ericsysmin's DevOps Blog

Allowing ENV vars in Role/Collection Requirements

Allowing ENV vars in Role/Collection Requirements

If you have a private, or a repo that requires authentication, like in the case of GitLab Enterprise. You may find it difficult to simply pull without any auth your roles or collections from a repository. To do this I struggled for a while, and then realized that we can make use of the envsubst command.

First step we will need to have a template lets call it galaxy_requirements.tpl:

As long as you pass the environment vars to envsubst then it will work, in this case I am going to export the var just for command line sake, but ideally you’d put these in your build tool, either github, gitlab, or jenkins as a sensitive environment parameter to the job so that it does not get printed out.

Now lets put that somewhere in our build repo, and then during the pipeline steps (github/gitlab/jenkins) you will run something like this to resolve the token and run the ansible-galaxy install.

Using these two commands will create a new file galaxy_requirements.yml which would have the following contents.

This prevents you from storing any type of credential within the repository violating any security policies you may have.

Continue reading...
Using Ansible set_fact to generate lists of objects

Using Ansible set_fact to generate lists of objects

In some cases you may want to create nearly identical objects from a list of values, or another dictionary.

This was a commonly needed ability at VMware on the NSX ALB (Avi) team as for many of our infra, and for our customers have a list of servers that we needed to build into a list of dictionaries as we require more than just a specific IP.

This is how to do it (these are tasks, not the entire playbook)

So lets review what we did.

We created the servers_list fact, we set the default value to be a blank list and then for each of the servers in pool_servers separated by , we loop adding the dict {'ip': {'addr': item, 'type': 'V4'}, 'enabled': 'true'} to the servers_list.

This can be applied to any kind of situation where you need to create a list of complicated objects.

The returned output would look like this.

 

 

Continue reading...
Converting Python Google.Cloud Objects to JSON Parseable Dictionaries

Converting Python Google.Cloud Objects to JSON Parseable Dictionaries

Trying to write some python scripts to handle our infrastructure in GCP. I found that the Google Cloud Python SDK, does not easily convert into python using __dict__, and json.dumps() so I had to do some digging. It took a bit of time but found that we can use the Python proto library to handle conversion of the Google Cloud Objects to JSON. Here’s an example of listing GKE clusters.

As you can see using proto.Message.to_json(object) allowed me to provide json parseable data. Just figured someone else can use this and I wanted to keep a note of it as the solution wasn’t something easily able to be found. Someone also found it works for other GCP objects.

Other methods were also discussed here: https://github.com/googleapis/python-vision/issues/70

Continue reading...
Accessing Raw Files on Authenticated GitLab

Accessing Raw Files on Authenticated GitLab

Recently, I started working on more repositories on GitLab. One of the common items in my Ansible testing is the use of URL lookups in the templating of my Dockerfiles in Molecule. There’s a completely different method which requires the use of the GitLab API endpoints that require different formatting and token auth. The details for this can be found here: https://docs.gitlab.com/ee/api/repository_files.html#get-raw-file-from-repository

Searching around I did find that you can pass the token via the private_token parameter to the url.

Because you need to include the folder directory as an encoded value, I had to do lots of trial and error to figure out how to do complicated strings.

Formats like this, DO NOT WORK:

But after a series of attempts, THIS WORKS:

Some explanations of my findings urlencode filter did not work when used inline in the lookup, it made no changes to the file path. To separate, I had to split it out into a jinja set to set the var to a string that included the value using format() jinja filter, then take the result and create an encoded path to meet the encoded requirements of GitLab’s API.

 

Continue reading...
Configuring Docker Desktop on WSL2

Configuring Docker Desktop on WSL2

First steps, you’ll need to install and configure WSL2. To install WSL2 you can use the Microsoft Store or follow these instructions: https://learn.microsoft.com/en-us/windows/wsl/install

Then to install Docker to run on Windows and WSL2 you’ll need to follow these instructions: https://docs.docker.com/desktop/wsl/

During some testing and trying to simplify my WSL2 environment I stumbled upon an annoying issue that prevented me from running docker ps each time I attempted to run docker ps I’d receive the following error.

To get around this issue you’ll need to run the following commands:

Once those are ran you should be able to run docker without hitting permissions errors.

Those commands are adding/ensuring that the docker group exists and adding your existing user to the docker group. It then modifies the docker.sock to allow the docker group access to the socket.

Continue reading...