July 24, 2025
In-Place Upgrade from RHEL 9 to RHEL 10 Using Leapp
#
This guide walks through the process of upgrading from RHEL 9 to RHEL 10 in place, without requiring a complete system reinstallation.
Current System Status
#
Here’s what my lab’s test VM looks like:
[user@test ~]$ hostnamectl
Static hostname: test.home.arpa
Icon name: computer-vm
Chassis: vm 🖴
Machine ID: dec9d730df4f4e629ba20d02aed02f03
Boot ID: 67e690ef7fbe45edb112a82dcdf72a97
Virtualization: kvm
Operating System: Red Hat Enterprise Linux 9.6 (Plow)
CPE OS Name: cpe:/o:redhat:enterprise_linux:9::baseos
Kernel: Linux 5.14.0-570.28.1.el9_6.x86_64
Architecture: x86-64
Hardware Vendor: Red Hat
Hardware Model: KVM
Firmware Version: 1.16.3-4.el9
We can see we’re currently running RHEL 9.6 on a KVM virtual machine.
July 16, 2025
Docker Instance Upgrades with Ansible
#
This guide shows how to automate Docker container upgrades using Ansible playbooks instead of manual updates. By automating this process, you ensure consistency, reduce errors, and save time when updating multiple Docker instances across your infrastructure.
Infrastructure Overview
#
My homelab includes these Docker-based services:
- Nginx Proxy Manager (proxy.home.arpa) - Reverse proxy with SSL
- Healthchecks (health.home.arpa) - Monitoring service
- Home Assistant (hass.home.arpa) - Home automation platform
- Bitwarden (bit.home.arpa) - Password manager
Ansible Playbook Structure
#
Host Configuration
#
The playbook targets specific hosts with Docker services:
July 13, 2025
Introduction
#
Setting up Ansible Automation Platform (AAP) manually through the web interface is tedious and highly prone to errors.
I’ve written an Ansible playbook that completely automates the setup of my AAP environment, from credentials and projects to job templates and workflow orchestration. So in case I ever need to rebuild the environment from scratch, all I would need to do is just add the project where that playbook is stored, and add a single template by hand and run it. I’d do it that way because I don’t like running ansible playbooks from the CLI, I always, always use AAP!
July 12, 2025
SSH Hardening and Automation User Setup with Ansible
#
Here’s a little post about how I do SSH hardening for my RHEL9 homelab and how I ensure that the Ansible automation user is properly set. The playbook stems from an incident I had in Red Hat Insights where it was reported that I had an SSH configuration that allowed legacy ciphers. It was also adviced to create a crypto policy that disables weak algorithms.
July 7, 2025
Automated Network Monitoring: Adding Servers to LibreNMS with Ansible
#
Adding servers to LibreNMS by hand is tedious, and should be done by automation. In this post, I’ll show you how I’ve automated the entire process of configuring SNMP and adding servers to LibreNMS using Ansible.
The Workflow
#
Basically what the playbook does is:
- Install and configure SNMP
- Set up necessary firewall rules
- Add the server to LibreNMS
- Add it to the correct device group.
The Playbook
#
Step 1: Installing SNMP Components
#
- name: Ensure snmp is installed
ansible.builtin.dnf:
name:
- net-snmp
- net-snmp-utils
state: present
The net-snmp package is needed for the SNMP daemon.
July 7, 2025
Optimizing KVM Virtual Machines with Tuned Profiles
#
The tuned service on Red Hat-based systems provides pre-configured performance profiles that can significantly improve your VM performance with minimal effort.
In this post, I’ll show you how to optimize your KVM VMs using tuned profiles and automate the entire process with Ansible.
The Playbook
#
Since I manage dozens of VMs in my homelab, doing this manually would be tedious. Instead, I use this Ansible playbook to apply tuned optimization to all my VMs:
July 5, 2025
Automating RHEL Server Updates with Ansible
#
Introduction
#
I hate updating my servers manually so I’ve set up this playbook to run updates. This was probably the first playbook I ever wrote for my home lab, and it’s been running automatically for years now on a weekly schedule every Friday night through AAP (Ansible Automation Platform).
This guide shows you how to automate RHEL (and other yum/dnf based distros like Fedora, CentOS etc.) server updates using Ansible, including proper reboot handling.
July 3, 2025
Setting up BIND9 for Internal DNS on RHEL9
#
This guide covers setting up BIND9/named for internal reverse/forward DNS resolution on a RHEL9 server. Unlike public authoritative DNS servers, internal DNS servers provide recursive resolution for your internal network and handle local domain queries.
All IP addresses, network ranges, and hostnames in this guide are examples. Replace them with your actual values.
For the entirety of the guide we’ll be running every single command as root.
July 3, 2025
Setting up BIND9 for Public DNS on RHEL9
#
This guide covers setting up BIND9/named as an authoritative public DNS server on RHEL9. Unlike internal DNS servers that provide recursive resolution, public authoritative DNS servers are responsible for answering queries about domains you own and control.
This setup includes security hardening measures such as proper logging and zone transfer restrictions to protect your DNS infrastructure from abuse.
All IP addresses, domain names, and server configurations in this guide are examples. Replace them with your actual values.
July 3, 2025
Installing Red Hat Identity Management (IPA) without DNS on RHEL9
#
Red Hat Identity Management (IdM) provides centralized authentication, authorization, and account information by storing data about users, groups, hosts, and other objects necessary to manage the security aspects of a network of computers. This guide covers installing IdM/IPA server without the integrated DNS service on RHEL9.
This guide demonstrates setting up a high-availability IPA deployment with two servers: