Ansible

Ansible is a powerful IT automation engine, perfect for the IT professional or DevOps engineer. There are many ways to install Ansible, often packages are used to install a single version of Ansible across your entire system. This post will cover how to install Ansible 2.12 with pipenv and pyenv. In my environment I use “Virtual Environments”, a python feature that allows you to separate your Python projects into folders and limit the libraries and packages for that folder. This means you can have multiple Ansible projects that each run a different version of Ansible. To do this we will use a few tools to manage these virtual environments, namely “pipenv”. In the past I used plain virtual environments to install ansible, however lately I’ve found that pipenv is much easier to manage. ...

I’ve been building a lot of virtual machines and containers on Proxmox lately. To save some time I wrote an Ansible role to provision Proxmox containers for me, I just have to update some variables. The role is available here: https://github.com/engonzal/ansible_role_proxmox Proxmox Variables Below is a basic set of variables, note that the pve_apiuser, pve_apipass and pve_api_host are required. pve_node: pve1 pve_apiuser: root@pam pve_apipass: myAPIpassword pve_api_host: pve1.domain.com pve_hostname: "newhostname" pve_template: local:vztmpl/debian-9.0-standard_9.5-1_amd64.tar.gz pve_netif: net0: "name=eth0,gw=192.168.84.1,ip=192.168.84.36/22,bridge=vmbr0" Proxmox Test Playbook Now we’re going to put those variables in a playbook that will actually do something. If you haven’t setup Ansible before, read about how to set it up with virtualenv. ...

I’ve been pretty deep into Ceph. I’m rebuilding my multimedia setup. I was hoping to use Ceph for persistent storage in docker containers, but had some issues doing that. Ended up mounting a share with cephfs and sharing it out via NFS. Not pretty but it’s working! Another post from Michael Dehaan discussing the differences between Ansible and his new tool “OpsMop”. Some pretty interesting discussion early goals for Ansible and how he’s trying to do them better with OpsMop. Just snagged a $5 year of Shodan, then internet scanning tool. Pretty excited to play with it in a new python project. This article covers some basic usage of Shodan. I relied on this cephfs guide from JamesCoyle pretty heavily while fooling around with Ceph storage this week. Google is offering private Git repositories. While I’ll probably move my local Gitea instance to a VPS server, it’s nice to have options for private repos. I listen to the Beers with Talos podcast pretty often, it’s usually pretty interesting to hear some of the cyber security stories they have. This post from FireEye discussed a phising campaign that hit Government/military/defense targets. The “Container Operators Manual” is probably the reallest container talk I’ve ever watched. Alice hit’s all the major pain points that organizations hit when migrating to containers. I found myself saying “Yeah we had this problem! Yes that was so annoying!” Anna Simoroshka has some great advice for working on side projects and managing time. I forgot how hard it is to work on side projects during the winter/holidays. It was refreshing to read some of these tips and remind myself to prioritize project work. Music recommendations for coding (or homelabbing in my case). My Ceph storage setup has a few OSDs (disks) that are slow, and I notice it while working on my VMs. I’m probably gonna have to look into creating a pool with only SSD storage. It’ll be interesting figuring out how to define that in the crush map. Have a great week!

Running a little late today, I was at a friendsgiving yesterday and we decided to go bowling in the evening.. Lots happened this past week though! Cloudflare released their SSH VPN alternative. This also discusses some of the pain points they have with using VPN. Unfortunately it relies on their “ArgoTunnel” service, which look an awful lot like a VPN.. Ansible released version 2.7.2, mostly bug fixes, some other fixes to how Ansible interacts with VMWare which I’ll probably test out. Also, Ansible Galaxy moved the community features they’ve been discussing to prod. This key lime pie protein shake is delicious, and not all terrible for you. Sorry, random. Red Hat released the RHEL 8 beta, it’ll be a pretty big release for them, I’m looking forward to trying it out! HomelabOS is a pretty slick way of spinning up some home media apps with Ansible. I really like the idea of this! I’ve been playing with Openshift more lately, this runs through how to build a docker image for a Python app. I finally deployed a small kubernetes cluster with kubespray. It was a pretty big Ansible playbook, but things seem to work fine. My run was interrupted a couple times, and it picked up right where it left off. Anyway, i’ll be checking this out next “Kuberenetes 202” More projects for Kubernetes and OpenShift, this runs through how to put Gitea on kubernetes. Gitea is a pretty slick, light GitHub alternative. Jeff Geerling did an excellent run through of “DevOps” general principals and some examples from his life and experience. Also be sure to check out my refresher post on Ansible “when” statements. All this snow means more time in the lab, enjoy the upcoming holidays!

