why Google App Engine? I was recently lucky enough to attend Google Next 17 and got to learn about Google Cloud Platform from some ridiculously smart Google engineers. This included some amazing people like Kelsey Hightower, Jessie Frazelle, Alex Mohr, Niels Provos, Terrence Ryan,… These engineers are phenomenal in their areas of expertise and it was awesome to hear their talks. This isn’t even all inclusive, but wait there's more - https://www.
problem I wanted to create a simple inventory website. I wanted to have a collection of information, including all systems, installed software on those systems, and any other relevent stats and details on those systems. The available tools out there, however, I didn’t really like. I just wanted a simple static HTML site, with possible some search features. Why not use some free software out there to generate my own?
Note - I have updated this for Kubernetes 1.7.x. Deploying Kubernetes, complete with an OpenVPN access point, a CFSSL x509 certificate generation service, and an internal Kubernetes cluster DNS, complete with a Weave CNI daemonset, and kube-dns, the Kubernetes internal DNS resolver. It is a two part process; first, using Terraform, it builds the AWS infrastructure, including VPC settings, IAM roles, security groups, instances, etc. Once the infrastructure is deployed, Ansible is then used to configure the system accordingly.
A useful Ansible snippet - splitting a variable value in Ansible. the stuffs - splitting a variable using .split Let’s paint a picture. Say there’s an application that needs upgraded. It’s distributed via a tarball. There is a service setup using a symlink - software -> software-1.2.3. The workflow would be something like… Untar a file. Change the symlink to point to the new folder (software -> software-2.0.0). There’s already a variable for the tar file name.
First post! Um, again… My name is Bill Cawthra, I’m a DevOps, Sys admin, IT… person. I like to build things and make them work. THIS is the first post here on the new landing spot for my blog and notes, billyc.io. Currently it’s being deployed using Hugo and Google App Engine. There are two sites, http://test.billyc.io, a standard GAE application and the official https://blog.billyc.io. The first is a GAE standard and the second is GAE flexible.
Using Ansible Container, Ansible, and AWS, deploy a personal VPN server, while also creates a specified user, the appropriate OpenVPN configuration file, and saves it to the local user’s desktop. background Having a personal VPN server is immensely useful; we live in a mobile world with plenty of wifi hotspots. With these open access points, security is definitely a large issue. There are VPN services available, but it is often desirable to manage our own service.
2017-03-16 UPDATE - I’m not sure I see a good use case for Ansible container. It’s neat, but at this time it comes off as overly complicated and REALLY slow. Maybe it will advance and become interesting, but right now, a Dockerfile seems better in many ways. Using ansible-container, the post covers creating Docker images, specifically images for development with AWS and Azure. It will configure the images accordingly, using Ansible playbooks and roles.
A spin off from Ansible SSH bastion host for dynamic infrastructure in AWS, this post documents how to gather EC2 instance SSH public key from the AWS System Log. background For a while I was stumped at how to deal with AWS, AMIs and SSH fingerprints/public keys. Initially, it was through pre-baked AMIs. But what if pre-baking AMIs isn’t realistic? Or the AMIs are baked without SSH host keys generated and aren’t known?
Using Ansible to manage internal VPC private instances without using VPNs, by deploying a SSH proxy bastion host. background When dealing with a web stack or AWS infrastructure, how are private instances that do NOT need a public IP address managed? It’s not an extremely difficult question. In many cases VPNs are used for this purpose. But what if a VPN isn’t needed? It’s arguably overkill and it can introduce a lot of overhead, creating multiple site-to-site VPNs and linking various regions together.
A lot of times I’ll need to quickly generate an SSL CA and sign some SSL certs. This can be for a variety of reasons. Maybe I need to test out an SSL configuration. Maybe I want to use throw away SSL connections that aren’t public and don’t matter. Regardless on how it’s used, here’s a fast way to generate a self-signed CA, a private key, a CSR, and finally a signed certificate.