OMG! This machine is amazing. I have had it since Launch (last november) and it only gets better.
I feel the hate on it is kind of real (most reviewers compare it to ipad pro or surface). I don’t think that’s a fair comparison and here is why.
The iPAD pro cannot run full apps. If it is not on the app store then it can’t run it. My pixel slate (with crostini enabled) can run full Linux apps. I know there are thousands of more apps for macOS and Windows than linux but if you can’t run them then they don’t exist.
The surface comparison is legit; in fact with WSL (windows subsytem for linux) the surface might be my next machine. With project xcloud coming soon and depending on what it works best for the Surface Pro 7 might be my next one. I am not sure of ARM yet; I feel like the apps aren’t ready for that.
So I finally got around to updating this thing to SSL. With Let’s Encrypt it is easier then ever. Seriously…no reason not to do it.
The next project is an internal PKI server for intranet. We are working on securing credentials (and yes a self signed cert is OK) I would prefer to have it running a proper cert.
It says insecure but..the cert says
It’s just something more to work on.
I am also lookign into Amazon Secrets Manager for rotating root passwords for my servers? it could be interesting.
So the backups failed over the weekend and I decided to leverage AWS since my company uses them a crazy amount.
I installed the storage gateway and created some volumes. I then mounted the volumes via ISCSI to a VM host and created a VMFS file system.
This allows me to create a VM on the host but it’s storage is in amazon; so if the host goes belly up i just disconnect the iscsi or re connect to a different host.
This is huge!! I am going to start migrating the infrastructure on this (PXE, DNS, DHCP) as it is another layer of protection.
Yes it requires internet but I can replication and fail over so that AWS is primary and local is secondary or vice versa.
There is ISCSI attached to VM Host.
This amazing! long live the cloud!
So we are doing UI testing which requires the latest and greatest web broweser. Some have RPM other have binaries to install from. Both are fine however trying to use some sort of mgmt (Puppet, Ansible) and a tar.bz2 is near impossible.
/cut to compiling from source/
Compiled from source and with a custom %post to symlink it to /usr/local/bin I give you firefox 57 RPM.
the biggest change was this:
%post -p /bin/sh
ln -s /firefox/firefox /usr/local/bin/firefox
It allows me to symlink so instead of users tyiping /firefox/firefox then can just type firefox.
Give me a few days and I can post the spec file if need be or the entire RPM (if that’s legal)
Now to streamline the process so I can do it with other major versions!!!
So I finally got PowerCLI working on linux. I have it on a docker image running VMware Photon OS 1.0. This is pretty neat cause now I can:
1. Write a Powershell Script and drop into /scripts on the docker image
2. Call the docker
a. alias powercli=’z docker run -i -t powercli:scripts /bin/bash’ – This allows me to go into the docker image to add scripts
alias vmwiki=’z docker run powercli:scripts powershell -f /scripts/VMwiki.ps1′ – I can call the script now.
3. Need to start my start up / shutdown script and parameter it; make life much much easier.
So we are making the switch to Ansible tower and we do have a license. However if I can do it the old fashioned way (free) and learn more I am in.
AWX 1.0.1 here I am.
* Tower-manager is non existent; luckily they have tower-cli which is installed via pip install ansible-tower-cli which gives you these options
Using this I can probably replicate tower-manager all for free.
Keep an eye out for some custom scripts and one liners I write.
Here we go!!!
So I completely ignored my WSUS server for the past 6 months; well ignore is a large word. It was on unattended mode. All updates got delivered but now I feel like I actually need to manage it along with AD. With all the ransomware going around it is not a bad idea.
I also decided to get a stack overflow account and answer some questions; maybe dig more into the why rather then it’s solved. I think it might help me career wise and my knowledge. I am worried the jack of all trades admin is going to go away in the next 5 – 10 years so I really need to work on my dev of the devops skill role.
SO I totally forgot about this blog; well time to update. Expect more contant updates; truly I mean it!
I just had to reset the password again via MYSQL; shows how much I use it 🙂
Got my personal spacewalk server up and running. I am using it to deploy config files /etc/hosts to keep the dns in check. so far it is working on one system.
Eventually I hope to get it up and running on all.
This brings me back to a few interviews I did where they asked about configuration. Yeah spacewalk is not puppet or chef but is it not a bad way to keep config files in check.
for those interested in my scripts and config files check out my github. I am going through most of the stuff I wrote and removing confidential info so it is a work in progress: