DNS Server Master/Slave tramite Ansible

Devo mettere in piedi un DNS server master/slave e mi trovo davanti al solito quesito sulle opzioni per l’implementazione. Come lo faccio?

  1. a manina
  2. Chef
  3. Ansible

L’opzione numero uno (ogni tanto e soprattutto per i miei ambienti di laboratorio) inizia a sembrarmi quella più rapida, ma per tenersi allenati su IaC è bene usare la 2 o la 3.

Siccome il DNS mi serve per un cluster Openshift direi di procedere con la 3, così farò tutto con Ansible.

1_hdwjXl1x4Q3VXmL7UG1XrQ

Ho preso in affitto una macchina fisica su Kimsufi con sopra Proxmox come hypervisor.

Screen Shot 2018-07-15 at 11.27.50

La rete è configurata così.

ocmaster39 (eth0: 10.10.10.10/24, eth1: 192.168.56.10/16)

ocslave39 (eth0: 10.10.10.11/24, eth1: 192.168.56.11/16)

Il nostro DNS ascolterà sulla 192.168.0.0 mentre sulla 10.10.10.0 attesterò i servizi di OC.

Una volta completato l’inventory file che è veramente molto scarno in questo caso eseguirò i playbook.

[dns_master]
192.168.56.10 ansible_connection=local

[dns_slave]
192.168.56.11



Eseguiamo qualche comando per vedere che la comunicazione funzioni…

[root@ocmaster39 ansible-role-bind]# ansible all -a 'whoami' -m shell
192.168.56.10 | SUCCESS | rc=0 >>
root

192.168.56.11 | SUCCESS | rc=0 >>
root

Ok si.. tutti usano il ping e quindi lo userò anche io,

[root@ocmaster39 ansible-role-bind]# ansible all -m ping
192.168.56.10 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}
192.168.56.11 | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}

Convergenza del master (sotto è riportato il playbook usato)

ansible-playbook master.yml

Convergenza slave

ansible-playbook slave.yml

A questo punto Bind è installato e configurato, per cui interroghiamo il master…

[root@ocmaster39 ~]# dig @192.168.56.10 google.it | grep -n1 "ANSWER SECTION"
13-
14:;; ANSWER SECTION:
15-google.it. 188 IN A 172.217.18.195
[root@ocmaster39 ~]# dig @192.168.56.10 ocslave39.openshift.local | grep -n1 "ANSWER SECTION"
13-
14:;; ANSWER SECTION:
15-ocslave39.openshift.local. 1209600 IN A 192.168.56.11

… ora lo slave …

[root@ocmaster39 ~]# dig @192.168.56.11 ocslave39.openshift.local | grep -n1 "ANSWER SECTION"
13-
14:;; ANSWER SECTION:
15-ocslave39.openshift.local. 1209600 IN A 192.168.56.11

Ho forkato il playbook originale per una PR dove ho aggiunto i playbook usati e un po’ di doc.

Trovate l’esempio usato qui

Ciao!

Anno nuovo, configuration management nuovo…

Buon anno a tutti i lettori di devopsrecipes.info 🙂

Qualche giorno fa, approfittando dell’apparente calma lavorativa tipica delle feste natalizie, ho deciso di studiare GO (https://golang.org/).

Molto figo, ma soprattutto, usare i puntatori mi ha fatto tornare indietro nel tempo quando “smanettavo” pesantemente in C.

Quel che è uscito fuori, tra un pò i programmi pieni di “foo” e “foobar” senza senso, è stato Congruit. Un nuovo configuration management tool scritto in GO ma che opera prettamente in Bash…

Link al repo Github

logomakr_9879lg

Naturalmente è molto minimale ma ha un non so che di “Bash” che lo colora molto di Sys-admin.

