If you've been following recent security news, you may have heard of the Badlock vulnerability in the protocols used by the Microsoft Windows Active Directory infrastructure. This vulnerability could lead to a man-in-the-middle attacker intercepting traffic between a client and the Active Directory server, and then impersonating the client, gaining unauthorized access to resources.
|
More information can be found at http://badlock.org/ and the Red Hat Knowledgebase. |
Thanks to Ansible, however, patching your systems doesn't have to be complicated.
- hosts: all gather_facts: true become_method: sudo become_user: root vars: service_name: 'Debian': 'smbd' 'RedHat': 'smb' tasks: - name: check samba version shell: dpkg -l | grep -q samba when: ansible_os_family == 'Debian' register: samba_installed ignore_errors: True - name: update samba from apt if installed apt: name: samba state: latest update_cache: yes when: ansible_os_family == 'Debian' and samba_installed.rc == 0 notify: restart_samba - name: check samba version shell: rpm -q samba when: ansible_os_family == 'RedHat' register: samba_installed ignore_errors: True - name: update samba from yum if installed yum: name: samba state: latest update_cache: yes when: ansible_os_family == 'RedHat' and samba_installed.rc == 0 notify: restart_samba handlers: - name: restart_samba service: name: "{{ Continue reading
We love stories about how Ansible Tower has solved problems and made work easier. When we heard that CareerBuilder was using Tower in a Windows environment, we had to know more. Special thanks to Cody Rucks from CareerBuilder for sharing his story about Ansible Tower.
---
At CareerBuilder we are focused on building out a full stack solution that will allow developers to continuously deploy their applications. Not only do we want them to be able to deploy quickly, but we want consistency and automation throughout the entire process. Ansible Tower has become a huge part of our final end solution. In this post we will discuss how we are using Ansible Tower to connect our various products and steps and truly be able to deploy applications in the cloud utilizing DevOps methodologies.
In November 2015, our team set out to find the best solution for our needs. We tested several different products and vendors ranging from the most buzz-worthy to the most obscure and ended up selecting Ansible Tower at the end. Ansible Tower seemed to provide all the things that we needed it to do. They key takeaways we had that made us select Ansible Continue reading
Welcome to Technology Short Take #64. Normally, I try to publish Short Takes on Friday, but this past Friday was April Fools’ Day. Given the propensity for “real” information to get lost among all the pranks, I decided to push this article back to today. Unlike most of what is published around April Fools’ Day, hopefully everything here is helpful, informative, and useful!
I wanted to provide readers a quick “heads up” about some unexpected behavior regarding Docker Machine and OpenStack. It’s not a huge deal, but it could catch someone off-guard if they aren’t aware of what’s happening.
This post builds on the earlier post I published on using Docker Machine with OpenStack; specifically, the section about using Docker Machine’s native OpenStack driver to provision instances on an OpenStack cloud. As a quick recap, recall that you can provision instances on an OpenStack cloud (and have Docker Engine installed and configured on those instances) with a command like this:
docker-machine create -d openstack
--openstack-flavor-id 3
--openstack-image-name "Ubuntu 14.04.3 LTS x64"
--openstack-net-name lab-net-5
--openstack-floatingip-pool ext-net-5
--openstack-sec-groups docker,basic-services
instance-name
(Note that I didn’t include all of the optional parameters; refer to either my earlier blog post or the Docker Machine OpenStack driver reference for more details).
One of the optional parameters for Docker Machine’s OpenStack driver is the --openstack-keypair-name
parameter, which allows you to specify the name of an existing keypair to use with instances created by Docker Machine. If you omit this parameter, as I have above, then Docker Machine will auto-generate a new SSH Continue reading
Long-time readers know that my wife, Crystal, has been running this thing called Spousetivities for a few (OK, eight) years now. While Spousetivities originally started out as a VMworld thing, it rapidly expanded, and this year Spousetivities will be at a number of events. That includes the spring OpenStack Summit in Austin, TX!
If you’re planning to attend the Summit in Austin, why not bring your spouse/fiancé/partner/significant other with you? I can tell you from personal experience that having him or her there with you makes the conference experience more pleasant. In this particular case, Austin is a great place to visit in April and it is very affordable. Besides, Spousetivities has a great set of activities planned to keep your traveling companion(s) entertained while you’re at the conference.
Here’s a quick look at some of what’s planned for that week:
On the Spousetivities Continue reading
This is the first in a series of posts about how Ansible and Ansible Tower enable you to manage your infrastructure simply, securely, and efficiently.
When we talk about Tower, we often talk in terms of Control, Knowledge, and Delegation. But what does that mean? In this series of blog posts, we'll describe some of the ways you can use Ansible and Ansible Tower to manage your infrastructure.
The first step of controlling your infrastructure is to define what it is actually supposed to be. For example, you may want to apply available updates - here's a basic playbook that does that.
--- - hosts: all gather_facts: true become_method: sudo become_user: root tasks: - name: Apply any available updates yum: name: "*" state: latest update_cache: yes
Or you may have more detailed configuration. Here's an example playbook for basic system configuration.This playbook:
Configures some users
Installs and configures chrony, sudo, and rsyslog remote logging
Sets some SELinux parameters
Normally, we’d organize our configuration into Ansible roles for reusability, but for the purpose of this exercise we're just going to use one long playbook.
We'd want to apply this as part of our standard system configuration.
Continue reading
In this post I’m going to share how to add some Git and Docker Machine “awareness” to your OS X Bash prompt. This isn’t anything new; these tricks are things that Bash users have been employing for years, especially on Linux. For most OS X users, though, I think these are tricks/tools that aren’t particularly well-known so I wanted to share them here.
I’ll divide this post into two sections:
Please note that I’ve only tested these on El Capitan (OS X 10.11), but it should work similarly for most recent versions of OS X.
Before I get started, allow me to explain what I mean by “awareness”:
eval $(docker-machine env <name>)
) in your Bash prompt as well as tab completion for most Docker Machine commands and machines.Ready? Let’s get started!
To add some Continue reading