Leveraging the Ansible Python API for Infrastructure Reporting

A few days ago I had to get some basic information from a handful of servers for an inventory report—just basic stuff like hostname, IP address, storage capacity, distro version, etc. I already manage all of my servers with Ansible, and there’s a wealth of information available in Ansible’s setup module, so I knew there […]

Maps and Custom Error Pages in Nginx

During a recent web application upgrade I had to limit access to the the web servers; I wanted the administrators and myself to be able to access the site, but for everyone else to see an “Under Construction” page. My initial plan was to test if the $remote_addr was one of the allowed IPs, and […]

Update Hosts via Ansible to Mitigate Bash “Shellshock” Vulnerability

On September 24, 2014 someone posted on the oss-sec mailing list about a bash vulnerability that likely affects several decades of bash versions (something like 1.14 – 4.3!). The vulnerability — aptly named “Shellshock” — can lead to remote code execution on un-patched hosts, for example web servers parsing HTTP environment variables via CGI GET […]

Managing research computing clusters with ansible

Our research computing cluster at work is slowly gathering more users, more storage, more applications, more physical machines etc. Managing everything consistently and predictably was beginning to get complicated (or maybe I’m just getting old?). There’s lots of buzz in DevOps circles about tools for managing this kind of scenario; Chef, Salt, Puppet and Ansible […]

Generate salted shadow hashes using Python crypt()

The other day I was doing some server setups (using ansible for automation) and I needed to create the same user/password on four different machines. It’s easy with ansible’s user module, but you need to provide a pre-hashed password. The key is to use python’s crypt.crypt(), which you can do interactively from a python shell: […]