Devops

Infrastructure as Code with Ansible Automation Platform

July 13, 2025
Infrastructure, DevOps
Ansible, Aap, Infrastructure as Code, Iac, Automation, Devops, Awx, Ansible Automation Platform

Infrastructure as Code for Ansible Automation Platform Setup #

Introduction #

Setting up Ansible Automation Platform (AAP) manually through the web interface is tedious and highly prone to errors.

I’ve written an Ansible playbook that completely automates the setup of my AAP environment, from credentials and projects to job templates and workflow orchestration. So in case I ever need to rebuild the environment from scratch, all I would need to do is just add the project where that playbook is stored, and add a single template by hand and run it. I’d do it that way because I don’t like running ansible playbooks from the CLI, I always, always use AAP!

Automated Network Monitoring: Adding Servers to LibreNMS with Ansible

July 7, 2025
Infrastructure, DevOps, Monitoring
Ansible, Librenms, Snmp, Monitoring, Automation, Network, Devops, Homelab, Api

Automated Network Monitoring: Adding Servers to LibreNMS with Ansible #

Adding servers to LibreNMS by hand is tedious, and should be done by automation. In this post, I’ll show you how I’ve automated the entire process of configuring SNMP and adding servers to LibreNMS using Ansible.

The Workflow #

Basically what the playbook does is:

  1. Install and configure SNMP
  2. Set up necessary firewall rules
  3. Add the server to LibreNMS
  4. Add it to the correct device group.

The Playbook #

Step 1: Installing SNMP Components # 

- name: Ensure snmp is installed
  ansible.builtin.dnf:
    name:
      - net-snmp
      - net-snmp-utils
    state: present

The net-snmp package is needed for the SNMP daemon.

Automating RHEL Server Updates with Ansible

July 5, 2025
Infrastructure, DevOps
Ansible, Rhel, Updates, Patching, Automation, Dnf, Devops, Maintenance, Homelab

Automating RHEL Server Updates with Ansible #

Introduction #

I hate updating my servers manually so I’ve set up this playbook to run updates. This was probably the first playbook I ever wrote for my home lab, and it’s been running automatically for years now on a weekly schedule every Friday night through AAP (Ansible Automation Platform).

This guide shows you how to automate RHEL (and other yum/dnf based distros like Fedora, CentOS etc.) server updates using Ansible, including proper reboot handling.

How to setup Ansible Vault

July 3, 2025
Security, DevOps
Ansible, Security, Vault, Credentials, Devops

How to setup Ansible Vault #

Here’s a little guide on how I setup Ansible Vault for my Ansible playbook repository. It’s surprisingly simple and now all of my secrets are encrypted.

Setting Up Ansible Vault #

1. Create the Directory Structure #

First, create the standard Ansible directory structure for group variables:

mkdir -p group_vars/all

2. Create Your Vault File #

Create a vault file to store your encrypted credentials:

Use ansible-lint with Vault Files

June 30, 2025
DevOps, Tutorials
Ansible, Ansible-Lint, Vault, Gitlab-Ci, Devops, Automation

Use ansible-lint with Vault Files #

Why I wrote this post #

I decided to write this post because I struggled to find clear, practical examples of how to make ansible-lint work with Ansible Vault files in CI/CD environments. While searching for solutions, I found a GitHub discussion where someone was asking the exact same question I had.

The official ansible-lint documentation mentions that decrypting Ansible Vault in CI is possible, but frustratingly, it doesn’t provide any actual examples of how to implement it. After some trial and error, I figured out a working solution that I want to share.

Linux Cheat Sheet - System Administration Commands

November 4, 2024
Reference, Tutorials
Linux, System-Administration, Devops, Commands, Bash, Terminal

Linux System Administration Cheat Sheet #

This is a curated list of Linux commands for myself that I’ve kept written down over the span of five years into my career in IT. I use this often when I can’t remember spesific commands when in a rush.

