NAME
blog.hoberg.ch - useless things for DevOps
DESCRIPTION
blog.hoberg.ch is a text mode blog about BSD, Linux and typical DevOP
content like Ansible, Puppet etc. running on pyhpblog.
OPTIONS
[website] [blog] [privacy] [impress]
CONTENT
- Ansible yum_versionlock module released & merged
My new Ansible module 'yum_versionlock' just got pushed and merged.
With this module you're able to lock/prevent certain packages from
being updated by YUM's or DFN's system package manager or from automated
patch integration systems that are based on this.
Links:
GitHub new module: yum_versionlock #1405
BOTMETA.yml
- Ansible with_sequence loop in when condition with zero/0 integer
When using Ansible function 'with_sequence' on a task where the end value
is zero (0) combained with a when condition it may fail with:
to count backwards make stride negative
But there may be usecases where you want to evaluate the when condition
before the sequence will be and not to fail. So a negative value may still
be legit to use for your needs.
For example you want to define if some hotfixes (or even no hotfix) should
be downloaded you propably would write:
- name: Download patch files
uri:
url: "https://files.hoberg.ch/patches/hotfix{{ item }}.tgz"
with_sequence: start=1 end={{ hotfix_max_patchfile }}
when: hotfix_max_patchfile|int > 0
But if 'hotfix_max_patchfile' is zero (0) it will fail. You will also find
some solutions like creating a condition for the end value that could look
like this:
- name: Download patch files
uri:
url: "https://files.hoberg.ch/patches/hotfix{{ item }}.tgz"
with_sequence: start=1 end={{ hotfix_max_patchfile|int if hotfix_max_patchfile|int > 0 else 1 }}
when: hotfix_max_patchfile|int > 0
This will work and set the variable 'hotfix_max_patchfile' to 1 which is no
problem in here, because of the defined when condition. The task will be simply
skipped - but this won't look that good.
A cleaner way would be to outsource the needed tasks in subplaybooks and
include them as a non static one. So the included tasks won't be executed
and skipped like the usual static way (default). So you could write:
main.yml:
---
- include: download.yml
static: no
when:
- hotfix_max_patchfile|int > 0
download.yml:
---
- name: Download patch files
uri:
url: "https://files.hoberg.ch/patches/hotfix{{ item }}.tgz"
with_sequence: start=1 end={{ hotfix_max_patchfile }}
In that case you won't need any dirty hacks and have a clean way to write
your tasks.
- Ansible callback module "audit": Logs all Ansible information to CSV file
This new Ansible callback module will log meta information to
a given CSV file to make sure this can be audited at any time.
It will log the date, time, executor (who started the task),
limits, extra vars, affected hosts etc.
Download(s):
GitHub: audit.py, audit.ini
- Ansible callback module "msteams": Send messages to Microsoft Teams chat
This new Ansible callback module will send start/fin notifications
to a desired Microsoft Teams chat channel/room. It will inform the
squad about ongoing deployments including who (executor), used
playbook, limit, extra vars, affected hosts and duration.
Download(s):
GitHub: msteams.py, msteams.ini
- Linux Kernel 5.0.0-RC1: Precompiled for Debian 9 and CentOS 7
Attached you can find download links for precompiled Linux
Kernel images in version 5.0.0-RC1 for:
- Debian 9 (as .deb files)
- CentOS / RHEL 7 (as .rpm files)
This Kernel images are compiled with default config 'yes'
and only for x64 systems.
Download(s):
Debian 9: linux-image-5.0.0-RC1_5.0.0-RC1-1_amd64.deb
CentOS 7: kernel-5.0.0-RC1-1.x86_64.rpm
- Linux Kernel 4.20: Precompiled for Debian 9 and CentOS 7
Attached you can find download links for precompiled Linux
Kernel images in version 4.20 for:
- Debian 9 (as .deb files)
- CentOS / RHEL 7 (as .rpm files)
This Kernel images are compiled with default config 'yes'
and only for x64 systems.
Download(s):
Debian 9: linux-image-4.20.0_4.20.0-1_amd64.deb
CentOS 7: kernel-4.20.0-1.x86_64.rpm
- Ansible module "move": Moving files/directories across filesystems
This new Ansible module adds support to move files or directories
across filesystems. Instead of copy and delete it will try to use
systems mv action if possible. When moving files across different
partitions or filesystems it will fallback to copy und delete
source file. This module may be helpfull when moving larger files
or having less disk space.
Download(s):
GitHub: Upstream move.py
- Ansible module "freshclam": Update ClamAV signatures from Ansible
This new and simple Ansible module allows to update ClamAV
signatures from an Ansible task. This may be used after
ClamAV packages have been installed to make sure these are
up2date.
Download(s):
GitHub: Upstream freshclam.py
- Ansible module "java_cert": Import cert as trust cacert & force update
This PR for Ansible module 'java_cert' will add two new features
to trust an imported certificate as "trust cacert" and allows an
additional option as 'force_update' to force re-importing a cert
file. This may be helpfull to handle expired certificates.
Download(s):
GitHub: Upstream java_cert.py
GitHub: Ansible Pull request #37708
- Ansible module "cran": (Un)Install Microsoft R packages
This new Ansible module adds support to manage (install/remove) CRAN
packages for Microsoft "R". Simple Ansible tasks will make sure to
(un)install your desired R package(s) and to return correct task
states like "ok", "changed" and "failed".
Download(s):
GitHub: Upstream cran.py
GitHub: Ansible Pull request #42046
- FreeIPA: User password expire notification
This script will send emails to FreeIPA users (email is
obtained from FreeIPA LDAP directory) when their password
is going to expire within a few days. You may configure
the days before this mail should be send. For security
reason you should avoid to use the DirectoryManager
credentials.
Download(s):
GitHub: Upstream freeipa_password_expire_notification.py
- Ansible module "yum_versionlock": (Un)Locks package(s) from being updated by YUM
This new Ansible module adds support to prevent packages from
being updated by packagemanager YUM. This module may (un)lock
one or more packages and will support CentOS, RHEL, etc.
Download(s):
GitHub: Upstream yum_versionlock.py
GitHub: Ansible Pull request #41778
blog.hoberg.ch (C) 2020 [privacy] | [impress]