Previously we’ve discussed the deployment of Docker containers to Azure and managing Scale Out of instances but not the use of Docker directly. The terminology of Docker has become a little confused of late as containers become the new hot topic, for clarity Docker itself is an application that can be used to create, manage and orchestrate containers, and it’s the orchestration that we’re going to be looking at in . . .
In my recent posts I’ve covered the hardened setup of Vault and covered the basics of using the REST API. As we’ve seen so far, Vault is primarily designed for programmatic interactions from external systems via the API, so lets take a look a favourite of mine, Ansible Tower, which is a prime candidate as a third party system which often has a requirement to call secrets from external systems. . . .
Recently we looked at integrating Ansible Tower with Hashicorp Vault, but I thought it would be worth taking a look at another popular Secrets management system, Azure Key Vault. Whilst the solution isn’t exactly the same using Azure Key Vault and Tower was my first time trying to integrate Ansible with a centralised Secrets repository, so let’s take a look at how to achieve the integration as it’s not very . . .
Following my look at integrating Ansible Tower with Windows, I thought I’d take a look at another common requirement that needs some slight tweaking (though not nearly to the extent of Windows), networking devices, specifically Cisco devices running IOS, ASA and NX-OS platforms. Networking – It’s Built In Unlike the additional layers of configuration that comes with Windows, the use of Cisco platforms is native to Ansible, however some steps . . .
Since the release of Ansible 1.7, way back in the forgotten era of 2014, Ansible can connect to Windows (2008 and higher) using remote PowerShell over that most finicky of mechanisms, WinRM. Red Hat are quick to sell the unilateral management capabilities of Ansible (which do exist), but under the hood we see a uniquely Windows problem. Ansible was built for SSH initially and because Microsoft as ever adopt a . . .
Recently I’ve been presented with the problem of VMWare terminal servers which suffer a saturation of memory at certain times of the day but need to be available 24/7. How best to compensate for that? The biggest killer of memory in this environment is that horror of horrors, Google Chrome, it’d be easier to use a better browser right? Except that isn’t an option when you’re invested in a web . . .
The power of leveraging Ansible Tower against Dynatrace problem detection first dawned on me after reading a post from the excellent Wolfgang Beer. He talks about the solution in the abstract and gives a pretty concise guide on how to leverage APM to use event driven metrics to launch a Playbook, but I ran in to issues almost instantly. The problem isn’t obvious straight away, most people run Dynatrace as . . .
Ansible Tower and Netbox are two of the greatest tools in the DevOps toolchain, and the integration is seemingly painless on the surface (and really it isn’t all that bad) but there is a little nuance to it. Both application stacks provide a RESTful API so sending data between the two should be as simple as firing some JSON between them right? Even with Ansible being a YAML focused platform . . .
Anyone that’s ever spoken to me about tech for more than 30 seconds will know how much I love Ansible and even more Ansible Tower (Red Hat’s REST API and Web Services console) and with good cause; it’s top of class Infrastructure Automation and easily more flexible, scalable and and lightweight than Cloud Formation, Chef, Puppet, Salt or any of it’s contemporaries. On top of that, it’s documentation is second . . .
One of Ansible’s most brilliant features is Privilege Escalation, the ability to enter the context of a more privileged user following an initial connection to either your local or remote node, however a bizarre little caveat of this is something I haven’t been able find documented anywhere and it refers to the use of a system account (by default named awx) on the localhost. What the hell is AWX anyway? . . .