Diciamo che nell’ottica Devops è un pò più Ops. Pull request al repo sono benvenute 😉

Saluti

A simple recipe for MongoDB clusters

Hi everybody!

my task of today, was to configure a MongoDB with redundancy and high availability…

I decided to write my own Chef cookbook to configure “replica”

Below the most important parts:

Install MongoDB packages

Screen Shot 2016-10-14 at 21.13.03.png

Use template for the main configuration file

screen-shot-2016-10-14-at-21-15-04

Enable Linux service of MongoDB at the boot

screen-shot-2016-10-14-at-21-15-57

What about the replica’s configuration?

I suggest to use a custom LWRP that execute rs.initiate() to declare the replica set, rs.add(); to add primary and secondary servers, rs.addArb() to add arbiter servers. You can loop over hashes like this:

foobar => { “secondaries” => [“mynode01:27017″,”mynode02:27017”]}

and a Chef provider like this

screen-shot-2016-11-09-at-21-38-31

I need to test my cluster, so let’s prepare a Vagrant file like this in order to manage all virtual machines concurrently

screen-shot-2016-10-14-at-21-23-16

Finally, Haproxy as reverse proxy and load balancer! Use autodiscovery (https://github.com/hw-cookbooks/haproxy) in order to find automatically the backends and “health check” to point to the right node after a new primary server’s promotion.

screen-shot-2016-10-14-at-21-25-20

 

Ad maiora!

Cooking on Windows Sever..

Hi guys!

I have to manage Windows Server 2008 using Chef..

First of all, I need to choose the strategy for bootstrapping the new node and I am going to use an unattended bootstrap..

Configuring network card to talk with 33.33.33.10 (my Chef server)

Screen Shot 2016-08-04 at 18.19.09

Download and install  chef-client for Windows from https://downloads.chef.io/chef-client/windows/

Screen Shot 2016-08-04 at 15.41.06.png

Copy client.rb and validation.pem to c:\chef and launch chef-client from the command line.

This my new Windows node!

Screen Shot 2016-08-04 at 18.09.15

Let’s prepare a simple cookbook named mywindows:

knife cookbook create mywindows

Let’s insert the following resources in recipes/default.rb

#Modify the hosts file
template "C:\\Windows\\System32\\drivers\\etc\\hosts" do
  source "hosts.erb"
  action :create
end

 

#Restart an array of services
[ "Dnscache" , "UxSms" ].each do |s|
 service s do
    action :restart
   end
end

 

#Update Group Policy
execute 'gpupdate' do
  command "gpupdate.exe"
end

 

#Create a key into the registry
windows_registry 'HKCU\Software\Test' do
  values 'MySuperKEy' => Time.now
  action :create
end

 

#Install Putty
windows_package 'Putty' do
  source 'C:\\putty-0.60-installer.exe'
  installer_type :inno
  action :install
end

 

#Enable a Windows Feature
windows_feature "WindowsServerBackup" do
  action :install
end

Run chef-client and all works fine!

Screen Shot 2016-08-04 at 18.34.08.png

Bye!

 

Install Chef Server on Suse Linux Enterprise 11

Hi Folks!

Today I dealt with a problem… and I found a solution because Chef is a great tool!

At moment there is not an RPM for Suse Linux available from the official website, but this does not matter 🙂

Problem: Install Chef Server, Chefdk, Chef-manage into a Suse Linux Enterprise 11 virtual machine without installing the rpm packages of RHEL systems.

Screen Shot 2016-08-02 at 19.02.17.png

This is what you can do:

  1. Dowload the following packages:
    • chef-server-core-12.8.0-1.el6.x86_64.rpm,
    • chefdk-0.16.28-1.el6.x86_64.rpm,
    • chef-manage-2.4.1-1.el6.x86_64.rpm
  2. Extract all stuff from RPM with:
    • rpm2cpio  chef-manage-2.4.1-1.el6.x86_64.rpm   | cpio -idmv

  3. Move content of the extraction to the correct folders: /opt/{chef,chef-manage,opscoode}
  4. Set PATH=”/opt/opscode/bin:/opt/chefdk/bin/:/data/opt/chef-manage/bin:$PATH” in your profile login script
  5. chef-server-ctl reconfigure
  6. chef-manage-ctl reconfigure
  7. again chef-server-ctl reconfigure

At the end all services are up and running

Screen Shot 2016-08-02 at 19.12.35.png

and my workstation too 🙂

Chef Automate – Installation guide

Hi guys!

let’s take a look of Chef Automate.. In this post we will se how to install it quickly.

