Archive

Category Archives for "Systems"

Patching BADLOCK with Ansible

Ansible-Lock-Blog.png

If you've been following recent security news, you may have heard of the Badlock vulnerability in the protocols used by the Microsoft Windows Active Directory infrastructure. This vulnerability could lead to a man-in-the-middle attacker intercepting traffic between a client and the Active Directory server, and then impersonating the client, gaining unauthorized access to resources.

 block-bug.png

More information can be found at http://badlock.org/ and the Red Hat Knowledgebase.


Thanks to Ansible, however, patching your systems doesn't have to be complicated.

Here’s a sample playbook for Red Hat/Fedora/CentOS and Debian/Ubuntu systems

- hosts: all
  gather_facts: true
  become_method: sudo
  become_user: root
  vars:
    service_name:
      'Debian': 'smbd'
      'RedHat': 'smb'

  tasks:
    - name: check samba version
      shell: dpkg -l | grep -q samba
      when: ansible_os_family == 'Debian'
      register: samba_installed
      ignore_errors: True

    - name: update samba from apt if installed
      apt:
        name: samba
        state: latest
        update_cache: yes
      when: ansible_os_family == 'Debian' and samba_installed.rc == 0
      notify: restart_samba

    - name: check samba version
      shell: rpm -q samba
      when: ansible_os_family == 'RedHat'
      register: samba_installed
      ignore_errors: True

    - name: update samba from yum if installed
      yum:
        name: samba
        state: latest
        update_cache: yes
      when: ansible_os_family == 'RedHat' and samba_installed.rc == 0
      notify: restart_samba

  handlers:
    - name: restart_samba
      service:
        name: "{{  Continue reading

Empowering Windows Deployment Pipelines with Ansible Tower

We love stories about how Ansible Tower has solved problems and made work easier. When we heard that CareerBuilder was using Tower in a Windows environment, we had to know more. Special thanks to Cody Rucks from CareerBuilder for sharing his story about Ansible Tower.

---

At CareerBuilder we are focused on building out a full stack solution that will allow developers to continuously deploy their applications. Not only do we want them to be able to deploy quickly, but we want consistency and automation throughout the entire process. Ansible Tower has become a huge part of our final end solution. In this post we will discuss how we are using Ansible Tower to connect our various products and steps and truly be able to deploy applications in the cloud utilizing DevOps methodologies.

Why Ansible Tower?

In November 2015, our team set out to find the best solution for our needs. We tested several different products and vendors ranging from the most buzz-worthy to the most obscure and ended up selecting Ansible Tower at the end. Ansible Tower seemed to provide all the things that we needed it to do. They key takeaways we had that made us select Ansible Continue reading

Containers and VMs Together

A couple weeks back I talked about how Docker containers were not virtual machines (VMs). I received a lot of positive feedback on the article (thanks!), but I also heard a common question: Can VMs and Docker containers coexist? The … Continued

CI/CD with Docker Cloud

So you want to innovate faster, right? Continuous integration and continuous deployment (CI/CD) are some of the most common, but impactful use cases for teams who are looking to Dockerize their environment. The key to CI/CD is being able to … Continued

Technology Short Take #64

Welcome to Technology Short Take #64. Normally, I try to publish Short Takes on Friday, but this past Friday was April Fools’ Day. Given the propensity for “real” information to get lost among all the pranks, I decided to push this article back to today. Unlike most of what is published around April Fools’ Day, hopefully everything here is helpful, informative, and useful!

Networking

Your Docker Agenda for April

Thank you Docker community for your amazing collaborations last month! In March, the community organized over 125 Docker Birthday #3 local trainings and celebrations. This month, you can still catch a few more birthday events and lots of other awesome … Continued

Docker Machine, OpenStack, and SSH Keys

I wanted to provide readers a quick “heads up” about some unexpected behavior regarding Docker Machine and OpenStack. It’s not a huge deal, but it could catch someone off-guard if they aren’t aware of what’s happening.

This post builds on the earlier post I published on using Docker Machine with OpenStack; specifically, the section about using Docker Machine’s native OpenStack driver to provision instances on an OpenStack cloud. As a quick recap, recall that you can provision instances on an OpenStack cloud (and have Docker Engine installed and configured on those instances) with a command like this:

docker-machine create -d openstack 
--openstack-flavor-id 3 
--openstack-image-name "Ubuntu 14.04.3 LTS x64" 
--openstack-net-name lab-net-5 
--openstack-floatingip-pool ext-net-5 
--openstack-sec-groups docker,basic-services
instance-name

(Note that I didn’t include all of the optional parameters; refer to either my earlier blog post or the Docker Machine OpenStack driver reference for more details).

