Jerry's tech blog

My blog about being a techie

Read this first

Clever-clever automated certificate download

Introduction

A client of mine needs some proper automation on his server. It’s a modest little container-based thing that runs a LAMP stack which powers a few tens of websites. I faced the prospect, for each website that was added to the server, of making the necessary changes to the vhosts configuration, adding sites to the SAN certificate they have, and so on. The manual way of doing this, would be something like:

  • Download the cert + bundle *.zip to my laptop
  • Unzip the file
  • Rename the certs if necessary
  • Upload the certs to the server
  • Concatenate the certs if necessary
  • Blah blah blah
  • Profit!

This is quite a bit of stuff that needs to be remembered every time, so it’s a perfect candidate for automation.

It turns out that this client’s certificate provider, GoDaddy, exposes a well-documented REST API to the rest of the internet. One of the services provided by this API is the...

Continue reading →


My obligatory Ubuntu ssh-agent post

There has been much wailing and gnashing of teeth regarding the default SSH/GPG agent in Ubuntu (the GNOME 3 “Passwords & Keys” app). It has several shortcomings and lacks some of the functionality that the standard tools have.

There seem to be many blog posts/serverfault questions/bug reports about this floating about. So, I thought I’d post the solution that worked for me. To be clear, this is on Ubuntu 17.10. Reference here

First, disable the GNOME keyring app from starting up in the first place, ~/.config/autostart/gnome-keyring-ssh.desktop should look like this:


[Desktop Entry]
Type=Application
Name=SSH Key Agent
Comment=GNOME Keyring: SSH Agent
Exec=/usr/bin/gnome-keyring-daemon --start --components=ssh
OnlyShowIn=GNOME;Unity;MATE;
X-GNOME-Autostart-Phase=PreDisplayServer
X-GNOME-AutoRestart=false
X-GNOME-Autostart-Notify=true
X-GNOME-Bugzilla-Bugzilla=GNOME
...

Continue reading →


DigitalOcean Vagrantfile

I was a bit besotted with being able to develop ansible code using an on-premise Vsphere cluster as a substrate. As I was developing a single-machine ELK stack for testing, I needed something a bit more beefy than virtualbox on my poor overworked laptop, and of course vagrant provides a quick and easy way to spin up a machine from scratch and apply your ansible code to it.

So much for my $DAYJOB, but for my freelance projects and other stuff, I’d quite like the ability to do the same thing on a public cloud provider. DigitalOcean, despite a few problems, is probably the cheapest/easiest API-driven public cloud at the moment., so I found the DigitalOcean Vagrant Provider.

This provider takes a Vagrantfile similar to that of the Vsphere one, however it needs to contain a secret which you probably don’t want to include in your next git commit, so I wrote the following which will execute a...

Continue reading →


Grab a specific IP address from ansible facts

Use jinja2 filters to grab the 192.168.x.x address from a machine with multiple NICs:

{{ ansible_all_ipv4_addresses | ipaddr('192.168.0.0/16') | first }}

Of course, this assumes that you don’t have 2 NICs on the same subnet in the one system. If you want to deal with that, I’m sure there’s a way to do it, but unfortunately it’s not right here right now :)

View →


Run ad-hoc ansible commands against your vagrant box

OK, 4 years down the line, here’s my next pearl of wisdom. I’m not going to make statements about keeping this blog updated, because, as you can see, they generally fail :)

I’m working with vagrant boxes running on a VMware vsphere cluster (perhaps some details of that in a later blog post)..

I’d like to run “ansible -m setup” against it so that I can see what facts I can grab for a role.

First I tried this:

$ ansible -i .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory default -m ping

..but it failed with this message:

 default | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Received disconnect from 10.1.1.1 port 22:2: Too many authentication failures\r\nAuthentication failed.\r\n",
    "unreachable": true
}

So, I attempted to debug by looking at what vagrant was doing when running vagrant ssh

$ export
...

Continue reading →