Quick Reference Categories #

  • User Management & SSH: Setting up users and SSH access
  • Ansible: Automation and configuration management
  • Git: Version control operations
  • File Operations: rsync, grep, and file management
  • SELinux: Security context management
  • Network Configuration: nmcli and network setup
  • System Monitoring: Process and resource monitoring
  • Package Management: RHEL/CentOS package operations
  • Virtualization: KVM/virsh commands
  • Containers: Docker and Podman operations
  • Troubleshooting: Network, DNS, and system diagnostics

User Management & SSH # 

#add ansible user to server
useradd ansible
passwd ansible
usermod -aG wheel ansible
mkdir -p /home/ansible/.ssh
chmod 700 /home/ansible/.ssh
chown ansible:ansible /home/ansible/.ssh
"ssh-rsa..." | sudo tee /home/ansible/.ssh/authorized_keys
chmod 600 /home/ansible/.ssh/authorized_keys
chown ansible:ansible /home/ansible/.ssh/authorized_keys

#show octal permissions of file
stat authorized_keys

Ansible # 

#run ansible playbook in vscode as ansible user
eval "$(ssh-agent)"
ssh-add ansible_id_rsa
ansible-playbook playbook.yml --user ansible --private-key .ssh/ansible_id_rsa --inventory inventory.ini

Git # 

#git cheat sheet
git init
git status
git add .
git commit -m "Commit message"
git remote add origin <url>
git push -u origin <branch>
git rm -r --cached public/

#show what's modified in detail
git diff
git diff themes/hugo-book
git diff --submodule=diff themes/hugo-book

#submodule operations
git submodule status
git rm --cached themes/hugo-book

File Operations # 

#show rsync progress
rsync -avh --progress /var/lib/libvirt/images/mc.home.arpa.qcow2 /mnt/backups/

#use inverse grep to exclude things
df -Th | grep -v "tmpfs|squashfs"

#find string in files
grep -i 'keeper' -R /etc/apt

#find string in compressed files
zgrep -i "connected" *.log.gz

#pipe command output as argument
rpm -qa | grep htop | xargs rpm -e

#show available disk space nicely formatted
du -hs /* | sort -hr | head

#create a file filled with zeroes (1024M)
dd if=/dev/zero of=/tmp/file.txt count=1024 bs=1024

#grep multiple terms
rpm -qa | grep -Ei 'fuse-libs|libcurl|python36'

#display filetree of the root folder and another folder (with a depth of 1 and hidden files)
tree . themes/hugo-book/ -L 1 -a

#download multiple files
wget -i urls.txt -P files/ --progress=bar

SELinux # 

#check and fix what SELinux is blocking
tail /var/log/audit/audit.log
grep "1675516978.657:437" /var/log/audit/audit.log | audit2why
grep "nginx" /var/log/audit/audit.log | audit2allow -M nginx
ls nginx.pp
semodule -i nginx.pp

#find SELinux errors (requires policycoreutils-python-utils)
audit2why < /var/log/audit/audit.log

Network Configuration # 

#nmcli add backup vlan to NIC team
nmcli connection add type vlan con-name backup dev team0 id 2186 ip4 10.215.159.196/29  ipv4.never-default yes +ipv4.routes "81.175.254.0/24 10.215.159.193"  ipv6.method ignore
#nmcli add another NIC to regular VM (no bond)
mcli con add con-name "grpc" ifname ens162 type ethernet ip4 172.20.13.132/26 ipv4.method manual ipv6.method ignore ipv4.never-default yes +ipv4.routes "172.20.13.128/26 172.20.13.129"
#nmcli list devices
nmcli device status

#add proxy to session
export http_proxy=http://proxy.home.arpa:8080
export https_proxy=http://wproxy.home.arpa:8080
export PATH="$HOME/.local/bin:$PATH"

#test web proxy connection
curl -I https://google.com/ -x proxy.home.arpa:8080
# located in /etc/yum.conf
# proxy=http://wproxy.dnaip.fi:8080
curl -L -O https://github.com/healthchecks/healthchecks/archive/refs/heads/master.zip -x proxy.home.arpa:8080

