Notes

SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API). This can be solved two ways: Disabling SELinux: BAD, but easy Writing a custom SELinux policy: complicated but more secure Note: Adding/Changing this policy through a VMware tools connection is thankfully possible Example policy This policy is the base for a VMware tools policy and allows entering the rpm context (yum). module custom-vmtools 1. [Read More]

In theory Ansible should be declarative and have full control over the systems we touch with it. In practice, this is unfortunately not always the case. With this nifty task we can replace the value of a key (given as yaml_key) to a new value (given as new_value) while preserving it’s indentation. - name: Replace values in YAML file while keeping their indentation lineinfile: backup: true backrefs: true state: present path: foo. [Read More]

date on MacOS does not support --date, so a workaround is needed. Converting Date to unix epoch, adding one day in epoch and converting back. The Scripty Way Taken from a blog post #!/bin/zsh start=$year-01-01 end=$year-12-31 currentDateTs=$(date -j -f "%Y-%m-%d" $start "+%s") endDateTs=$(date -j -f "%Y-%m-%d" $end "+%s") offset=86400 while [ "$currentDateTs" -le "$endDateTs" ] do date=$(date -j -f "%s" $currentDateTs "+%Y-%m-%d") echo $date currentDateTs=$(($currentDateTs+$offset)) done The Brew Way As I found out long after writing the above you can simply brew install coreutils and get a date command with the --date option. [Read More]

When using VMware as the connection plugin to connect to remote hosts you commonly set two facts for username and password: ansible_vmware_tools_user: "mkamner" ansible_vmare_tools_password: "Super Secret PW" This will work just fine for windows and with many tasks on linux. However, if you want to use become: true on linux it will fail with the strangest error messages. For example: apt will fail, because it can’t acquire the lock file [Read More]

Handy table to map IANA IDs of ciphers to their openSSL IDs used in web server configurations, for example [[nginx]] ssl_ciphers or proxy_ssl_ciphers

https://testssl.sh/openssl-iana.mapping.html