Using Ansible “when” statements allows you to set parameters for when a task should play out. I’ve put together some examples of how to use basic when statements that I’ve come across. Booleans (True or False) In the example playbook below, I print “Hello world” when the"test_var" variable is true. In the case below we use the “bool” filter to make test_var evaluated as a boolean (ie true or false), then ensure it’s true: ...

I swear, this is the week I’ll do a write up about my lab.. Lots of interesting articles this week! I’ve been reading a lot more about DevOps and security lately. I’m hoping to get some security related projects labbed up in the next few week. This is an interesting take on incorporating Devops into big business culture. I work at a company of 500+ and some of the examples Sacha Labourey mentioned are totally relevant to my experience. This very well thought out and put together piece on Ansible and Molecule testing had a great balance of technical details and examples. Someone on reddit asked for a good first playbook to write. I think the basics like adding packages and users is a great place to start. My package and users role were the first I uploaded to Galaxy and usually the first I import for new projects. Speaking of Ansible Galaxy, they’re still working on adding user ratings for roles. A preview is up. buildahomelab.com is hosted on a shared cpanel/wordpress server. I just wanted to get writing. But this article discussed setting up a WordPress blog using Ansible and Terraform. In the future I plan to migrate it to something I built, maybe use something like Pelican. OKD the community version of OpenShift is available on CentOS now! Some of the talks from AnsibleFest 2018 are available online. I think i’ll probably listen to: “Migrating from Puppet” and “Balancing Security and Velocity”. At a local Red Hat User Group (RHUG) meetup in Chicago I was able to hear an interesting talk about Ansible operators for Kubernetes. Keith Resar’s notes are available here. I really want to start working with Go more. This looked like a pretty useful collection of string utils for Go. The author of GetADevJob.com shares their experience learning to code and land interviews for software development positions. It’s pretty interesting to hear about someone going from little experience to full time development! Michael DeHaan had an interesting blog on ssh, specifically how he’s using ssh-agent in his new app Vespene.io. This was an interesting post on using git-submodules. I’ve used them for projects in the past and they’re pretty convenient for managing multiple repos/dependencies. I saw this DevOps interview question tips post on Twitter a couple times. We’ve been interview for a new Linux Admin at my company, and these do seem like good questions to run by someone. If anything they spark some intriguing conversation. Some Docker image build tips. So many Docker guides discuss running docker images, but they don’t always explain how to build Docker images. Oracle’s changes to JDK have a lot of developers talking. It seems like the consensus is that OpenJDK look very appealing. Red Hat posted about using OpenJDK and the differences compared to Oracles JDK. This neat little tool “cloc” shows how many lines of code a project has. I’d like to take a look at what my Ansible roles look like and see if there are any outliers. I’ve been planning to do some Ansible basics posts and will be releasing one about using different “when” tests for Ansible tasks tomorrow. Keep an eye out!

While working on my Ansible Galaxy users role I came across a situation where I needed to loop through a list inside a dictionary inside a list. For this specific case I had a list of users, and each user could have multiple authorized sshkeys stored in a “pubkeys” value. To add each sshkey I used subelements in Ansible to loop through multiple lists. Here’s an example variable. Note that there are two users, one user has two public keys, and the other has one: ...

There are a lot of interesting happenings with Ansible this week. I’ve been watching the tweets for AnsibleFest and am pretty excited to see what they announce. Here’s a roundup of some interesting links I read through this week: Interesting post on web scraping, I was looking into a way to collect results from the upcoming elections since most state’s dont have an accesible API showing election results so you have to rely on news sites. A big list of programming courses you can take. Had some Mongo/python, but also ccna, aws, game development, and general test automation. Hot off Ansiblefest, Digital Ocean has a great tutorial on Ansible/Molecule testing. Ansible performance tweak have always been interesting for me, mitogen keeps popping up on my radar. Some general info on debugging Ansible plays, this covered some things I do on the regular while working with Ansible. So I started playing with Molecule, and looked at LXD as an alternative to Docker, it’s actually really slick and for most cases. It’s like docker, but if docker looked more like a virtual machine. More on Molecule, this post was a little more detailed and relevant to what I was doing. BeeGFS is a new filesystem to play with, I spent some time with btrfs a while back and it was a good refresher on filesystems. This post covered how to deploy BeeGFS with Ansible. Ansible started leaving more info on their community projects. A cool 10G switch that’s low on power usage from Mikrotik that I really want. I’ll be digging into Molecule/TravisCI this week and I’m looking to do another tutorial post on that. I also finalized my home Proxmox cluster and want to write about that!

If you’re interested in learning config management, or looking to try a new tool, Ansible is a great way to start managing servers. With any new tool comes the overhead of installing and configuring it. This article explains a simple way to setup Ansible with Python virtualenv. The Ansible docs goes over a variety of ways to install Ansible ranging from apt/yum installs to compiling from source. In my own experience I’ve found that create a virtualenv is the easiest way to work with Ansible, especially when using more than one project. ...