System Monitoring # 

#check what's using CPU
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu| head

#show processes with PID for /proc
ps -xj

#display process tree
ps -e --forest

#list of commands you use most often
history | awk '{a[$2]++}END{for(i in a){print a[i] " " i}}' | sort -rn | head

#view journalctl for spesific program
journalctl -eu named -f -l

#show what ports host is listening to
netstat -tulpn | grep LISTEN

Package Management # 

#rhel subs-manager commands
subscription-manager status
subscription-manager list --consumed
subscription-manager refresh
subscription-manager attach --auto
subscription-manager status
dnf repolist -v

#rhel satellite rejoin
subscription-manager status
subscription-manager release
subscription-manager repos --list-enabled
subscription-manager unregister
subscription-manager register --org='asd' --activationkey='activation-key' --force --release=<7Server,8,9>
subscription-manager attach --auto
subscription-manager repos --enable=rhel-6-server-optional-rpms

#check which packages were installed from yum history
yum history
yum history info 10

#show which package provides the command 'netstat'
yum whatprovides netstat

Virtualization # 

#get IP addresses of KVM VMs
virsh list | awk '{print $2}' | xargs

#Connect to KVM with virt-manager
virt-manager --connect qemu+ssh://root@kvm.home.arpa/system

#create a checkpoint (snapshot) of a VM
virsh snapshot-create-as test.home.arpa checkpoint-name --description "Checkpoint before update"

#list all checkpoints for a VM
virsh snapshot-list test.home.arpa

#revert VM to a checkpoint
virsh snapshot-revert test.home.arpa checkpoint-name

#delete a checkpoint
virsh snapshot-delete test.home.arpa checkpoint-name

#create checkpoint with memory state (live snapshot)
virsh snapshot-create-as test.home.arpa checkpoint-name --description "Live checkpoint" --memspec file=/var/lib/libvirt/qemu/save/test.home.arpa.save

Containers # 

#podman cheat sheet
podman build ./Dockerfile -t yt-dlp:latest
podman images
podman rmi 8121a9f5303b
podman run --name youtube -dt yt-dlp:latest
podman ps

#kubectl
kubectl get nodes
kubectl apply -f nginx.yaml
kubectl get deploy -A
kubectl delete deploy nginx -n default
kubectl get services
kubectl logs nginx-deployment-78c9ff5d49-cmbdn

#docker install
dnf -y install dnf-plugins-core
dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

#docker cheat sheet
docker ps -a
docker exec -ti awx_task /bin/bash
docker stats
docker-compose up -d
docker-compose down -d
docker-compose logs nginx
docker-compose config
docker images
docker system prune --all

#update docker compose containers
docker compose pull
docker compose up -d --force-recreate

Troubleshooting # 

#check which DNS server offers results
dig 97.94.87.in-addr.arpa NS +short

#list all DNS records using dig (requires bind-utils)
dig +nocmd example.com any +multiline +noall +answer

#TXT record lookup via dig
dig -t txt lenovo.com

#test UDP port 53
nc -vz -u 1.1.1.1 53
#test TCP port 22
nc -zv 10.10.10.100 22

#tcpdump examples
tcpdump -i ens160 dst port 5544 and host 10.10.10.150 -vvv
tcpdump tcp -X -i ens192 dst port 514 and host 10.10.10.10 -w /tmp/mycap.pcap -vvv
tcpdump tcp -X -i ens192 dst 10.10.10.10 -w /tmp/mycap.pcap -vvv

#ping flooding with max packet size
ping -f -l 65536 -s 1500 10.10.10.9

#ngrep show port's traffic
ngrep -d any port 25

#simulate syslog messages (UDP) via netcat
echo 'test' | nc -u 10.10.10.50 5555

#scan all TCP and UDP ports
nmap -sU -sT -p0-65535 10.0.0.1

Fun & Novelty # 

#novelty
ssh chat.shazow.net
telnet mapscii.me
fortune | cowsay
cat greeting.txt | boxes -d diamonds -a c