Working as of 18.0.0 and 19.0.0.
get code
gh repo clone ansible/awx-operator
set env, ensure pyenv and pyenv-virtualenvs are installed
pyenv virtualenv awx-operator
pyenv activate awx-operator
Running wsgi with nginx for dummies | |
This was written while trying to get ceph-dash monitoring flask api to work with nginx, I'm sure some of the concepts here could be applied to | |
just about any app you're trying to serve through nginx. | |
So ever wanted to know how to fix all the problems? | |
FIX FOR 500 RESPONSE CODE | |
Nginx is NOT starting any wsgi processes for you, I had to start this server manually. In order to get this to work from uwsgi the full path MUST be given to .wsgi file. |
Working as of 18.0.0 and 19.0.0.
get code
gh repo clone ansible/awx-operator
set env, ensure pyenv and pyenv-virtualenvs are installed
pyenv virtualenv awx-operator
pyenv activate awx-operator
I want to create a list of items from a string that would be useful in yaml json or python, so ["1","2"]
from 1 2
(and back again). First understand you have to match a pattern before you can manipulate it. Second understand exactly what that pattern is.
My pattern is a list of yum packages I'd like to quickly move to a yaml list for ansible. Here I have alphanumeric words with 1 sometimes 2 dashes. I have a word with no dashes and one with a dot .
.
python2-mock python-zope-interface pytz pyOpenSSL.x86_64
The answer is, or at least my answer is
[
{
I isolate dependencies using python virtual environments. The base system's os python version can be leaverage inside of these environments when tools clash. Like for certbot or ansible password files where the base configurations doesn't change.
But not to muddy the waters here's exactly what I mean. The azure.azcollection for ansible has a requirements.txt file. They requirements are only necessary for one of our ansible repos. There are clashing dependencies between this collection and our ansible vault_pass
file.
So how do you have the vault_pass
file called by ansible from within a virtual environment utilise a different version of ansible. The answer is not as simple as you might think, or at least not as simple as I first thought.
If I setup a virtual environment the calling interpreter of ansible (the interpreter of my environment) will call the /usr/bin/az
command, which is fine, if it has the dependencies in PATH to run it, which it doesn't.
# ansible.cfg
vault_password_file =
Remove the difference between 2 lists.
- name: Get a file list of deployed post-hooks
command: ls /etc/letsencrypt/renewal-hooks/post/
register: st
- name: Strip file extensions from file list
set_fact:
deployed_post_hooks: "{{ st.stdout_lines|map('regex_replace', '(.sh)', '')|list }}"
If you're using letsencrypt with a third party public dns provider who don't support a mature api you'll have to ensure that the nameservers have propagated the newly created txt record before exiting your manual-auth scripts, returning control back to LE. LE will issue a challenge expecting the record to exist. Depending on the method used by the provider this challenge can fail, actually it likely will if it takes minutes or even 20 to 30 seconds.
This is part of a larger script which will ensure that your dns record is propagated before returning control to LE. The way that I construct text records in this script (not shown here) is done in such a way that something.something.something...example.com
can be chained for as long a domain name is as allowed but here I'm manually setting the _acme-challenge.
prefix which always comes at the start regardless of the length.
Also note that I'm using 8.8.8.8 to gather a list of public provider NS servers for doamin example.com. This is an api problem solved i
Here's an example of letting ansible provision certificates and test challenges against a dns provider from the stage api and then rolling on to the production api when it's successful. This ensures you don't hit an api limit with LE and that dns and challenge funcationality is working properly.
Note the task file is being reused and vars:
are passed like a function signature.
flags
is used in the pull.sh and server
/quiet
are used in the cli.ini. There's a cron element not shown here which would use a renewal
script once the initial pull is issued by ansible.
# ansible-playbook -i inventory le.yaml --tags test-letsencrypt-challenge
---
- import_tasks: issue-certificates.yml
vars:
Maybe the daftest of all gists. Indeed for timing anything timeout n
or sleep n
are what you should absolutely use in bash. But I thought the visual was cool for this one.
timer () {
t=${1:-60}
python -c '
import time
import sys
t = int(sys.argv[1])
for i in range(t):
print(f"\r {t-i}", end="")
Enable coredumps for the kernel
mkdir /data/corefiles
chmod 777 /data/corefiles
echo /data/corefiles/core > /proc/sys/kernel/core_pattern
echo 1 > /proc/sys/kernel/core_uses_pid
sysctl -w fs.suid_dumpable=2
cat <<SETCORE > /etc/sysctl.d/mariadb_core.conf
kernel.core_pattern=/data/corefiles/core
kernel.core_uses_pid=1