-to coming out. Was wondering when they would do this: A TV receiver hat for the Raspberry Pi. Bro, a network security monitor, just changed their name to Zeek. I use Security Onion to monitor my home WAN connection and it utilizes Bro quite heavily. sshuttle let’s you route traffic through ssh, say you’re working on a remote host that doesn’t have outgoing internet access, this would allow you to run some updates or pull down some code. I started working on an Ansible InfluxDB role last week. I’m trying to get playbooks together that specifically do not run as root. I’ve been using systemd user services to ensure they come back up on reboots. I’l have a role for that up sometime this coming week. In general most applications do not need root access, it’s just convenient to pull down an apt package rather than setting things up manually.

There are a lot of interesting happenings with Ansible this week. I’ve been watching the tweets for AnsibleFest and am pretty excited to see what they announce. Here’s a roundup of some interesting links I read through this week: Interesting post on web scraping, I was looking into a way to collect results from the upcoming elections since most state’s dont have an accesible API showing election results so you have to rely on news sites. A big list of programming courses you can take. Had some Mongo/python, but also ccna, aws, game development, and general test automation. Hot off Ansiblefest, Digital Ocean has a great tutorial on Ansible/Molecule testing. Ansible performance tweak have always been interesting for me, mitogen keeps popping up on my radar. Some general info on debugging Ansible plays, this covered some things I do on the regular while working with Ansible. So I started playing with Molecule, and looked at LXD as an alternative to Docker, it’s actually really slick and for most cases. It’s like docker, but if docker looked more like a virtual machine. More on Molecule, this post was a little more detailed and relevant to what I was doing. BeeGFS is a new filesystem to play with, I spent some time with btrfs a while back and it was a good refresher on filesystems. This post covered how to deploy BeeGFS with Ansible. Ansible started leaving more info on their community projects. A cool 10G switch that’s low on power usage from Mikrotik that I really want. I’ll be digging into Molecule/TravisCI this week and I’m looking to do another tutorial post on that. I also finalized my home Proxmox cluster and want to write about that!

Here’s a roundup of some interesting links I read through this week: A cool looking ESP32-based board with PoE Caleb Doxsey discusses using Kubernetes for pet projects. Would love to try this out, $5 a month. Click is great tool for making command line python apps. Ansible-Lockdown is a pretty slick collection of Ansible security roles. After seeing ansible-lockdown, a coworker mentioned dev-sec, another collection of Linux security tools, including some Ansible and Chef. Ansible 2.7 was released, go reboot all of your servers with the long-awaited “reboot” module. Ansible Oracle/Guru Jeff Geerling discusses the future of community ansible projects, including some interesting tidbits on the future of Galaxy (community rankings coming!). When I first started learning python, dictionary structures were really hard to wrap my head around, wish I had a dictionary tutorial like this. Interesting run through of building an API with Flask and Connexion. Slightly off topic, but I spend a lot of time 3D printing, Ultimaker Cura released version 3.5. I was helping my girlfriend put a service on a VPS server, it worked out that systemd was the easiest way to get a service configured. This post was useful referencing how to run a node app with systemd. Molecule has been on my to-do for a few weeks now, turns out Ansible is adopting the project and future Galaxy roles will be rated on whether they use Molecule tests. This post on Molecule and Vagrant seemed like a good place to start. That’s it for this week, enjoy the fall weather! Feel free to send any recommendations to noe@engonzal.com

If you’re interested in learning config management, or looking to try a new tool, Ansible is a great way to start managing servers. With any new tool comes the overhead of installing and configuring it. This article explains a simple way to setup Ansible with Python virtualenv. The Ansible docs goes over a variety of ways to install Ansible ranging from apt/yum installs to compiling from source. In my own experience I’ve found that create a virtualenv is the easiest way to work with Ansible, especially when using more than one project. ...