-
Testing Ansible AWX/Tower roles
Friday, September 21, 2018
As I continue to push forward the use of AWX in our infrastructure, there is continued need to test what we are producing. Much like any other kind of development, sometimes we need a local environment to test something. This came up recently for me in AWX because I was testing a role that modified the AWS Task container in order to provide enhanced functionality. I wrote the following little shell provisioner that gets AWX up and running quickly for testing. …
-
Using Nginx in front of AWX for SSL
Wednesday, August 8, 2018
I’ve got AWX deployed in production currently. Obviously for production, you need to SSL for authentication. Since AWX doesn’t offer this currently, and I’m not paying $20/month just for a ELB for this, I decided to slap Nginx in front of the containers to proxy SSL. This ended up being a larger pain than I expected because of the websockets. Finally got it figured out and wanted to post my nginx config for anyone else trying to do the same thing. …
-
Migration to Gitlab and Gitlab Runners
Wednesday, July 25, 2018
The Linux community, and the open-source community in general, was up in arms last month as Microsoft announced a purchase of Github. For many reasons, which I am not going to detail here, I agree with the general concern and outrage over this. Due to this, I have migrated all my repos from Github (where I was a paying member) to Gitlab. The migration itself is dead easy, but with this migration you lose access to other tools. This mainly impacted me with the loss of CircleCI. Enter Gitlab runners! …
-
docker-py deprecated in favor of docker
Tuesday, July 17, 2018
Just a quick note that the Python module docker-py has been deprecated in favor of docker. I run a few Ansible hosts that run Docker containers for various reasons and recently they started to fail during their Ansible runs. Turns out that docker-py now fails during said runs. After some searching I found that this module hasn’t been updated in a very long time, and has been deprecated in favor of the docker module instead. I wrote the following small Ansible task to fix this on my machines. …
-
Unifi Controller on a Pi with Ansible
Monday, July 16, 2018
I recently moved into a new house (yay!) and had to get my network up and running again. I have been running a full Unifi setup for almost a year now and have been very happy with it. Originally I was running the Unifi controller in a container with the rest of my containerized set up. This was fine, until I moved and needed to have access to the controller, and the network, but didn’t have the entirety of my server infrastructure up and running. Enter the Pi! …
-
Using Multiple Docker Repositories
Sunday, March 4, 2018
Depending on the project I work in a multitude of different Docker repositories across multiple services. This includes using Google, Amazon, and Docker hub. Logging into each one of these services every time I need to push a container is a pain. Fortunately, you can set up your .docker/config.json for each user to be able to seamlessly use multiple repositories. …
-
Migrating to Lambda from Cron Jobs
Wednesday, February 21, 2018
One of my jobs (at least as I see it) is not only to automate infrastructure, but also to consolidate and simplify infrastructure. Too many companies I have worked at have small bits of amazing things, surrounded by loads of convoluted messes left by others. As we move more and more into public cloud infrastructure, in this case AWS, I started thinking about the things I could simplify using AWS only tools. The old way of doing things (as set up by the engineers before me) was to have loads of cron jobs, running across multiple machines, for tasks like taking EBS snapshots. This isn’t a problem when everything is humming along perfectly, but as soon as something breaks, the hunt for where it broke begins. My old strategy involved using the bastion hosts (those that sat on the outside of the VPC for access to VPC machines). But even this could be missed by someone who doesn’t understand my particular way of doing things. This also doesn’t provide consolidated logging either, unless you consume logs from every bastion host into some logging service. Enter Lambda. …
-
Basic CoreOS Setup
Monday, January 15, 2018
Recently I have begun to play with Immutable Hosts, that is host operating systems that are built using a very minimal set of tools, and many times using a containerized method to do so. These hosts include the much loved CoreOS, Project Atomic from RedHat, and RacherOS. CoreOS comes up a lot in the Kubernetes world, so I decided to give it a try. …
-
Google is still good for some things
Friday, November 3, 2017
Everyone loves free things, hence the proliferation of services like GMail and the rest of the Google suite. The problem is, as my old boss used to say, “If you aren’t paying for the product, than you are the product”. Nothing in life is free, and Google has to make money somewhere. It’s no secret that I have a love/hate relationship with Google … I love their services but hate their continuous privacy violations and tracking behaviors (hence my move over to services like ProtonMail and self-hosting). However, this doesn’t make me turn a blind eye to them in general. I’ve been watching the Google Cloud Platform (GCP) product suite for some time, and have recently started playing around with it. It’s nice, compatible with all my tooling (Terraform, Vagrant, etc.), and in most cases cheaper than competing AWS services. Even better is their free trial which, unlike AWS, is much more robust. Their trial, available for one year from your sign up, comes with $300 in credit to use on their services. Which makes it a lot less limited than the AWS “Free Tier” for one year. …
-
Kubernetes, Cluster Auto-Scaling and RBAC
Monday, October 23, 2017
We are currently running our Kubernetes infrastructure in AWS using Kops. This provides a lot of advantages, including being able to easily set and use Auto-Scaling Groups (ASGs). Part of the Kubernetes Autoscaler repository is the cluster autoscaler which watches for events on your Kubernetes cluster and responds by scaling up and down nodes needed to run pods. …