February 16, 2018

New challenge: design an automation jobs architecture

Posted in Ansible at 11:22 am by alessiodini


Customer often asks me to automate tasks on hundred Linux systems. Those tasks can be very simples as user creation or more complex as operating system customization.
I used ansible reaching the goal but I want to share ansible features with the customer and his colleagues. For this purpose I’m designing a simple architecture composited by:

– GIT as a SCCM
– Ansible as a dedicated automation host
– AWX as a orchestrator

The idea is to write code ( playbooks, perl, bash, python, etc.etc. ) and to publish it to GIT repository. AWX takes the code and let ansible executing it giving back each detail about the execution.
I want let the customer have a single button called “GO” for multiple tasks automation!
I’m playing with this architecture and I need to make a presentation explaining the details.
Let’s gooooo!! 🙂

Advertisements

February 13, 2018

RHEV 4.2 BETA

Posted in Redhat Enterprise Virtualization at 11:24 am by alessiodini


Can’t wait for play with RHEV 4.2 !
With 4x I began to work from 4.0 release and it was only pain, bugs, bugs, and again bugs. No performance graphics. After running yum update everything went bad.

I’m reading about 4.2 features and I hope now RHEV is more stable and it can gives at least basic graphic informations about the guests. I wait the official “stable” status and I will begin to play with.

Here you can find a description about the main new features.
Let’s have fun 🙂

February 2, 2018

Ansible: dealing with SSH vulnerabilities

Posted in Ansible at 3:57 pm by alessiodini


Today the customer asked to help him fixing a couple of issues on multiple Linux systems. Those vulnerabilities were:

Medium

The remote SSH server is configured to allow weak encryption algorithms or no algorithm at all.

Contact the vendor or consult product documentation to remove the weak ciphers.       N/A       90317

 

Low

“The remote SSH server is configured to allow MD5 and 96-bit MAC

algorithms.”

“Contact the vendor or consult product documentation to disable MD5 and

96-bit MAC algorithms.”               N/A 71049

I was funny to fix both of them with a simple playbook called fixssh.yaml :


– name: MAC SSH Vulnerability FIX
hosts: all
tasks:

– name: Backing up /etc/ssh/sshd_config
shell: cp -prf /etc/ssh/sshd_config /etc/ssh/sshd_config.02-02-18
become: true
become_method: sudo

– name: Updating MACs directive in /etc/ssh/sshd_config file
lineinfile:
path: /etc/ssh/sshd_config
regexp: ‘^MACs’
line: ‘MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160@openssh.com’
become: true
become_method: sudo

– name: Updating ciphers directive in /etc/ssh/sshd_config file
lineinfile:
path: /etc/ssh/sshd_config
regexp: ‘^Ciphers’
line: ‘Ciphers aes128-ctr,aes192-ctr,aes256-ctr’
become: true
become_method: sudo

– name: Restarting sshd service
service: name=sshd state=restarted
become: true
become_method: sudo

 

 

January 31, 2018

Solaris 11.4 Beta released!

Posted in Solaris at 2:14 pm by alessiodini


I read about the Solaris 11.4 release. It’s strange, I tought Solaris was dead. it seems not yet!!

It’s long time I don’t play with Solaris 11, I think the last time was in 2013.
I hope to play with it again!

This link contains the new features within Solaris 11.4

 

November 27, 2017

Solaris QFS

Posted in Solaris at 3:28 pm by alessiodini


Recently the customer I’m working for, asked to support him for a storage refresh project.
Host side he has multiple Vmware farms, Linux systems and three Solaris clusters running:

  • Solaris 10 on Sparc
  • QFS shared filesystem
  • Oracle RAC

I sincerely forgot tons of things about Solaris but I was happy to run “clq status” again, it was exciting 🙂

I also have the opportunity to play with QFS, I never saw it before. I’m dealing with an old version but I can’t wait to play more with sam* commands!!
I finally understand mcf file syntax and hosts file under /etc/opt/SUNWsamfs directory.
At same time I’m dealing with SRDF tasks, and I need to lear more about storage, EMC VMAX in this case 😀

November 17, 2017

New job!

