ansible when with_items – ignore one group

I’m setting up icinga & using https://github.com/Icinga/icinga2-ansible

However, it’s putting a config on the icinga server to monitor itself, which is causing

information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/pmlgra-03.domain.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/satellite.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/services.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/slave-6.domain.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/templates.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/timeperiods.conf
information/ConfigCompiler: Compiling config file: /etc/icinga2/conf.d/users.conf
critical/config: Error: Object 'dmlici-02.domain' of type 'Host' re-defined: in /etc/icinga2/conf.d/hosts.conf: 18:1-18:20; previous definition: in /etc/icinga2/conf.d/dmlici-02.domain.conf: 2:1-2:35
Location: in /etc/icinga2/conf.d/hosts.conf: 18:1-18:20
/etc/icinga2/conf.d/hosts.conf(16):  */
/etc/icinga2/conf.d/hosts.conf(17): 

So this ansible with_items and when fixed it. Note: My icinga server is in a group called icinga

- name: Copy Host Definitions
  template: src=hosts_template.j2
            dest={{ icinga2_hosts_dir }}/{{ hostvars[item]['inventory_hostname'] }}.conf
            owner=root 
            group=root 
            mode=0644
  with_items: groups['all']
  when: "'icinga' not in hostvars[item]['group_names']"

Rename files to no longer have spaces in names

I was having a problem where the for loop split files with spaces into multiple lines.

jamess@greenscar Ace_Of_Base_-_Star_Mark_Greatest_Hits_(2008)_-_flac $ for i in `find . -type f -name "* *"`; do  echo "$i"; rename 's/\ /_/g' "$i"; done;
./CD_1/01.Happy
Nation.flac
./CD_1/02.All
That
She
Wants.flac
./CD_1/03.The
Sign.flac
./CD_1/04.Wheel
Of
Fortune.flac
...

Then I found the IFS

IFS=$'\n'; for i in `find . -type f -name '* *.flac'`; do  echo "$i"; rename 's/\ /_/g' "$i"; done; unset IFS

And she works.

jamess@greenscar sorted $ IFS=$'\n'; for i in `find . -type f -name '* *.flac'`; do  echo "$i"; rename 's/\ /_/g' "$i"; done; unset IFS
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/01 - Thunderstruck.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/02 - Shoot To Thrill.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/03 - Big Gun.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/04 - Fire Your Guns.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/05 - You Shook Me All Night Long.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/06 - Heatseeker.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/07 - Back In Black.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/08 - Who Made Who.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/09 - Hard As A Rock.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/10 - Hells Bells.flac
./ACDC/2008_-_Warning!_High_Voltage_-_Greatest_Hits/CD1_-_Brian_Johnson/11 - Moneytalks.flac
...

ffmpeg on osx to convert flac to Apple Lossless (’cause itune$ won’t support flac)

References:
http://www.renevolution.com/how-to-install-ffmpeg-on-mac-os-x/
http://sound.stackexchange.com/questions/26633/free-batch-conversion-from-flac-to-apple-lossless-alac

  1. Install brew
  2. Install ffmpeg

    user@box dir $ brew install ffmpeg --with-fdk-aac --with-ffplay --with-freetype --with-frei0r --with-libass --with-libvo-aacenc --with-libvorbis --with-libvpx --with-opencore-amr --with-openjpeg --with-opus --with-rtmpdump --with-schroedinger --with-speex --with-theora --with-tools
    
  3. Convert all flac files

    for f in `find . -type f -name *.flac`; do ffmpeg -i "$f"  -vf "crop=((in_w/2)*2):((in_h/2)*2)" -c:a alac "${f%.flac}.m4a"; done
    

Self signed root cert with multdomain cert & sha-256

Self signed root cert with multdomain cert & sha-256
—-
Prep by creating dirs

mkdir -p /Users/user/Documents/multidomain/root_cert/private/
mkdir -p /Users/user/Documents/multidomain/star_devwest_foobar_com/

Root Certs
Create Root Key

user@greenscar root_cert $ openssl req \
-x509 \
-new \
-nodes \
-days 3650 \
-newkey rsa:2048 \
-sha256 \
-subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*.foobar.com" \
-keyout /Users/user/Documents/multidomain/root_cert/private/root_ca.key

Create Self Signed Root Cert

openssl req \
-x509 \
-sha256 \
-new \
-nodes \
-days 3650 \
-key /Users/user/Documents//SHA-256/root_cert/private/root_ca.key \
-subj "/C=US/ST=California/L=San\ Jose/O=Cloud\ Cruiser\ Inc./CN=*.foobar.com" \
-out /Users/user/Documents/multidomain/root_cert/root_ca.crt      

