Updated Aug 2023: using the latest K3s 1.27, MetalLB 0.13.9, and NGINX v1.8.1 K3s is a lightweight Kubernetes deployment by Rancher that is fully compliant, yet also compact enough to run on development boxes and edge devices. In this article, I will show you how to deploy a three-node K3s cluster on Ubuntu nodes that … Kubernetes: K3s cluster on Ubuntu using Ansible
Updated March 2023: using K3s 1.25 and Ubuntu 22.04 K3s is a lightweight Kubernetes deployment by Rancher that is fully compliant, yet also compact enough to run on development boxes and edge devices. In this article, I will show you how to deploy a three-node K3s cluster on Ubuntu nodes that are created using Terraform … Kubernetes: K3s cluster on Ubuntu using terraform and libvirt
For security reasons, you should be very aware that accepting a remote host fingerprint automatically is a procedure that should be considered high-risk. But if you are working with automated infrastructure or pipelines where human intervention is not possible and the constructed entities are being built in a secure fashion with guaranteed provenance, then ssh-keyscan … Bash: accepting a remote host fingerprint with ssh-keyscan
If you want to create a new datastore backed by an NFSv4 share, this can be done either from the ESXi embedded web client or using esxcli. In this article, I will explain how to test a remote NFSv4 volume from an Ubuntu Linux server as validation. Then move on to mounting it as a … VMware: mounting a new NFSv4 datastore
If you followed my previous article on deploying a nested ESXi on KVM, you may eventually need to increase the size of the default datastore1 as you continue your experimentation and deployments. Do not simply increase the size of the original backing KVM qcow2 disk (qemu-img resize), because then you would need to get this … VMware: Extending datastore1 on a ESXi host nested within KVM
If you have captured the multi-line output of a previous Bash command in a variable and later need to count the number of lines stored in that variable, you may reach for an apparently easy solution first. But there are corner cases you may not have covered. The first syntax gotcha is to make sure … Bash: count number of lines in previously captured stdout
Update Dec 2021: I have written an updated version of this article for vCenter 7.0U1 and Anthos 1.8. Anthos GKE on-prem is a managed platform that brings GKE clusters to on-premise datacenters. This product offering brings best practice security measures, tested paths for upgrades, basic monitoring, platform logging, and full enterprise support. Setting up a … Kubernetes: Anthos GKE on-prem 1.4 on nested VMware environment
In this article I will demonstrate how to create an Ubuntu 20 Focal template in vCenter. Then use Terraform to create a vSphere VM based on this template. The VM template creation is done by manually stepping through an installation using the minimal Ubuntu server ISO followed by a set of preparation steps. Then Terraform … Terraform: creating an Ubuntu 20 Focal template and then guest VM in vCenter
Needing to find the most recently modified files in a directory is a pretty common need. Luckily the find utility has flags to easily explore a directory recursively and list recently modified files. If you want to find modified files within ‘N’ days ago from the current directory. # files within the last 24 hours … Bash: find most recently modified files
microk8s has convenient out-of-the-box support for MetalLB and an NGINX ingress controller. But microk8s is also perfectly capable of handling Istio operators, gateways, and virtual services if you want the advanced policy, security, and observability offered by Istio. In this article, we will install the Istio Operator, and allow it to create the Istio Ingress … Kubernetes: microk8s with multiple Istio ingress gateways
Out-of-the-box, microk8s has add-ons that make it easy to enable MetalLB as a network load balancer as well as an NGINX ingress controller. But a single ingress controller is often not sufficient. For example, the primary ingress may be serving up all public traffic to your customers. But a secondary ingress might be necessary to … Kubernetes: microk8s with multiple metalLB endpoints and nginx ingress controllers
If you are using “–extra-vars” at runtime to override a boolean variable, then you should use the JSON syle (instead of key-value pairs) to avoid type conversion issues. For example, if there is a boolean variable named “myflag” that is default to true in your playbook and you attempt to override it like below, it … Ansible: overriding boolean values using extra-vars at runtime
Unfortunately, with_fileglob only works on files local to the Ansible orchestrator host. It will not build a list of files from the remote directory, even if you use something like the copy module that has ‘remote_source: true’. In these situation, you can use the find module to generate a list of files on the remote … Ansible: find module to create glob of remote files
If you need to create a file that has the exact same ownership and permission bits as an existing file, the ‘reference’ flag provides a convenient shortcut. For example, if you had a file named ‘myoriginal’ that had the exact ownership and permissions required for a new file ‘mynewfile’, you could use the commands below … Bash: cloning the ownership and permissions of another file using reference
