This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Write-Output "Disabling WinRM over HTTP..." | |
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP" | |
Disable-NetFirewallRule -Name "WINRM-HTTP-In-TCP-PUBLIC" | |
Get-ChildItem WSMan:\Localhost\listener | Remove-Item -Recurse | |
Write-Output "Configuring WinRM for HTTPS..." | |
Set-Item -Path WSMan:\LocalHost\MaxTimeoutms -Value '1800000' | |
Set-Item -Path WSMan:\LocalHost\Shell\MaxMemoryPerShellMB -Value '1024' | |
Set-Item -Path WSMan:\LocalHost\Service\AllowUnencrypted -Value 'false' | |
Set-Item -Path WSMan:\LocalHost\Service\Auth\Basic -Value 'true' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## credit: http://fabian-affolter.ch/blog/the-lineinfile-module-of-ansible/ | |
--- | |
- hosts: alpine_install | |
user: root | |
tasks: | |
# - name: create a complete empty file | |
# command: /usr/bin/touch /test/test.conf | |
- name: create a new file with lineinfile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
# Ansible doesn't expose the shell environment of the remotely logged in user | |
# so we need to use a few tricks to get some of these values. | |
# | |
# This playbook demonstrates how to get a couple of useful environment variables. | |
# | |
# NOTE: these values are different to ansible_env.ansible_user_dir and | |
# ansible_env.ansible_user_shell which represent the user running ansible. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Variables | |
========== | |
predefined variables : | |
- inventory_hostname (fqdn) (normally the same as ansible.fqdn) | |
- inventory_hostname_short | |
To know the return codes returned by ansible modules, just use plain ansible -vvv to see them : | |
ansible -i ~/ansible/arrfab.net/hosts/hosts.cfg -vvv -m copy -a 'src=files/sysinfo dest=/etc/sysinfo' tungstene.arrfab.net | |
tungstene.arrfab.net | success >> { | |
"changed": true, |
This is quick howto for installing vault on AWS Linux, mostly to remind myself. At the end of this tutorial, you'll have a working vault server, using s3 for the backend, self signed certificates for tls, and supervisord to ensure that the vault server is always running, and starts on reboot.
First things first, let's set up an s3 bucket to use as the storage backend for our s3 instance.
-
From the AWS Mangement Console, go to the S3 console.
-
Click on the
Create Bucket
button
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: 'check if reboot is required' | |
shell: if [ $(readlink -f /vmlinuz) != /boot/vmlinuz-$(uname -r) ]; then echo 'yes'; else echo 'no'; fi | |
ignore_errors: true | |
register: reboot | |
- name: 'reboot...' | |
shell: nohup bash -c 'sleep 2 && shutdown -r now "Ansible kernel update applied"' & | |
async: 0 | |
poll: 0 | |
ignore_errors: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ask for the user password | |
# Script only works if sudo caches the password for a few minutes | |
sudo true | |
# Install kernel extra's to enable docker aufs support | |
# sudo apt-get -y install linux-image-extra-$(uname -r) | |
# Add Docker PPA and install latest version | |
# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 | |
# sudo sh -c "echo deb https://get.docker.io/ubuntu docker main > /etc/apt/sources.list.d/docker.list" |