One of the optional parameters for Docker Machine’s OpenStack driver is the --openstack-keypair-name parameter, which allows you to specify the name of an existing keypair to use with instances created by Docker Machine. If you omit this parameter, as I have above, then Docker Machine will auto-generate a new SSH Continue reading

Docker Birthday #3: Thank you Docker community!

Gracias, merci, danke, obrigado, рақмет сізге, tak, धन्यवाद, cảm ơn bạn, شكرا, mulțumesc, asante, ευχαριστώ, thank you Docker community! While we originally planned for 40 Docker Birthday #3 celebrations worldwide with 1,000 attendees, over 8,000 people registered to attend one … Continued

Spousetivities at OpenStack Summit in Austin

Long-time readers know that my wife, Crystal, has been running this thing called Spousetivities for a few (OK, eight) years now. While Spousetivities originally started out as a VMworld thing, it rapidly expanded, and this year Spousetivities will be at a number of events. That includes the spring OpenStack Summit in Austin, TX!

If you’re planning to attend the Summit in Austin, why not bring your spouse/fiancé/partner/significant other with you? I can tell you from personal experience that having him or her there with you makes the conference experience more pleasant. In this particular case, Austin is a great place to visit in April and it is very affordable. Besides, Spousetivities has a great set of activities planned to keep your traveling companion(s) entertained while you’re at the conference.

Here’s a quick look at some of what’s planned for that week:

  • Explore Austin via a unique scavenger hunt experience, complete with prizes
  • Cruise the lake on private, luxury paddle-wheel boat while enjoying a delicious catered lunch
  • BBQ galore—after all, this is the BBQ capital and Spousetivities will make sure you get to try the famous BBQ of the Salt Lick
  • Quaint and relaxing tour of historic Fredericksburg

On the Spousetivities Continue reading

Docker at /Build

Every year, Microsoft welcomes thousands of developers to their /Build conference. This year, whether you’re attending live in San Francisco, or watching online, there will be lots of Docker at /Build. Building from the announcement last week of the beta for Docker for Mac … Continued

Control with Ansible Tower, Part 1

tower-control-series-screen.png

This is the first in a series of posts about how Ansible and Ansible Tower enable you to manage your infrastructure simply, securely, and efficiently.

When we talk about Tower, we often talk in terms of Control, Knowledge, and Delegation. But what does that mean?  In this series of blog posts, we'll describe some of the ways you can use Ansible and Ansible Tower to manage your infrastructure.

CONTROL - THE BASICS

The first step of controlling your infrastructure is to define what it is actually supposed to be. For example, you may want to apply available updates - here's a basic playbook that does that.

---
- hosts: all
  gather_facts: true
  become_method: sudo
  become_user: root
  tasks:
    - name: Apply any available updates
      yum:
        name: "*"
        state: latest
        update_cache: yes

Or you may have more detailed configuration. Here's an example playbook for basic system configuration.This playbook:

  • Configures some users

  • Installs and configures chrony, sudo, and rsyslog remote logging

  • Sets some SELinux parameters

Normally, we’d organize our configuration into Ansible roles for reusability, but for the purpose of this exercise we're just going to use one long playbook.

We'd want to apply this as part of our standard system configuration.

 Continue reading

Adding Git and Docker Machine Awareness to OS X

In this post I’m going to share how to add some Git and Docker Machine “awareness” to your OS X Bash prompt. This isn’t anything new; these tricks are things that Bash users have been employing for years, especially on Linux. For most OS X users, though, I think these are tricks/tools that aren’t particularly well-known so I wanted to share them here.

I’ll divide this post into two sections:

  1. Adding Git awareness to your Bash prompt
  2. Adding Docker Machine awareness to your Bash prompt

Please note that I’ve only tested these on El Capitan (OS X 10.11), but it should work similarly for most recent versions of OS X.

Before I get started, allow me to explain what I mean by “awareness”:

  • For Git, it’s the ability to show the currently checked-out Git branch in your Bash prompt as well as tab completion for Git commands, branches, and remotes.
  • For Docker Machine, it’s the ability to show the currently-active machine (made active via eval $(docker-machine env <name>)) in your Bash prompt as well as tab completion for most Docker Machine commands and machines.

Ready? Let’s get started!

Adding Git Awareness to your Bash Prompt

To add some Continue reading

1 91 92 93 94 95 125