microk8s is a lightweight Kubernetes deployment by Canonical that is enterprise-grade, yet also compact enough to run on development boxes and edge devices. In this article, I will show you how to deploy a three-node microk8s cluster on Ubuntu nodes that are created using Terraform and a local KVM libvirt provider. Ansible is used for … Kubernetes: microk8s cluster on Ubuntu using Ansible
microk8s is a lightweight Kubernetes deployment by Canonical that is enterprise-grade, yet also compact enough to run on development boxes and edge devices. In this article, I will show you how to deploy a three-node microk8s cluster on Ubuntu nodes that are created using Terraform and a local KVM libvirt provider. This article focuses on … Kubernetes: microk8s cluster on Ubuntu using terraform and libvirt
Terraform is a popular tool for provisioning infrastructure on cloud providers such as EC2 and Azure, but there is also a provider written for local KVM libvirt resources. Using the libvirt provider, we can use standard Terraform constructs to create local VMs, networks, and disks. And unlike older versions of this provider, the plugin binary … KVM: installing Terraform and the libvirt provider for local KVM resources
In a previous article, I showed how to manually setup Alternatives so that different versions of a binary could co-exist on a target machine. In that step-by-step example, we used the Terraform binary as an example, and placed two independent versions in /usr/local/bin, and then set the priority so that terraform14 was preferred. To do … Ansible: Ubuntu alternatives using the community.general collection
Most Git providers-as-a-service have administrative functions for renaming, moving, and even importing repositories from other provider URLs. However, it is also valid to perform these operations manually by repointing the origin and then pushing all commits and tags to a new repository URL. # make sure all changes are pushed first git push # check … Git: cloning a git repository from one location to another
Ansible blocks provide a convenient way to logically group tasks. So it is unfortunate that native Ansible syntax does not allow looping to be combined with a block. Consider the simple conditional block below controlled by a variable ‘do_block_logic’: – name: simple block with conditional block: – name: simple block task1 debug: msg=”hello” – name: … Ansible: implementing a looping block using include_tasks
The legacy method of running crontab jobs from files located at /var/spool/cron (edited using ‘crontab -e’) is slowly giving way to files located in /etc/cron.d. This way of creating a file entry for each job is easily handled by Ansible using the cron module as shown below. – name: Creates a cron file under /etc/cron.d … Ansible: creating a cron.d file for periodic system jobs
One way to implement character padding in Bash is to use printf and substring extraction. This can be especially useful in reports or menu display. Given a $padding variable that contains the maximum length of characters, you can subtract out the length of a display string like below. # length of maximum padding padding=”………………………………..” printf … Bash: using printf to display fixed-width padded string
If you need to expand an encrypted zip file using the Ansible unarchive module, then you will need to provide the password using the ‘extra_opts’ parameter. Per below, make sure you place the “-P” flag as an independent argument to the password. – name: unzip encrypted zip unarchive: src: mysource.zip dest: /remote/path extra_opts: – “-P” … Ansible: unzipping an encrypted file using the unarchive module
Shared infrastructure services for a datacenter are usually deployed on Virtual Machines, but there is a growing opportunity to run these services as containers in a highly-available Kubernetes cluster. I have built a custom image which has a Chrony NTP daemon on a lightweight Alpine image and exposed it as a Service at port 123/udp. … Kubernetes: container for offering NTP as a Service
If you need a lightweight NTP server, an Alpine based container image with a chrony daemon takes up minimal runtime resources and is about 8Mb in size. I have pushed ‘fabianlee/docker-chrony-alpine‘ to docker hub. The run command requires that you specify linux capabilities and a volume for the chrony.conf file, so the easiest way to … Docker: building an ntp server image with Alpine and chrony
WireGuard aims to be the successor to IPsec and more performant than OpenVPN. It is a general purpose VPN that is secure enough for servers, yet light enough to run on embedded devices. In a previous article I described the installation of a WireGuard server with a Windows VPN client. I will extend those instructions … Ubuntu: WireGuard VPN for Ubuntu server, with an iPhone client
WireGuard aims to be the successor to IPsec and more performant than OpenVPN. It is a general purpose VPN that is secure enough for servers, yet light enough to run on embedded devices. In this article, I will show how to install WireGuard on two Ubuntu servers in completely different hyperscalers that are linked by … Ubuntu: site-to-site VPN with WireGuard
Update Sep 2023: Installing ansible-core at user level (not system) with pip Ansible is an agentless configuration management tool that helps operations teams manage installation, patching, and command execution across a set of servers. In this article I’ll describe how to install the latest release of Ansible.
