Ansible - modifying /etc/sudoers

I have locked administrators out of using sudo with a simple typo.

With ansible you can lockup sudo on every machine with a single error. So I get pretty cautious with editing /etc/sudoers through any deployment application.

Here is a quick example of going overboard to protect your sudoers file when using ansible. This is in my $ANSIBLE_DIR/roles/common/tasks/main.yml file

- name: Copy sudoers for safety
  command: cp /etc/sudoers /etc/sudoers.tmp

- name: Create sudoers.bak
  command: cp /etc/sudoers /etc/sudoers.bak

- name: Ensure admin group is in sudoers with NOPASSWD
  lineinfile: "dest=/etc/sudoers.tmp state=present regexp='^%admin ' line='%admin ALL=(ALL) NOPASSWD: ALL' validate='visudo -cf %s'"
  register: sudoers_tmp_ok

- name: Copy sudoers.tmp to sudoers
  when: sudoers_tmp_ok|success
  command: cp /etc/sudoers.tmp /etc/sudoers

SSH

Debug with verbose output

$HOME/.ssh/config first and foremost - debug with -vvvv

• actually do it before you need to so you can see how it works

From Wikipedia (paraphrased):

Secure Shell, or SSH, is a cryptographic (encrypted) network protocol for initiating text-based shell sessions[clarification needed] on remote machines in a secure way.

…

In 1995, Tatu Ylönen, a researcher at Helsinki University of Technology, Finland, designed the first version of the protocol (now called SSH-1) prompted by a password-sniffing attack at his university network.

…

Javascript fade in and down

I wanted to change the header on the theme for my web site to display a slide down and in header.

The script needed to be a combination of two jquery animations.

<script src="//ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
    $('#fadeInDown')
    .css('display', "none")
    .slideDown(2000)
    .animate(
      { opacity: 1 },
      { queue: false, duration: 2300 }
      );
    });
</script>

First we load in the jquery code from google nut this a single point of failure. If there is network interruption jquery code is lost. But in my instance if the network is failing then my web site probably is too.

Center a string using awk

awk = everyone’s favorite - right?

People who know me also know that I prefer simple universally available tools to get a job done. Awk is probably one of my favorites because it does pretty much anything I need for quick and simple jobs. It is far more powerful than most people realize including associative arrays and it will do anything grep and sed
can do.

Recently I had the need to center a string of text. This is a easy problem that pretty much any freshman programmer can accomplish in a heartbeat but I decided to do it with awk. This sample gives you a chance to explore rudimentary features of awk.

Command line disk tree

I am writing another article on the basics of using git. It was going to be a short article however, given the subject it is turning out to be much longer than I expected. But in the process of writing it I had to frequently use a shell function I wrote years ago that displays a disk tree structure (optionally with files).

I needed a way to see the changes to the .git directory as git commands are executed against the repository. I thought I would share it with you today.

Simple sed trick - keeping the last X files

How would you remove all but the last 10 files in a directory?

So let’s create 15 files with one second between there creation time. Oldest one (first one) will be called 1.file and the newest one (last one) will be called 15.file

Run this code to do that:

for i in `seq 1 15`; do
  touch $i.fil
  sleep 1
done

vagrant and ansible

putting vagrant on steroids

First, set up vagrant to create a group of guest virtual machines (see previous posts). We will assume your Vagrantfile is configured to build/start 3 nodes (node1, node2, node3). If these are bare builds you will want to personalize or customize each of them.

Chances are you will want to give each of them a common base of applications and configuration. As a significant example, downloaded images are set for universal time; not what you want. It is simple to just edit the /etc/timezone file or write a script to change it on multiple machines. But if you have lots of machines or tear these machines down and stand them back up frequently then exercises like this will get very tedious. Additionally there are and handful of packages you typically want one every machine.

Using vagrant with lxc

One command; vagrant up

Now that I successfully managed to get vagrant-lxc plugin to work (see previous post), I decided to migrate my virtualbox Vagrantfile to vagrant lxc. I have used vagrant and virtualbox to create and bring up 3 vm guest nodes on my laptop and then use node1 as a dev machine, node2 as a staging machine, and node3 as a production machine. That way I can test easily with greater confidence with each promotion of new code.

So why use lxc when virtualbox is working fine? The answer is obvious for anyone who is familiar with these platforms… lxc is much much faster to bring up, halt, tear down.. and you can do quich-n-dirty temporary testing with lxc-start-ephemeral. Just too many advantages for developing and testing code in a small network.

vagrant-lxc plugin

OK today I finally had time to get vagrant-lxc to work. Up until now I have had vagrant virtualbox working just fine but when I looked into lxc containers with vagrant I ran into a little problem. First, I added vagrant-lxc plugin with this command

vagran plugin install vagrant-lxc

But this failed first asking for hostsupname plugin so I added that … Then it complained about not being able to find the vagrant-lxc plugin even though this command showed it listed:

vagrant plugin list