ansible when with_items – ignore one group

I’m setting up icinga & using

However, it’s putting a config on the icinga server to monitor itself, which is causing

information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/pmlgra-03.domain.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/satellite.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/services.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/slave-6.domain.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/templates.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/timeperiods.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/users.conf
critical/config: Error: Object 'dmlici-02.domain' of type 'Host' re-defined: in /etc/icinga2/conf.d/hosts.conf: 18:1-18:20; previous definition: in /etc/icinga2/conf.d/dmlici-02.domain.conf: 2:1-2:35
Location: in /etc/icinga2/conf.d/hosts.conf: 18:1-18:20
/etc/icinga2/conf.d/hosts.conf(16):  */

So this ansible with_items and when fixed it. Note: My icinga server is in a group called icinga

- name: Copy Host Definitions
  template: src=hosts_template.j2
            dest={{ icinga2_hosts_dir }}/{{ hostvars[item]['inventory_hostname'] }}.conf
  with_items: groups['all']
  when: "'icinga' not in hostvars[item]['group_names']"

Rename files to no longer have spaces in names

I was having a problem where the for loop split files with spaces into multiple lines.

jamess@greenscar Ace_Of_Base_-_Star_Mark_Greatest_Hits_(2008)_-_flac $ for i in `find . -type f -name "* *"`; do  echo "$i"; rename 's/\ /_/g' "$i"; done;

Then I found the IFS

IFS=$'\n'; for i in `find . -type f -name '* *.flac'`; do  echo "$i"; rename 's/\ /_/g' "$i"; done; unset IFS

And she works.

jamess@greenscar sorted $ IFS=$'\n'; for i in `find . -type f -name '* *.flac'`; do  echo "$i"; rename 's/\ /_/g' "$i"; done; unset IFS
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/01 - Thunderstruck.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/02 - Shoot To Thrill.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/03 - Big Gun.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/04 - Fire Your Guns.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/05 - You Shook Me All Night Long.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/06 - Heatseeker.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/07 - Back In Black.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/08 - Who Made Who.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/09 - Hard As A Rock.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/10 - Hells Bells.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/11 - Moneytalks.flac

ffmpeg on osx to convert flac to Apple Lossless (’cause itune$ won’t support flac)


  1. Install brew
  2. Install ffmpeg

    user@box dir $ brew install ffmpeg --with-fdk-aac --with-ffplay --with-freetype --with-frei0r --with-libass --with-libvo-aacenc --with-libvorbis --with-libvpx --with-opencore-amr --with-openjpeg --with-opus --with-rtmpdump --with-schroedinger --with-speex --with-theora --with-tools
  3. Convert all flac files

    for f in `find . -type f -name *.flac`; do ffmpeg -i "$f"  -vf "crop=((in_w/2)*2):((in_h/2)*2)" -c:a alac "${f%.flac}.m4a"; done

Self signed root cert with multdomain cert & sha-256

Self signed root cert with multdomain cert & sha-256
Prep by creating dirs

mkdir -p /Users/user/Documents/multidomain/root_cert/private/
mkdir -p /Users/user/Documents/multidomain/star_devwest_foobar_com/

Root Certs
Create Root Key

user@greenscar root_cert $ openssl req \
-x509 \
-new \
-nodes \
-days 3650 \
-newkey rsa:2048 \
-sha256 \
-subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*" \
-keyout /Users/user/Documents/multidomain/root_cert/private/root_ca.key

Create Self Signed Root Cert

openssl req \
-x509 \
-sha256 \
-new \
-nodes \
-days 3650 \
-key /Users/user/Documents//SHA-256/root_cert/private/root_ca.key \
-subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*" \
-out /Users/user/Documents/multidomain/root_cert/root_ca.crt      

Per environment certs
CD to cert dir

user@greenscar star_devwest_foobar_com $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com

Create Private Key

openssl genrsa \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \

Generate CSR

user@greenscar SHA-256 $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com
openssl req -new \
-config /Users/user/Documents/multidomain/ \
-key /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \
-sha256 \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \
-subj "/C=US/ST=California/L=San\ Jose/O=FooBar\ Inc./" 

Create files with all domains you want supported

echo ",DNS:*">cert_extensions

Checkout our new CSR
openssl req -text -noout -in star_devwest_foobar_com.csr

Sign cert via self signed root cert

openssl x509 -req \
-in /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \
-CA /Users/user/Documents/multidomain/root_cert/root_ca.crt \
-CAkey /Users/user/Documents/multidomain/root_cert/private/root_ca.key \
-CAcreateserial \
-sha256 \
-extfile cert_extensions \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.crt \
-days 3650

Upload Cert

user@greenscar star_devwest_foobar_com $ aws iam delete-server-certificate --server-certificate-name star_devwest_foobar_com
user@greenscar star_devwest_foobar_com $  aws iam upload-server-certificate --server-certificate-name star_devwest_foobar_com  --certificate-body file://star_devwest_foobar_com.crt --private-key file://star_devwest_foobar_com.key

Multiline find / replace

I need to configure Jenkins jobs, which are currently configured to run anywhere to work on a specific label. Sure I could do it via the gui but in a SOA, I don’t want to manually do this in 100+ jobs.
So the files currently has in it:


I want it to be:


I run:

server:~/jenkins/jobs> perl -pi -e 'BEGIN{undef $/;} s/<\/scm>.+?true<\/canRoam>/<\/scm>\nbuild<\/assignedNode>\nfalse<\/canRoam>/smg' app*/config.xml

Many thanks to aks and StackOverflow for the help

rename cmd on osx

One thing I missed when moving to osx was the rename cmd. Sure you can you mv but when I’m dealing with thousands of files, rename makes it much easier.

To get it on mac, all you need is

  1. Install Homebrew
  2. Install rename
    brew install rename 

That simple!!!

AWS / Ansible Dynamic Inventory

I’ve been working to manage dynamic inventory in AWS for Ansible deploys… then I came across this stack overflow link & ches’ answer.

Ansible looks for executables and flat files in a directory and merges their results.

=> tree inventory/staging
-- base
-- ec2.ini
-- group_vars -> ../group_vars

The base file looks like:

=>  more inventory/staging/base
# I need to tell Ansible which Python on my system has boto for AWS ansible_python_interpreter=/usr/local/bin/python

# The EC2 plugin will populate these groups, but we need to add empty entries
# here to make aliases for them below.



You then just point to the directory for inventory:

$ ansible -i inventory/staging webservers -m ec2_facts
# OR
$ export ANSIBLE_HOSTS=inventory/staging
$ ansible webservers -m ec2_facts

aws cmd line tool – use profiles

I’ve got a home account & a work account. I need to easily swap between the 2.
Add 2 sets of creds



Add 2 sets of region / outputs


[profile work]

Then to use a profile:

export AWS_PROFILE=work


aws ec2 describe-instances --profile work


Ubuntu – edit iptables

As a CentOS user, Ubuntu was driving me crazy with no /etc/sysconfig/iptables and this odd workaronud where you are to create multiple files to load on boot in order to save your iptables. Then I found iptables-persistent

  1. Install iptables-persistent
    root monitoring:~# apt-get install iptables-persistent
  2. Now configure your iptables (for v4… if using v6, replace end of filename)
    root monitoring:~# vi /etc/iptables/rules.v4

Now when I reboot, the appropriate rules are in place.