It is relatively straightforward to create a GCP public subnet where the compute instances have access to the public internet via the default internet gateway. But once you start building private subnets behind it, you must start considering firewall, routing, and the NAT gateways required to reach public services. In this article, I will use … Terraform: provisioning GCP servers in both public and private subnets
It is relatively straightforward to create an AWS public subnet where the compute instances have access to the public internet via the default internet gateway. But once you start building private subnets behind it, you must start considering security groups, routing, and the NAT gateways required to reach public services. In this article, I will … Terraform: provisioning AWS servers in both public and private subnets
WireGuard aims to be the successor to IPsec and more performant than OpenVPN. It is a general purpose VPN that is secure enough for servers, yet light enough to run on embedded devices. In this article, I will show how to install WireGuard on an Ubuntu server and then access it using a Windows client. … Ubuntu: WireGuard VPN for Ubuntu servers, with a Windows client
The ‘azurerm‘ Terraform provider allows you to build a Windows server in Microsoft’s Azure hyperscaler. However, in order to use this provisioner, you must first install the Azure CLI. And in line with automation best practices we will use a Service Account (Principal) to create the networks, security rules, and compute instances. When complete, you’ll … Terraform: provisioning an RDP enabled Windows server in Azure
Terraform is a popular tool for provisioning infrastructure on cloud providers such as EC2, Azure, and GCP. If you want to install Teraform on Ubuntu using apt-get, follow HashiCorp’s standard installation document. However, I find that I often need multiple versions for different projects. Find your desired version of the binaries at the Terraform download … Terraform: installing Terraform manually on Ubuntu
Ansible uses ssh to configure its target host inventory, but for on-premise datacenters as well as hyperscalers like EC2/GCP/Azure, the target hosts are often purposely located in deeper private subnets that cannot be reached from the Ansible orchestrator host. One solution is to enable a bastion/jumpbox host that serves as the forwarding host. It sits … Ansible: orchestrating ssh access through a bastion host
If you can conform to a bit of naming convention, one way to easily render template files in Bash is to have the template and bash variables names match. Then you can either use sed or envsubst to do the substitution. For example, here are two variables being defined and then placeholders embedded into the … Bash: render template from matching bash variables
Managing resources in Azure from the command line can be done natively from Ubuntu using the Azure CLI. First, add the prerequisite packages. sudo apt-get update sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg -y Then install the Microsoft signing key and add the custom repository. curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg –dearmor | sudo tee … Azure: installing the Azure CLI on Ubuntu
You can bake a startup script directly into the creation of your GCE compute instance when using Terraform. Although complex post-configuration should be left to tools such as Ansible, essential bootstrap type commands or custom routes for instances in private subnets are reasons why you might need to use this hook. Below is an example … Terraform: invoking a startup script for a GCE google_compute_instance
You can bake a startup script directly into the creation of your EC2 instance when using Terraform. Although complex post-configuration should be left to tools such as Ansible, essential bootstrap type commands or custom routes for instances in private subnets are reasons why you might need to use this hook. Below is an example of … Terraform: invoking a startup script for an EC2 aws_instance
With Ansible, it is possible to have a variable populated with either the content of a remote or local file. For a file on a remote host, you can use the ‘slurp‘ module to put the content into a register, but then you must base64 decode the content. – name: get content of remote file … Ansible: creating a variable from a remote or local file content
In a single Ansible playbook, you may wish to apply some roles to all hosts, while limiting other roles to only certain groups. While it is certainly possible to apply a role to all hosts and then use a ‘when’ to filter down to the desired group like below: – hosts: all gather_facts: yes roles: … Ansible: applying roles to certain groups in a single playbook