Recent searches
Search options
#ansible
25 posts20 participants0 posts today
What #Ansible Project/Module/Role should I use to provision an #OpenWRT Router?
OpenWrt Forum · What Ansible Project/Module/Role should be used to Provision an OpenWRT Router from Scratch?There seem to be many many many options, which is why I am asking. I do not wish to install Python on anything other than the control node, certainly not on the router. But I'd like to be able to do the basics, over a serial connection such as setting the interface IPs, VLANs, trunk ports and firewall config, package installation, overlayfs, if that helps with library recommendation. Thank you, leeand00
Hello, hachyderm! we've been working hard on building up our ansible runbooks and improving hachyderm's overall resilience. Recently, we've been focusing on is database resilience.
We're getting close to retiring our original database server (finally!) and preparing to move to a fully ansible-managed set of databases servers, primary and replica on new hardware. We'll send another announcement when we do the cut over. The team has done excellent work to make this highly automated, quick, and painless! 
Done:
author ansible roles for managing postgresql, pgbackrest (backups), pgbouncer, and primary/replica failover decide to continue with pgbouncer and *not* use pgcat rotate database passwords order new replica database hardware order new future primary database hardware
To do soon:
rebuild replica database with ansible scripts prepare primary database with ansible scripts start replicating to new database replica cut over to new database server 
We're also planning on open-sourcing our ansible roles in the coming weeks - just a little housekeeping & tidying up before we do!
For years now I’ve had a bit of a bee under my cap: would it be possible to unlock a Vault file with a GnuPG-compatible smart card? And what if the smart card were local and the unlocking had to be triggered remotely?
Forwarding GnuPG agent over SSH
https://jpmens.net/2025/04/04/forwarding-gnupg-agent-over-ssh/
Edit: I have amended the sentence regarding distinct machines. Works fine on two different Linux boxes.
Hierarchical view of ansible-playbook, insights and more ! (public release end of April)
https://github.com/RogerMarchal/balaxy/tree/main
Discussions: https://discu.eu/q/https://github.com/RogerMarchal/balaxy/tree/main
GitHubGitHub - RogerMarchal/balaxy: Provides a detailed, hierarchical view of ansible-playbook executions with visual insights, task tracing, role dependencies, inventory mapping, variable origins, and more. Designed for easier debugging, auditing, and team collaboration — all from your browser.Provides a detailed, hierarchical view of ansible-playbook executions with visual insights, task tracing, role dependencies, inventory mapping, variable origins, and more. Designed for easier debug...
i should've taken the opportunity to use #ansible to set up this stinkpad but i'm already on the manual warpath so maybe next time.
Built a bit of intranet tooling in recent weeks. I had #certbot renew our wildcard #LetsEncrypt certificate, but installing it on multiple internal services was a manual process. So I made an #Ansible playbook, but still had to run it manually. When? A cron job was checking the TLS certificate of our intranet every week. If its validity was less than 3 weeks I got an alert via healthchecks.io.
Only today I realised that certbot can run the playbook directly as a deploy hook...
GIF
Aaah yes 
```
# Disable tunneling
PermitTunnel yes
```
Outdated comments are always lovely.
(tho in this case not _strictly_ outdated, rather not updated correctly by ansible role)
Архитектура приложения. Разбиваем приложение Ansible на модули (Inventory, Deployer)
Привет, Хабр! Продолжу серию третьей статьей об эффективном использовании Ansible для развертывания больших инфраструктур в компаниях. В этом тексте я расскажу, какую архитектуру приложения на основе Ansible мы сформировали, и остановлюсь на модулях Deployer и Inventory.
ХабрАрхитектура приложения. Разбиваем приложение Ansible на модули (Inventory, Deployer)Привет, Хабр! Продолжу серию третьей статьей об эффективном использовании Ansible для развертывания больших инфраструктур в компаниях. В этом тексте я расскажу, какую архитектуру приложения на основе...
Replied in thread
@samueldr Dang it! We were just about migrating our 200'000 microservice platform to #yixe.
Both the #k8s AND #ansible teams were fully onboard with a package mgmt tool they could *finally* understand.
But I guess people are right. It's missing helm-like templating to *actually* solve packaging.... (or even better, something functional like jsonnet)
Crypto.com is hiring Java Developer (Mid to Senior)
#java #springframework #cryptocurrency #ansible #aws #kafka #kubernetes #sql #seniorengineer
Bangalore, India
Full-time
Crypto.com
Job details https://jobsfordevelopers.com/jobs/java-developer-mid-to-senior-at-crypto-com-mar-12-2024-3e3f95?utm_source=mastodon.world&utm_medium=social&utm_campaign=posting
#jobalert #jobsearch #hiring
Replied in thread
Replied to Hannes Stein
@hannesstein @tewe Hier habe ich ebenfalls #Ansible dafür: Basissystem, Rest per Roles ausgerollt. Funktioniert gut - und ohne weitere Eingriffe.
Allerdings wird das derzeit noch von einem Host aus angestoßen. Der Aufwand da irgendetwas zentrales zu stellen war mir bei drei Geräten bisher zu hoch.
Replied in thread
@tewe Ich verwalte unsere Linux-PCs per #Ansible, die Playbooks stelle ich Dir gerne zur Verfügung (muss ich eh mal veröffentlichen). Authentifiziert wird gegen die Schul-Win-AD: https://oer-informatik.de/linux-ad-integration
OER Informatik · Integration von Linux-Clients in ein Active-DirectoryWenn Linux-Clients in Windows-Netzwerke integriert werden sollen, muss die Authentifizierung und das Freigabemanagement von Linux aus angesprochen werden.
#Ansible's decision to use Jinja in values only, and not render the YAML itself through Jinja (like Salt does) might make some things a bit more clean, but it also makes a _lot_ of things significantly more difficult. 
Continued thread
OK, this seems to be the python that Ansible is using. Being called directly without all the PATH mangling that the .ansible-wrapped script does. Which explains why it does not find the kubernetes module...
(Thanks @darix for the hint)
Continued thread
Running the playbook with -v shows me that it is using a completely different python3 from /nix/store/lhpwdis5hkyljz1d200bj1s6g51ljq9k-python3-3.12.8/bin/python3 which does not have the kubernetes module apparently.
No idea how it picks this up, where it takes that information from and how to fix this...
Continued thread
Hardcoding a nix path, even it is just ~/.nix-profile/bin/python3, is of course not feasible if the code is being used on other machines where this is not guaranteed to exist (as outlined in the answers yesterday).
What am I missing?
Continued thread
Fourth and hopefully last round for the #NixOS #Ansible bubble:
Short recap: Having the kubernetes module in the ansible derivation/package is not enough, it needs to also be in the python3 or python312 derivation/package.
Fun fact:
- `which python3` gives me /home/tux.penguin/.nix-profile/bin/python3
- this links to /nix/store/ipwx571dlhxmdf1n1yd8vgqq5ndjnxba-python3-3.12.8-env/bin/python3
- `which -a python3` only gives me this one python, no other binaries found in the PATH with that name
1. Using /nix/store/ipwx571dlhxmdf1n1yd8vgqq5ndjnxba-python3-3.12.8-env/bin/python3 as ansible_python_interpreter works, the kubernetes module is found
2. Using /home/tux.penguin/.nix-profile/bin/python3 for ansible_python_interpreter works
3. Using "{{ lookup('env','HOME') }}/.nix-profile/bin/python3" for ansible_python_interpreter works
4. Using just python3 DOES NOT work?!?!? What the hell? Even if this is resolved (in the shell at least) to the same python3 binary/link in ~/.nix-profile/bin/python3? What the hell?