isweluiz

Sometimes we need to read a list of files, a list of lines, a list of directories or other list, which we need to use some parameter to read those list. With Ansible we have a lot of different kind of options to do that, sometimes looks complex, due to the reason to have many ways to do the same thing, but lets uncomplicate that.

How I said Ansible support many mechanism to interact over loops, the most common is with_items, the documentation with all the avalable option is here.

Let's see some good way and option, to review and remember later.

isweluiz

In an ideal world, all of your configuration information would be stored as Ansible variables, in the various places that Ansible lets you define variables (e.g., the vars section of your playbooks, files loaded by vars_files , files in the host_vars or group_vars directory).

Alas, the world is a messy place, and sometimes a piece of configuration data we need lives somewhere else. Maybe it’s in a text file or a .csv file, and we don’t want to just copy the data into an Ansible variable file because now you have to maintain two copies of the same data, and you believe in the DRY 2 principle. Or maybe the data isn’t maintained as a file at all; it’s maintained in a key-value storage service such as etcd.

Ansible has a feature called lookups that allows you to read i

isweluiz

First, if you need :) here you are the official documentation

Create a repo.

Make sure there is at least one file in it (even just the README.md)

Generate a SSH key pair (private/public):

ssh-keygen -t rsa -C "your_email@example.com"

isweluiz

If you are facing the following issue while using pip install application_name:

Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url

The following solution will help solve the problem:

Update the /etc/pip.conf with the following config:

isweluiz

Run Rancher agent in k8s v1.24 - no secret exists for service account cattle-system/cattle

I noticed some errors related to secret for service user acctount to import the Kubernetes cluster version v1.24 for rancher server v2.6, below I show the reason for that, and explain the reason based on the documentation. This error starts to happen after the K8s version 1.24 when some new features were enabled in Kubernetes version 1.24, including how the tokens are generated. Looks like many people departed with the same issue, see here.

*The LegacyServiceAccountTokenNoAutoGeneration feature gate is beta, and enabled by default. When enabled, Secret API objects containing service account tokens are no longer auto-generated for every ServiceAccount. Use the [TokenRequest API](https://kubernetes.io/docs/reference/kubernetes-api/authentication-res

isweluiz

Kubernetes Container Network Interface (CNI) providers

Official Documentation:

Installing Addons

Network Plugins

Cluster Networking

isweluiz

RKE vs RKE2

RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution.

It is a fully conformant Kubernetes distribution that focuses on security and compliance within the U.S. Federal Government sector.

To meet these goals, RKE2 does the following:

• Provides defaults and configuration options that allow clusters to pass the CIS Kubernetes Benchmark v1.6 with minimal operator intervention
• Enables FIPS 140-2 compliance

isweluiz

Ansible Inventory report with ansible-cmdb

Ansible-cmdb takes the output of Ansible's fact gathering and converts it into a static HTML overview page (and other things) containing system configuration information.

It supports multiple types of output (html, csv, sql, etc) and extending information gathered by Ansible with custom data. For each host it also shows the groups, host variables, custom variables and machine-local facts.

• GitHub
• Full Documentation
• Usage

isweluiz

How to modify a list of dictionaries with Ansible

For the below scenario, what we'are trying to solve to do?

• Looking for directories and change their permissions
• Change the permission non-recursive
• Change just the folder that match with the specific permission

Ansible Modules

• Find

isweluiz

Infrastructure as Code is based on a few practices

• Use Definition Files: all configuration is defined in executable configuration definition files, such as shell scripts, Ansible playbooks, Chef recipes, or Puppet manifests. At no time should anyone log into a server and make on-the-fly adjustments. Any such tinkering risks creating SnowflakeServers, and so should only be done while developing the code that acts as the lasting definition. This means that applying an update with the code should be fast. Fortunately computers execute code quickly, allowing them to provision hundreds of servers faster than any human could type.

• Self-documented systems and processes: rather than instructions in documents for humans to execute with the usual level of human reliability, code is more precise and consistently executed. If necessary, other human readable documentation can be generated from this code.

• Version all the things: Keep all this code in source con