————————————————
Per environment certs
CD to cert dir

user@greenscar star_devwest_foobar_com $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com

Create Private Key

openssl genrsa \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \
2048

Generate CSR

user@greenscar SHA-256 $ cd /Users/user/Documents/multidomain/star_devwest_foobar_com
openssl req -new \
-config /Users/user/Documents/multidomain/foobar.com.cnf \
-key /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.key \
-sha256 \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \
-subj "/C=US/ST=California/L=San\ Jose/O=FooBar\ Inc./CN=devwest.foobar.com" 

Create files with all domains you want supported

echo "subjectAltName=DNS:devwest.foobar.com,DNS:*.devwest.foobar.com">cert_extensions

Checkout our new CSR
openssl req -text -noout -in star_devwest_foobar_com.csr

Sign cert via self signed root cert

openssl x509 -req \
-in /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.csr \
-CA /Users/user/Documents/multidomain/root_cert/root_ca.crt \
-CAkey /Users/user/Documents/multidomain/root_cert/private/root_ca.key \
-CAcreateserial \
-sha256 \
-extfile cert_extensions \
-out /Users/user/Documents/multidomain/star_devwest_foobar_com/star_devwest_foobar_com.crt \
-days 3650

Upload Cert

user@greenscar star_devwest_foobar_com $ aws iam delete-server-certificate --server-certificate-name star_devwest_foobar_com
user@greenscar star_devwest_foobar_com $  aws iam upload-server-certificate --server-certificate-name star_devwest_foobar_com  --certificate-body file://star_devwest_foobar_com.crt --private-key file://star_devwest_foobar_com.key

Multiline find / replace

I need to configure Jenkins jobs, which are currently configured to run anywhere to work on a specific label. Sure I could do it via the gui but in a SOA, I don’t want to manually do this in 100+ jobs.
So the files currently has in it:

   </scm>
   <canRoam>true</canRoam>
   <disabled>false</disabled>

I want it to be:

   </scm>
   <canRoam>false</canRoam>
   <disabled>false</disabled>

I run:

server:~/jenkins/jobs> perl -pi -e 'BEGIN{undef $/;} s/<\/scm>.+?true<\/canRoam>/<\/scm>\nbuild<\/assignedNode>\nfalse<\/canRoam>/smg' app*/config.xml

Many thanks to aks and StackOverflow for the help

rename cmd on osx

One thing I missed when moving to osx was the rename cmd. Sure you can you mv but when I’m dealing with thousands of files, rename makes it much easier.

To get it on mac, all you need is

  1. Install Homebrew
  2. Install rename
    brew install rename 
    

That simple!!!

AWS / Ansible Dynamic Inventory

I’ve been working to manage dynamic inventory in AWS for Ansible deploys… then I came across this stack overflow link & ches’ answer.

Ansible looks for executables and flat files in a directory and merges their results.

=> tree inventory/staging
inventory/staging
-- base
-- ec2.ini
-- ec2.py
-- group_vars -> ../group_vars

The base file looks like:

=>  more inventory/staging/base
[localhost]
# I need to tell Ansible which Python on my system has boto for AWS
127.0.0.1 ansible_python_interpreter=/usr/local/bin/python

# The EC2 plugin will populate these groups, but we need to add empty entries
# here to make aliases for them below.
[tag_Stage_staging]
[tag_Role_webserver]

[staging:children]
tag_Stage_staging

[webservers:children]
tag_Role_webserver

You then just point to the directory for inventory:

$ ansible -i inventory/staging webservers -m ec2_facts
# OR
$ export ANSIBLE_HOSTS=inventory/staging
$ ansible webservers -m ec2_facts

aws cmd line tool – use profiles

I’ve got a home account & a work account. I need to easily swap between the 2.
Add 2 sets of creds
~/.aws/credentials

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[work]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

Add 2 sets of region / outputs
~/.aws/config

[default]
region=us-west-2
output=json

[profile work]
region=us-east-1
output=text

Then to use a profile:

export AWS_PROFILE=work

OR

aws ec2 describe-instances --profile work

SOURCE

Ubuntu – edit iptables

As a CentOS user, Ubuntu was driving me crazy with no /etc/sysconfig/iptables and this odd workaronud where you are to create multiple files to load on boot in order to save your iptables. Then I found iptables-persistent

  1. Install iptables-persistent
    root monitoring:~# apt-get install iptables-persistent
    
  2. Now configure your iptables (for v4… if using v6, replace end of filename)
    root monitoring:~# vi /etc/iptables/rules.v4
    

Now when I reboot, the appropriate rules are in place.