Testing Ansible roles

We - at the dev-sec.io-team - create Ansible (and Puppet and Chef) roles that harden the security of our Linux-servers. They are meant to be used in production so we try to provide these roles to several different operating systems, including Debian, Ubuntu, RedHat and its derivates.

Manually testing the roles on many different systems is a very time-consuming task: You’ll have to set up a virtual machine, update it, install Ansible, run the playbook, fix an error, rinse and repeat. If you want to do this on many different operating systems, doing it manually is impossible.

more ...

Firewalld blocking snmp and fixing it (with Ansible)

Some time ago I had to use a new CentOS 7 virtual-machine for some things that aren’t relevant to this post. This machine had to run all the time but also had some problems with a sporadically failing application server. That’s why I decided to monitor the machine, starting with some basic snmp-monitoring.

more ...