ericsysmin's DevOps Blog

Deploying Modules as an Ansible Role

As Ansible grows as solution for much of the DevOps community many partners and supported modules are hitting the community. However, all of us are being hit by a serious problem. Release Gap.

Release Gap is the difference of time between your modules being accepted into the Ansible core and the time you release a new feature or patch you want your customers to use.

At Avi we ran into this problem, and luckily Ansible has a solution. Roles. Using roles to deploy your modules helps you control your code and guarantee customers are using the latest tested modules you offer.

To do this we need to have a role structure as such.

However, users will need to include the role in their playbook.

However, there are some caveats. Your module names should never be the same as modules that someone else, or core uses. In our case we stuck with avi_<module-name>  for our modules.

A good way to look at the pipeline is the following.

Using this pipeline you can then import your modules into the core, but also pre-release or release modules at your own schedule and version, independent of Ansible release schedule. You can also allow users to upgrade their environments.

Users can then download your modules using the following command.

You can also specify version so your end users can control versions of your modules

The goal of this was to empower the partners, supported modules to be downloaded by customers without having to force customers to also upgrade Ansible itself which can affect other modules that are working for all playbooks.

Continue reading...

Been a while…

Sorry everyone, I’ve been gone for a while. I’ve been super busy at this company Avi Networks. I’ve been here for 2 years, and it’s been growing fast. However, I’m back in the DevOps/SRE realm of things, which will allow me to once again share some of my insights on the world of automation, containers, scripting, and other cool workarounds to get things working the way you want.

I’m probably going to make a few changes in the next few weeks to this blog to get it running again, and move the commenting system over to something that I won’t have to manage and prevent spam. I’ve manually had to approve a lot of comments, and that doesn’t scale, obviously. lol

Continue reading...

Allow HGFS mount on open-vm-tools

It appears that when you install open-vm-tools on Ubuntu 16.04 for VMware Workstation the HGFS mount is never created. To get your shared folders to show up we need to perform a few steps.

  1. We need to create the /mnt/hgfs folder.
  2. To mount your shares temporarily run the following command.
  3. To persist the mount you will need to edit the /etc/fstab file. Add the following line.
  4.  Reboot the host to verify persistence of the mount.
Continue reading...

Running Ansible without an Inventory File

So, it seems this isn’t widely used or documented, but it is possible to run a playbook without passing through an inventory file.

To do so we need to use the following example:

Another, but with an IP:

It’s very handy when trying to deploy hosts but you don’t want to need to manage static files with host entries. However, there are a few things to keep in mind. You will need to pass the user via command line, or in the playbook itself. Using the command line,  -u REMOTE_USER, or --user=REMOTE_USER .

The , (comma) after the host is EXTREMELY important. Without this, it will look for a file to load in your current working directory. Which isn’t the case when we are trying to execute a host simply from IP.

You will also need to set hosts to all, in your playbook. Failure to do so will also cause a failure.


Hopefully this helps in your automation endeavors.

Continue reading...

Adding Self Signed Root Certificates

Often times you may need to have your internal systems have a non-public root certificate installed, from an internal CA. These are a few steps on how to add that root certificate.

Linux (CentOS 6)

  1. Install the ca-certificates package from yum.
  2. Enable the ability to dynamically update CA Trusts
  3. Add your certs to /etc/pki/ca-trust/source/anchors/
  4. Update your CA Trusts

 Linux (CentOS 7)

  1. Copy your root certificate to /etc/pki/ca-trust/source/anchors/
  2. Update your CA Trusts
Continue reading...