Puppeteers Blog

Azure function monitoring wiht Azure Monitor and Application Insights

Microsoft Azure provides a metrics and monitoring framework called Azure Monitor. With it you can monitor your Cloud infrastructure and services running there. You can view graphs of the metrics, alert on threshold and all that usual stuff, just like in AWS Cloudwatch. Some Cloud resources like Azure Functions expose "a limited number of useful […]

Red Hat Open Tour 2022: Ansible automation project at Elering

We participated in Red Hat Open Tour 2022 Tallinn a few weeks ago. Jaan Tanel Veikesaar from Elering, a gas/energy company in Estonia, gave a really nice presentation about their Ansible automation project. Ansible is a very common infrastructure as code and automation tool. Below I'll go over Jaan's presentation, adding some comments and key […]

Terraform, AWS Cloudfront and CNAMEAlreadyExists error

When you create a distribution, AWS creates several DNS A records with the same name (e.g. d25gma2ea3ckma.cloudfront.net) which point to IPs the distribution is using. Then, typically, you would define CNAME(s) pointing to that cloudfront.net address in your own DNS. Each Cloudfront distribution has a list of aliases, similar to Subject Alternative Names ("SAN") in […]

Enabling Azure Backup on Linux VMs with Terraform

This article shows you how to enable Azure Backup on Linux VMs. It is recommended to read the Understanding Azure Backup for Linux VMs article first before trying to enable backups with Terraform. Terraform AzureRM provider has three relevant resources: azurerm_linux_virtual_machine: parameters provision_vm_agent and allow_extension_operations should be true or enabling backups will fail (with or […]

Understanding Azure Backup for Linux VMs

Azure Backup is an Azure service that allows, among other things, backing up Windows and Linux VMs in Azure. The backups are essentially virtual machine snapshots, but backing up and/or restoring individual files is also possible. This article tries to explain how Azure Backup and Linux VMs interact and what is required for them to […]

Terraform: converting an aws_instance network interface into an explicitly managed interface

The aws_instance resource in Terraform can automatically create the default network interface for you. There are cases, however, when you notice that the default network interface is not enough anymore, and modifying it via the limited aws_instance parameters is not sufficient. In these cases you can convert the interface into an aws_network_interface resource, but the […]

Terraform, Azure and MissingSubscriptionRegistration

When deploying with Terraform to Azure you may sometimes encounter errors such as this: The problem is that in Azure you may need to register the provider for the service you intend to manage with Terraform. If you add resources from Azure Portal this registration part is handled automation. In the above case the Azure […]

Managing custom realm keys in Keycloak programmatically

Keycloak's authentication protocols make use of private and public keys for signing and encrypting, as described in the official documentation. These keys are realm-specific, and by default managed internally in Keycloak. So, when you create a realm using the Keycloak Admin API, kcadm.sh or manually using the Web UI, new keypair(s) get generated automatically. These […]

Finding which MySQL/MariaDB tables are modified by a GUI

I was working with Keycloak realm private/public key automation and it was not immediately obvious where Keycloak stores the keys. Figuring it out was actually easy, and this method applies to any web application that uses MySQL/MariaDB, not just Keycloak. Anyhow, on Ubuntu, you'd navigate to /var/lib/mysql/<name-of-database>. For example: Make sure that no changes have […]

AWS: creating AMIs from EBS snapshots shared with you

In AWS EBS ("Elastic Block Storage") is the underlying technology that (virtual) hard disks of your instances (virtual machines) use. You can take snapshots of those virtual hard disks and use those snapshots to, for example: Debugging issues with unbootable virtual machines: attach and then mount the snapshot on another virtual machine and investigate what […]

Modern cronjob part 1: Azure Automation with Terraform

Microsoft Azure has a nice service for scheduling tasks called Azure Automation. While Azure Automation is able to other things as well, such as being able to act as a Powershell DSC pull server, we'll focus on the runbooks and scheduling. Runbooks are scripts that do things, e.g. run maintenance and reporting tasks. Runbooks often, […]

Using .sync.yml in Puppet Development Kit (PDK)

Puppet Development Kit is probably the best thing since sliced bread if you work a lot with Puppet. It makes adding basic validation and unit tests trivial with help from rspec-puppet. It also makes it very easy to build module packages for the Puppet Forge. That said, there is a minor annoyance with it: whenever […]

Joining nodes to FreeIPA using a non-admin user

Typically Linux nodes are joined to FreeIPA using admin credentials. While this works, it exposes fully privileged credentials unnecessarily, for example when used within a configuration management system (see for example puppet-ipa). Fortunately joining nodes to FreeIPA is possible with more limited privileges. The first step is to create a new FreeIPA role, e.g. "Enrollment […]

Use content of a file as a variable with Puppet

Every now and then a need to use the content of a file as a variable on an agent node arises. Here's one way to do it with the help of a custom fact. First create a custom fact on the puppet server: You can confine this to restrict it to be available only on […]

Multi-part cloud-init provisioning with Terraform

Cloud-Init is "a standard for customizing" cloud instances, typically on their first boot. It is allows mixing state-based configuration management with imperative provisioning commands (details in our IaC article). By using cloud-init most of the annoyances of SSH-based provisioning can be avoided: Having to use (possibly shared) SSH keys for provisioning Having to have direct […]

X11 Connection Rejected

When switching to root after the typical SSH with X11 forwarding enabled this error can appear: The workaround seems to include copying the MIT-MAGIC-COOKIE-1 from the user who ssh'd in to the root user using xauth. Here's how: First verify the $DISPLAY being used and list the MIT-MAGIC-COOKIE-1 used for it : Next switch to […]

Data-driven Terraform: Kubernetes cluster in Hetzner Cloud

Terraform does not have a particularly strong decoupling between data and code, at least not from a best practices perspective. It is possible and useful, however, to use data to define Terraform resources - if not for any other reason but to reduce code repetition for common resources that require defining lots of parameters. Here's […]

Enabling system tray on Fedora 35 and 36

System tray is a "legacy" tray where various applications (e.g. Nextcloud, Pidgin and Signal) have an icon with which you can interact with the application without actually opening the main application window. I said "legacy", because phasing it out was the plan in the Gnome 3 project, but it seems like we're not getting rid […]

Terraform Enum data type

In Terraform you have access to basic data types like bool or string. Defining the data type is a good start for starting to improve the quality of your modules. However, you may want to validate that a certain string matches a list of pre-defined options, and if not, fail validation early. Terraform, unlike Puppet, […]

Debugging Puppet Bolt inventory plugins

Puppet Bolt handles inventories in a very flexible and powerful manner: you can combine static target definitions and different targets into a single inventory. For example, you can have an inventory which defines some static node names combined with the AWS inventory, or one that combines static nodes with the Vagrant inventory. Puppet Bolt inventory […]
1 2 3 4 5 6 7 8 9 10 11