Constructing Ansible variables with the vars-lookup plugin

I have an Ansible role that deploys microservices, of whom I have a list of. The microservices are called foo, bar and baz. I also have a list of stages, called DEV, QA and PROD where the microservices get deployed to. Of course, every microservice needs to connect to a …

more ...

Advanced usage of yum-config-manager with setopts

Recently I used the yum-config-manager program from the yum-utils package to add a repository in a CentOS-box.

This is the easy part:

# install the yum-config-manager
yum -y install yum-utils

# add the official ansible repository
yum-config-manager --add-repo=https://releases.ansible.com/ansible/rpm/release/epel-7-x86_64/

What gets added in /etc/yum …

more ...


Testing Ansible roles

We - at the dev-sec.io-team - create Ansible (and Puppet and Chef) roles that harden the security of our Linux-servers. They are meant to be used in production so we try to provide these roles to several different operating systems, including Debian, Ubuntu, RedHat and its derivates.

Manually testing the roles on many different systems is a very time-consuming task: You’ll have to set up a virtual machine, update it, install Ansible, run the playbook, fix an error, rinse and repeat. If you want to do this on many different operating systems, doing it manually is impossible.

more ...

Firewalld blocking snmp and fixing it (with Ansible)

Some time ago I had to use a new CentOS 7 virtual-machine for some things that aren’t relevant to this post. This machine had to run all the time but also had some problems with a sporadically failing application server. That’s why I decided to monitor the machine …

more ...