GitLab Annoyance: Private to Public Repos

I was working on a new Ansible role last week and was having problems with Test Kitchen. The issue I was having was that Test Kitchen was unable to pull in dependencies from GitLab for the Ansible role I was developing. Here is the error message I was seeing: [WARNING]: - rsyslog was NOT installed successfully: - command git clone rsyslog failed in directory /tmp/tmpEaRVAA (rc=128) I realized that on our internal, private GitLab server a repo needed to be changed from Private to Public. [Read More]

Ansible Role for Papertrail

I have written my first publicly reusable Ansible role. It is freely available for use via Ansible Galaxy at chris-short.ansible-role-papertrail and helps you get Papertrail up and running. What is Papertrail? A hosted log management tool that, in my opinion, can bridge the gap between your terminal and a full blown ELK stack. It is no frills streaming log aggregation and search. Being my first Ansible role I have submitted to Galaxy I am pretty stoked about it. [Read More]

Ansible Galaxy is Open

A quick note from AnsibleFest Brooklyn 2016. Ansible Galaxy is now open source and available at Congratulations to the Ansible team and Red Hat for open sourcing an important piece of the Ansible stack!

User Management with Ansible

The contents of this article originally appeared on DZone A few weeks ago, one of my DevOps counterparts was working on building out a new environment for one of our applications. This deployment included a new Puppet server (we are in an orchestration/configuration management state of flux) and my teammate was having some issues provisioning users (I did not ask why nor did I really care). My teammate asked if I could help with some Ansible knowledge. [Read More]

lineinfile be damned

The Ansible lineinfile module is designed to search a file for a line, and ensure that it is present or absent. lineinfile is very effective at that particular task. However, when the line has to be in a certain place or before or after a certain line, lineinfile becomes a hassle to manage. (adsbygoogle = window.adsbygoogle || []).push({}); Most people on IRC (#ansible) tend to agree, lineinfile is not a very good module in practice. [Read More]

Poorly Documented Dependencies

Few things irritate me more than poorly documented dependencies. If your tool or software documentation states you can install your widget with one command and it does not work you are probably annoying people. Consider this a running list of tools and their often not well documented dependency chains. Feel free to chime in with your examples in the comments. (adsbygoogle = window.adsbygoogle || []).push({}); Ansible [Read More]

Got Badlock? Ansible Can Help

Badlock might not be bad for all. If you are using Ansible you can patch your systems with a single playbook (or ad hoc command). For RPM based OS users Badlock (samba) patching is as easy as: ansible -m shell -a "yum update *samba*" all (adsbygoogle = window.adsbygoogle || []).push({}); Or you can be very granular and use an Ansible Playbook to audit and patch samba packages: — - hosts: all tasks: - name: Check if samba packages are installed shell: “yum list installed samba | awk ‘! [Read More]

Using Ansible Vault Effectively

Ansible is a great orchestration tool. The low barrier to entry and simplicity of Ansible are why so many people that start using it love it. But there is one feature in Ansible that probably should be used more often. That feature is Ansible Vault. (adsbygoogle = window.adsbygoogle || []).push({}); “Vault” is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. [Read More]

Grep Multiple Ansible Vault Files

Here’s a handy one-liner to grep multiple Ansible Vault files (like group_vars). All you need is an Ansible Vault password file (outside of your configuration repo, please) and a little bash.

ls -1 | while read N ; do echo -n $N: ; ansible-vault --vault-password-file ~/.ansible_vault view $N | grep  ; done