Hudecof's page

Personal blog posts mostly about work related issues

My Ansible basic configuration

Introduction I will try to describe my default ansible settings and the reasons why I do it that way. Of course it could change in future as it has already changed several times. This blog post is also for my reference ;) Creating the playbook Creating directories and files mkdir -p .ansible/cp mkdir -p .ansible/retry mkdir -p .ansible/facts_cache mkdir -p roles mkdir -p group_vars mkdir -p host_vars touch group_vars/all touch hosts ansible. Read more →

Atlassian and Ansible

Overview This article s about how I’m using ansible to install and upgrade Atlassian Confluence, JIra nad Crowd. Ansible You should be familiar with the ansible, I’m not going to teach you how to use it. It will be used for installaion, customization and upgrades. Atlassian You should be familiar with basic installation of the Atlassian products. For the automation process I use .tar.gz distribution, not the .bin Why ? Read more →

Gitlab 7 with Atlassian Crowd

README FIRST If you are using version before 6.6 read older post. If you are using version 6.6 and newer, should be working also for 7.X read older post. Overview Please read the previous posts, at least the second one. Meanwhile I migrated to the omnibus package, so this posts is about the omnibus package. Installation and configuration This section is out of th scope, please follow the documentation related to the Crowd and Gitlab omnibus version. Read more →

Mikrotik and Ansible

Overview Read first the previous post. Here you will find some notes after few weeks in production. Improvments Login with password In the previous previous post we assumed the login by ssh keys. But howto do the first setup with password? There is very simple solution, use sshpass. {% raw %} - hosts: all connection: local gather_facts: no vars_prompt: - name: user prompt: "nazov uzivatela" private: no - name: pass prompt: enter password" private: yes tasks: - name: "task with ssh and password" action: command sshpass -p '{{ pass }}' ssh -l {{ user }}. Read more →

Mikrotik and Ansible

Overview I has been asked be our network operation department to help with mass configuration changes of the Mikrotik routers. I should provide shell scripts for some specific tasks as generating configuration from template apply generated configruarion run specific command Instead of writting scripts in my favorite language I decided to use ansible. Some notes If you are familiar with the ansible and mikrotik just skip this section. Read more →

apt-cacher-ng and remap

Overview If you have bunch of servers it’s always good idea to have local mirror or at least caching the requests to the remote repositories. I was using apt-cacher since we had only Debian based linux servers. Few months ago we started to use also CentOS for some critical services to avoid single points of failure. There is no such software as apt-cacher for RPM based distros, but apt-cacher-ng is able to deal with this. Read more →

Bind9 AXFR with TSIG adn ACL

Overview There is numerous posts about how to setup the ISC Bind to use TSIG for AXFR. Few days I found this setup is more secrure than left it untouched, but not so secure as it could be. Configuration This setup was tested on the version 9.8. Basic BIND setup Let’s assume to have one master server and two slave servers using different TSIG keys. I will skip all the steps and just show the relevant part of final configuration. Read more →

DSC parsing offline traces

Overview DSC is a tool for collecting and presenting the dns data from your dns servers. It’s server agnostic, which makes it useful in heterogenous environments like in TLDs. DSC collector is capturing the network data using the pcap library and produces the XML outuput for presenter. Why offline ? As the parsing code seems to be pretty stable we are not very keen to run this software as root on our dns servers. Read more →

Gitlab 6.6 with atlassian crowd

README FIRST If you are using version before 6.6 read older post. Overview This post is about howto get working Gitlab and Crowd together. It’s based on versions - Crowd version 2.7.1 - Gitlab version 6.6 Installation and configuration Atlassian Crowd Installation and configuration of the Crowd is out of scope. Crowd is commercial product and you shoud have support for it. Gitlab For Debian or Ubuntu follow the installation guide on Github. Read more →

Bind9 with views and TSIG AXFR

Overview ISC Bind support view clause. The view clause allows BIND to provide different functionality based on the hosts accessing it. In another words, you can server the same zone dependent on the clients request /mostly is the source ip/. Setup such a scenario is really easy. But to enable correct AXFR to the slave server supporting these views, it took me some time figure out how to do that. Read more →