Posted in News at 11:23 am by alessiodini


From yesterday I’m working for Sinergy company as Solution Architect.
I’m so glad about this new adventure!! 😀
I hope to help much as possible and to grow learning a lot of architectures design.
At same time my goal is still to reach RHCA Cloud level.

Let’s work hard!!
😀

October 3, 2017

Satellite and Vmware Sync

Posted in Redhat Satellite at 9:20 am by alessiodini


In these days I’m working a lot on Vmware 6x environment and Redhat Satellite 6.2.9

Both products must be in “sync”, otherwise customer could face subscription issues. What I’m speaking about?

For example:
[Time 0]
– A single farm with 4 esx host is added to Satellite.
– Sattelite side, all hosts are licensed with “Virtual Datacanter” subscription

[Time 1]
– ESX side one hypervisor is left out from the cluster and dismissed.
– Satellite still has 4 hosts licensed.
In this scenario the products are not in sync; for this purpose I wrote a perl script called vsync.pl.
This script will contact Satellite and Vmware obtaining both sides the ESX list and comparing them obtaining any difference. The check is double: Vmware->Satellite and Satellite->Vmware

I’m thinking about to open a GIT account uploading the script there.
This is an extract of the last run log:

(…)
Connection to host lxrp-capsule-pippo.it established
Capsule lxrp-capsule-pippo.it contains 1 farm.
ATTENTION: vcpodpippo.it is not IP address format, , the powercli query could face some error!!

Processing vcpodpippo.it
ESX podesx15.pippo.it is missing on Satellite
ESX podesx16.pippo.it is missing on Satellite
ESX podesx17.pippo.it is missing on Satellite

(…)

From the output is clear the current condition: Satellite knows three hosts less than Vmware actually has.
This is due because during the time, Vmware side the hosts number was increased and no one said anything about this task.

I was so funny to develop thi script! 😀

September 21, 2017

idrac_pwd.pl – Script for iDRAC root password change

Posted in Perl tagged , , , at 12:22 pm by alessiodini


The customer I’m working for in these days, asked me to reset a hunderd of iDRAC consoles root password because they were still using the default root/calvin credentials.

Having fun for this request, I wrote a perl script using Net::OpenSSH module. This script checks for root account index, and it changes the password using this index. If something does not work as expected, the script will let u know on which host it faced the issue.

It’s very easy to use, for example:

$ perl idrac_pwd.pl 1.2.3.4

Connection to host 1.2.3.4
Reset password succesfully executed on 1.2.3.4 – index 2

That’s all!
You can download the script here.

Have fun 😀

September 12, 2017

Solaris and SPARC are dead. No more words

Posted in Solaris at 10:27 am by alessiodini


Today I’m so depressed about this…
https://www.networkworld.com/article/3222707/data-center/the-sun-sets-on-solaris-and-sparc.html

My young dream was to work for Oracle company and with SPARC/Solaris environments.
Bye bye… 😦

September 5, 2017

How to install ansible on CentOS 7 system

Posted in Ansible tagged , , , at 8:04 am by alessiodini


Starting from a minimal CentOS installation, following I share the steps I did for ansible installation:

1) System update
# yum -y update
# init 6

2) Epel repository configuration and ansible pkg installation
# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -ivh epel-release-latest-7.noarch.rpm
# yum -y install ansible vim

3)In my case I’m using ansible for working on Vmware ESX environment so I also installed a python module:
# yum install python-pip
# pip install --upgrade pip
# pip install pyVmomi
# pip install --upgrade pyVmomi

4) On a user home directory I created .ansible.cfg for any local customization
$ touch .ansible.cfg
$ ansible --version
ansible 2.0.1.0
config file = /home/alex/.ansible.cfg
...output omitted...

5) On the same directory I created a .vimrc file automating the yaml indent spaces
$ cat .vimrc
autocmd FileType yaml setlocal ai ts=2 sw=2 et

Ansible now is ready to fire! 😀

Next page