Screen Shot 2016-07-28 at 12.38.39

I will install it through Vagrant but you can use my cookbook into a Chef Server.


Requirements:

  1. a Chef Server. Change default[‘chef_automate’][‘chef_server’][‘url’] with the correct IP
  2. an user’s key (client.pem) of a member of your Chef Server Organization. Change default[‘chef_automate’][‘key’][‘base’] and default[‘chef_automate’][‘key’][‘name’] with your values
  3. a Virtualbox private network 192.168.56.0 (or you can set a port forwarding into the Vagrantfile in order access to the webserver through  http://127.0.0.1)
  4. a delivery.license file. Put it into the cookbook directory. You can see it on /vagrant into the guest vm.

Start the provision..

  1. git clone https://github.com/lucky-sideburn/chef_automate.git
  2. vagrant up
  3. https://automate-box01/e/umbrella_corporation/ or use your preferred internal IP or use port forwarding to 127.0.0.1
  4. Select your enterprise

Screen Shot 2016-07-28 at 19.47.56

5. Enjoy!

Screen Shot 2016-07-28 at 20.21.16


 

Thanks!

Eugenio Marzo – Devops Engineer @Sourcesense


sourcesenseLogo266

Build chef LWRP and manage OpenSSH server banner with Chef

Hi guys,
in this article we will se how to build a small LWRP Chef cookbook..The final result will be:

ssh_banner_banner “banner” do
banner_file _banner_file
sshd_config_file node[‘ssh_banner’][‘sshd_config_file’]
paranoic_mode true
action :create
notifies :restart, “service[sshd]”
end


If “paranoic mode” is true, chef will change configuration file and restart sshd, but after 20 seconds (by default) it will do a rollback of configuration

You can try it use Vagrant and Virtualbox..

1. clone git repo from github:

  git clone https://github.com/EugenioMarzo/cookbook-ssh-banner.git

2. show the new banner to copy:

 cat files/default/chef_ssh_banner

3. start vagrant virtual machine:

  vagrant up

4. once the deploy is completed:

Screen Shot 2014-09-01 at 16

Let’s see how to create a simple LWRP:

1. Declare variables in resources/banner.rb

actions :create, :delete

default_action :create

attribute :sshd_config_file, :kind_of => String

attribute :banner_file, :kind_of => String

attribute :paranoic_mode

2. create an action in providers/banner.rb.. Let’s see the :delete function :

action :delete do
#check if ssh banner file is present
check_banner_file new_resource.banner_file
#check if paranoic mode is enabled
paranoic_mode

if ::File.open(new_resource.sshd_config_file).grep(/Banner\ .*/).size >= 1
Chef::Log.info(“Deleting SSH Banner..”)
execute ” sed -i s/Banner\\\ .*//g #{new_resource.sshd_config_file}”

#the next function will inform that the state is changed, an action has been done. This is important because after this will be executed a notify action like a sshd restart

new_resource.updated_by_last_action(true)
else
Chef::Log.info(“SSH Banner not found … doing nothing..”)
new_resource.updated_by_last_action(false)

end

end

3. use it in a recipe.. Delete a banner:

ssh_banner_banner “banner” do
banner_file _banner_file
sshd_config_file node[‘ssh_banner’][‘sshd_config_file’]
paranoic_mode false
action :delete
notifies :restart, “service[sshd]”
end

4. for adding a banner use:

ssh_banner_banner “banner” do
banner_file _banner_file
sshd_config_file node[‘ssh_banner’][‘sshd_config_file’]
paranoic_mode false
action :create
notifies :restart, “service[sshd]”
end