0

Vagrant – create multiple VMs with multiple network interfaces

Today I will just share with you piece of code that I quite often used when I was working with quick spin of machines using Vagrant. It will create 2 VMs for you based on your requirements ( can be more if you modify the code 🙂 )

 

# based on http://stackoverflow.com/a/33789603/2476347
servers=[
  {
    :hostname => "uno",
    :ip => "192.168.100.10",
    :box => "lamudi/centos-7.0",
    :ram => 1024,
    :cpu => 2
  },
  {
    :hostname => "duo",
    :ip => "192.168.100.11",
    :box => "lamudi/centos-7.0",
    :ram => 1024,
    :cpu => 2
  }
]

Vagrant.configure(2) do |config|
    servers.each do |machine|
        config.vm.define machine[:hostname] do |node|
            node.vm.box = machine[:box]
            node.vm.hostname = machine[:hostname]
            node.vm.network "private_network", ip: machine[:ip]
            node.vm.network "public_network", type: "dhcp", bridge: "en0: Wi-Fi (AirPort)"
            node.vm.provider "virtualbox" do |vb|
                vb.customize ["modifyvm", :id, "--memory", machine[:ram]]
              end
            end
          end    
end

 

The code as usual has a lot of potential for upgrade 🙂 if you would have any suggestions please leave comments!

 

1

Redhat 7 – LDAP authentication using Ansible

Hey! Recently along with Sanderv32 we have been trying to get LDAP authentication working on Redhat machines. I must admit that we have spent some quite looking for more structured and decent information how to get this working. However up to our surprise information were completely inaccurate or outdated.

So without big delays we have decided to tackle this challenge using Ansible. Of course first attempts were just to get the idea working. As we were moving our playbook were growing to reach stage at which we could deploy LDAP authentication mechanism to all of our RedHat 7 systems

Below is the output of the runbook being used:

    - name: "LDAP Authentication | Install the required packages"
      yum: >
        name="{{item}}"
        state=present
      with_items:
        - "nss-pam-ldapd"
        - "oddjob"
        - "oddjob-mkhomedir"
      tags:
        - "ldap"
        - "packages"
        - "packages_ldap"

    - name: "LDAP Authentication | Ensure services are running"
      service:
          name={{item}}
          enabled=yes
          state=started
      with_items:
        - "nscd"
        - "nslcd"
        - "oddjobd"
      register: services_ldap
      tags:
        - "ldap"
        - "services_ldap"

    - name: "Debug | Display results"
      debug: msg="{{services_ldap.results}}"
      tags:
        - "ldap"

    - name: "LDAP Authentication | Enable LDAP PAM modules"
      command: "authconfig --enableldap --enableldapauth --enablemkhomedir --update"
      tags:
        - "ldap"

    - name: "LDAP Authentication | Adding configuration templates"
      template: >
        src="templates/{{item}}.j2"
        dest="/etc/{{item}}"
      with_items:
        - "nslcd.conf"
      tags:
        - "ldap"
        - "repository"
        - "repository_ldap"
      notify:
        - restart services ldap

And associated handler

---
  - name: "restart services ldap"
    service: >
      name="{{item.name}}" 
      state=restarted
    with_items: services_ldap.results
    tags:
      - "ldap"
      - "services_ldap"

 

In the above I have highlighted the part which we use to template NLSCD config file. The file contents are completely overwritten so make sure you adjust it to your needs.

This template has been used to connect to Active Directory with dedicated bind user and modified pagesize ( so our results are not trimmed )

# {{ ansible_managed }}
uid nslcd
gid ldap

uri {{ ldap.uri }}
base {{ ldap.basedn }}
binddn {{ ldap.binduser }}
bindpw {{ ldap.binduserpw }}
scope sub
tls_reqcert allow

pagesize 10000
referrals off
idle_timelimit 800
filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    passwd uid              sAMAccountName
map    passwd homeDirectory    unixHomeDirectory
map    passwd gecos            displayName
map    passwd loginShell       "/bin/bash"
filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map    shadow uid              sAMAccountName
map    shadow shadowLastChange pwdLastSet
filter group  (objectClass=group)


ssl no
tls_cacertdir /etc/openldap/cacerts

 

 

Thats it folks! If it would not work with you please leave some comments as this is used to make sure we have means of using LDAP auth on Linux boxes

 

0

ChatOps using Hubot – Zabbix maintanance

 

 


logo_github

 

This post is suplement to GitHub repo available under https://github.com/RafPe/hubot-zabbix-scripts

 


 

 

So finally day has come when I can write about my recent involvement in automating 🙂 this time with use of hubot ( in this role favorite Bender ) and good Rocket.Chat  .

 

Simple idea:

If we need to do it once – lets automate it as for sure someone else will need to use it also at least once

 

And in most cases its true 🙂 So one day I just woke up quite early. Really too early to go to work already 🙂 and too late to get really good sleep still. So I got the thing which we all think in the morning ….. yezzzz coffee 🙂 And then thought about the things that ppl around me have been doing manually for quite a while :/

The challenge which came out of that short moment of thinking was : “setting zabbix server maintanance with hubot ( bender ) “

 

Getting pieces together:

Now I really liked that idea. It was around 6AM in the morning , my coffee was half way through so I geared up and was ready when opened my laptop. Now what was really challenging here is the fact I have never programmed in Coffee script nor in Python and those 2 main components are used to bake this solution. However at the end of the day its only different gramma for getting things done 🙂

I decided not to reinvent the wheel and looked at things that already work. Since at the moment I have been automating a lot with Ansible I looked at their Github page with extra modules.

And that was exactly what I needed. Then I just went ahead and downloaded the hubot – following nice and simple documentation. Based on the info there getting coffeee script to do exactly what I need was just a matter of minutes 🙂 ( at least I hoped so )

 

So this is a proxy ?

Exactly. Coffee script in hubot makes sure we respond to properly set regex values which corresponds to commands given to our hubot. From there we execute python script.

So I have placed biggest efforts on getting the Python script running. I googled around and managed to get it running with arguments. Which in return opened doors to properly proxy from Coffee script.

 

The final version of python script ( final per write up of this post ) has the following syntax

python zbx-maint.py

usage: zbx-maint.py [-h] -u USER -p PASSWORD [-t TARGET] [-s SERVER] -a ACTION
                    [-l LENGTH] [-d DESC] [-r REQUESTOR] [-i ID]

 -u USER      : used to connect to zabbix - needs perm to create/delete maintanance
 -p PASSWORD  : password for the user above
 -t TARGET    : host/groups to create maintanance on
 -s SERVER    : URL of the zabbix server
 -a ACTION    : del or set
 -l LENGTH    : Number of minutes to have maintanance for
 -d DESC      : Additonal description added to maintanance
 -r REQUESTOR : Used to pass who has requested action
 -i ID        : Name of maintanance - used for deletion

 

What about security ?

All passwords and links used within the hubot script are passed using environment variables. For proper control of processes and isolation I have been using here supervisorD ( which is great tool to do this ).

 

HUBOT_ZBX_USER      : user accessing zabbix
HUBOT_ZBX_PW        : password for the user
HUBOT_ZBX_URL       : zabbix server URL
HUBOT_ZBX_PYMAINT   : full path to zbx-maint.py script (used by coffee script)

 

Bender in action:

So without any further delay this is how it looks in action ….

 

hubot_zbx_maint_v1

 

 

 

Being considered:

I’m still looking for other people feedback to see what can be done better. Most likely I will be publishing some more of zabbix automations to enrich chatops and make life more interesting 🙂