What are Ansible modules? Ansible modules provide the infrastructure as code building blocks for your Ansible roles, plays and playbooks. Modules manage things such as packages, files and services. The scope of a module is typically quite narrow: it does one thing but attempts to do it well. Writing custom Ansible modules is not particularly […]
What are Ansible Collections? Ansible is an infrastructure as code tool used for configuration management, network device management, orchestration and other tasks. Ansible Collections are a way to distribute Ansible content such as roles, playbooks and modules. They can be downloaded from Ansible Galaxy, Git repositories or local directories. Basically collections are a more modern […]
Computers were supposed to relieve us humans from boring and repetitive jobs. Here we turn this upside down and do the boring and repetitive job of a computer by importing Cloudflare DNS records to Terraform ourselves. Not fun, but someone’s gotta do it sometimes. If you’re reading this, that someone is probably you. Condolences. My […]
When you create a distribution, AWS creates several DNS A records with the same name (e.g. d25gma2ea3ckma.cloudfront.net) which point to IPs the distribution is using. Then, typically, you would define CNAME(s) pointing to that cloudfront.net address in your own DNS. Each Cloudfront distribution has a list of aliases, similar to Subject Alternative Names ("SAN") in […]
When deploying with Terraform to Azure you may sometimes encounter errors such as this: The problem is that in Azure you may need to register the provider for the service you intend to manage with Terraform. If you add resources from Azure Portal this registration part is handled automation. In the above case the Azure […]
I was working with Keycloak realm private/public key automation and it was not immediately obvious where Keycloak stores the keys. Figuring it out was actually easy, and this method applies to any web application that uses MySQL/MariaDB, not just Keycloak. Anyhow, on Ubuntu, you'd navigate to /var/lib/mysql/<name-of-database>. For example: Make sure that no changes have […]
In AWS EBS ("Elastic Block Storage") is the underlying technology that (virtual) hard disks of your instances (virtual machines) use. You can take snapshots of those virtual hard disks and use those snapshots to, for example: Debugging issues with unbootable virtual machines: attach and then mount the snapshot on another virtual machine and investigate what […]
Puppet Development Kit is probably the best thing since sliced bread if you work a lot with Puppet. It makes adding basic validation and unit tests trivial with help from rspec-puppet. It also makes it very easy to build module packages for the Puppet Forge. That said, there is a minor annoyance with it: whenever […]
Typically Linux nodes are joined to FreeIPA using admin credentials. While this works, it exposes fully privileged credentials unnecessarily, for example when used within a configuration management system (see for example puppet-ipa). Fortunately joining nodes to FreeIPA is possible with more limited privileges. The first step is to create a new FreeIPA role, e.g. "Enrollment […]
Every now and then a need to use the content of a file as a variable on an agent node arises. Here's one way to do it with the help of a custom fact. First create a custom fact on the puppet server: You can confine this to restrict it to be available only on […]
Adding OpenID to WordPress allows for existing users on a domain to connect without having to manage another account. In this setup, we will be using Keycloak to provide the existing accounts which the OpenID plugin will use. There are a few plugins for WordPress that allow this functionality, but we will be using OpenID-Connect-Generic […]
When switching to root after the typical SSH with X11 forwarding enabled this error can appear: The workaround seems to include copying the MIT-MAGIC-COOKIE-1 from the user who ssh'd in to the root user using xauth. Here's how: First verify the $DISPLAY being used and list the MIT-MAGIC-COOKIE-1 used for it : Next switch to […]
System tray is a "legacy" tray where various applications (e.g. Nextcloud, Pidgin and Signal) have an icon with which you can interact with the application without actually opening the main application window. I said "legacy", because phasing it out was the plan in the Gnome 3 project, but it seems like we're not getting rid […]
In Terraform you have access to basic data types like bool or string. Defining the data type is a good start for starting to improve the quality of your modules. However, you may want to validate that a certain string matches a list of pre-defined options, and if not, fail validation early. Terraform, unlike Puppet, […]
Terraform's remote-exec provisioner fails immediately if any command in a script exists with a non-zero exit code. This makes building polling loops a bit more involved than it normally is. So, here is an example loop that checks if a URL can be reached: When the URL is unreachable, the "||" will ensure that "sleep" […]
Sometimes you might find yourself wondering whether there is some paranormal activity going on with your keycloak and its database. To check if things are still in the realm of physical reality, and to restore your child's faith in the programmer who never makes mistakes, it might be soothing to check what's actually happening to […]
In Bitbucket usernames are unique across whole of Bitbucket. Moreover, the same SSH key can only be configured for one user. If you registered your Bitbucket account using a corporate email and used your primary SSH key with it, you're pretty much hosed if you then need to create another corporate Bitbucket account and wanted […]
The Azure VPN Gateway supports the OpenVPN protocol (except the "Basic SKU"). Unlike, for example, the commercial Access Server, the VPN Gateway does not have a built-in certificate authority (CA) tool for managing client certificates. And client certificates are essentially a requirement if you need to support clients other than Windows and Mac, such as […]
Terraform has good support for Microsoft Azure through the Terraform Azure provider and the AzureRM backend. However, you may hit a glitch when adding or importing resources if you lack permissions to register Azure resource providers: At first glance this error look cryptic, but it is quite clear once you understand what Azure resource providers […]
I previously wrote about takeaways from our first recruitment process as a recruiter in January 2021. This time I’m looking back to the recruitment process in order to gather tips for the other half, job applicants and seekers. Part of the advice are also based on my own experiences as a job seeker and some […]
