We're migrating away from Ansible to Puppet Bolt and the fact that Ansible updates broke the old ec2.py inventory script expedited that process. While that inventory script was quite rudimentary, it was able to automatically add human-readable names to the EC2 instance names. So, for example, you could target a node using "server_example_org" if the […]
This was a revelation that came to me when fixing Vagrant on my Fedora 34 laptop: Vagrant plugins seem to be just Ruby gems installed into an isolated runtime environment, with "vagrant plugin" ensuring that the gems are installed in the correct place. The same gems that you can install with "vagrant plugiin install" can […]
We use Vagrant and Virtualbox a lot because it is an excellent tool for infrastructure code development. Unfortunately it is also very prone to breakage during operating system upgrades, especially if you depend on many plugins. When I upgraded from Fedora 32 to 34 Vagrant broken even more than usual due to conflicting rspec dependencies. […]
This blog post is a part of this blog post series: I will open this blog post with a quote from the famous Gary Larizza: After wading the waters of self.prefetch, I’m PRETTY SURE its implementation might have come to uncle Luke after a long night in Reed’s chem lab where he might have accidently […]
This blog post is a part of this blog post series: The self.instances is a provider class method that is used to produce an array containing all resources found from the system. For example, a yum package provider might run "rpm -qa" in self.instances to get a list of packages installed on the system. This […]
Buildbot is a continuous integration framework which many open source projects seem to be using. Unlike continuous integration applications or automation servers like Jenkins Buildbot does not make many assumptions about your use-case. In fact, when you build your CI or CD pipeline you're actually writing Python code and hence have all the flexibility of […]
Having a staging server for WordPress is quite useful for testing new features without the worry of breaking something in production. It is also helpful when you have a multi user environment and need to test something that could impact others. In this article it is assumed that your WordPress instance has SELinux enabled as […]
GitLab has an extensive API which allows managing its internal configuration such as users, groups and projects. The official GitLab Terraform provider builds on top of this API. It assumed here that the Terraform controller (e.g. your laptop) is able to reach your GitLab instance's TCP port 443 - if it can't there's no way […]
This blog post shows how to grant access to an AWS account for some external party. For simplicity we will call this external party a "contractor". If you want to do the same for Microsoft Azure look at this blog post instead. This method requires the contractor to have its own AWS account, but it […]
Foreman's provisioning system allows creating provisioning templates with highly dynamic content. This article describes how to create dynamic content in your Foreman provisioning templates. While the example is related to dynamic partitioning in kickstart, the basic mechanisms for setting this up applies to any kind of template. Foreman provisioning templates are written in ERB format. […]
Introduction Integrating Keycloak with Gitlab SAML makes it easier to manage users in an organization from a central point. You could manage separate accounts on Gitlab, but for us it makes sense to utilize Keycloak as we are already using it for other applications. Setting up Keycloak The first step is to create a Gitlab […]
Some of our customers use Microsoft's Office 365. Due to that they also use Microsoft Teams for collaboration. Recently, out of the blue, I ran into a "redirect loop mystery" in Teams. Basically I was able to login to our Teams (which we only use when recording video calls). But when I tried to switch […]
A few days ago I looked at our Azure costs and they were around $8. That's a ridiculously small amount, except for the fact that we don't really use Azure for anything. So I started investigating. After having published the Configuration Manager (Puppet master installer image) and LibreNMS in Azure Marketplace I knew that we […]
Our Puppet-server installer product is now available free of charge in AWS Marketplace and Azure Marketplace! 'Configuration Manager' is a cloud image with an easy-to-use Puppet server installer. It supports installation of PuppetDB and Puppetboard as well. The source code can be retrieved from GitHub. Check out details at our product page.
Puppet resources like Package, File or Service are idempotent. In other words, you define the state of the resource and Puppet enforces it. The resources can be used in Bolt plans as well, which frees you from having to do state checks yourself. However, if the thing you're managing is not a Puppet resource you […]
When working with Puppet and Puppet modules in particular you quickly notice that there are several ways to manage module dependencies. Today I learned about a new way introduced in Puppet Bolt 3.x, so I thought I'd compile a list that celebrates this diversity: metadata.json: used primarily to dependency metadata to Puppet Forge. Some tools […]
Puppeteers has launched a new service product which allows you to gain control of your Cloud resources by having them imported to Terraform. This allows you to manage changes to your Cloud and radically reduces the need for the pesky "who changes this and why?", "who set this up and is it still needed?" and […]
Update: the problem described in this article seems to be resolved in Fedora 36 (NetworkManager 1.38.0-2.fc36). It is still present in Fedora 35 (NetworkManager 1.32.12-2.fc35). The title of this blog post may seem familiar to some, as I solved this problem for OpenVPN earlier. I won't repeat myself here, so please check the OpenVPN article […]
Sometimes Terraform stalls when trying to remove AWS EC2 security groups and Terraform does no give any hint as to what is wrong. The problem is caused by that security group being attached to an EC2 instance or network interface. Interestingly Terraform messes up the order of the AWS API calls even when it (attempts […]
