Month: March 2023

by

Working with Inventory File in Ansible

I have been learning from this book Fabio Alessandro Locati, published under Packt>. The example can be found at https://github.com/PacktPublishing/Learning-Ansible-2.X-Third-Edition/tree/master/Chapter03

Basics

Today I am learning on working with Inventory Files. This time we are dealing with multiple hosts. These hosts have to be placed in the inventory file. An example is pasted here. In hosts.ini, we have

[Compute] 
node01.example.com 
node02.example.com
 
[Login] 
login.example.com

To run the ansible playfile

ansible-playbook -i hosts.ini firstrun.yaml

firstrun.yaml is taken from the site listed. It is to ensure the ansible user exist, accept the SSH keys and provided with sudoers rights with no password.

 hosts: all 
  user: vagrant 
  tasks: 
    - name: Ensure ansible user exists 
      user: 
        name: ansible 
        state: present 
        comment: Ansible 
      become: True
    - name: Ensure ansible user accepts the SSH key 
      authorized_key: 
        user: ansible 
        key: https://github.com/fale.keys 
        state: present 
      become: True
    - name: Ensure the ansible user is sudoer with no password required 
      lineinfile: 
        dest: /etc/sudoers 
        state: present 
        regexp: '^ansible ALL\=' 
        line: 'ansible ALL=(ALL) NOPASSWD:ALL' 
        validate: 'visudo -cf %s'
      become: True

Regular Expressions

If you have a larger number of servers with predictable names, you may want to consider the following expression. You can save 100 lines of listing the server with the following expression

[Compute] 
node[01:100].example.com 

 
[Login] 
login.example.com

Group Variables

If you wish to set a variable for the whole group, you may want to set a variable that is valid for the whole group,. A quick note from the book is that the host variables will override the group variables if the same variable is declared in both spaces.

[Compute] 
node[01:100].example.com 

[compute:vars]
firewalld_enabled=false
 
[Login] 
login.example.com

Working with iterates in Ansibles. For example in a un-iterates codes below

- name: Ensure the HTTP can pass the firewall 
      firewalld: 
        name: http 
        state: enabled 
        permament: True
        immediate: True
    - name: Ensure the HTTPS can pass the firewall 
      service: 
        name: https 
        state: enabled 
        enabled: True 
      become: True

The codes can be shortened with the following with_items

- name: Ensure HTTP and HTTPS can pass the firewall 
      firewalld: 
        service: '{{ item }}'  
        state: enabled 
        permanent: True 
        immediate: True 
      become: True
      with_items:
        - http
        - https

Using nested loops – with_nested

If you need to iterate all elements of a list with all items from other lists. For example, you may want to create multiple folderw in multiple paths

--- 
- hosts: all 
  remote_user: ansible
  vars: 
    users: 
      - alice 
      - bob 
    folders: 
      - mail 
      - public_html 
  tasks: 
    - name: Ensure the users exist 
      user: 
        name: '{{ item }}' 
      become: True 
      with_items: 
        - '{{ users }}' 
    - name: Ensure the folders exist 
      file: 
        path: '/home/{{ item.0 }}/{{ item.1 }}' 
        state: directory 
      become: True 
      with_nested: 
        - '{{ users }}' 
        - '{{ folders }}'

Fileglobs loop – with_fileglobs

If you want to perform an action on every file present in a certain folder like copying multiples files with similar names from one folder to another, you can do the following

--- 
- hosts: all 
  remote_user: ansible
  tasks: 
    - name: Ensure the folder /tmp/iproute2 is present 
      file: 
        dest: '/tmp/iproute2' 
        state: directory 
      become: True 
    - name: Copy files that start with rt to the tmp folder 
      copy: 
        src: '{{ item }}' 
        dest: '/tmp/iproute2' 
        remote_src: True 
      become: True 
      with_fileglob: 
        - '/etc/iproute2/rt_*'
by

Thinking Strategy – Creative Thinker

Everyone in a Development Team has a preferred way of working and thinking. Thinking can be broken down into 3 dimensions. a. Creative Thinker, Understanding Thinking and Decision Thinking According to the Book “Git for Teams”

What are the Characteristics of a Creative Thinker:

Envision

  • To see an alternative future (whether it’s good or bad). This is useful for long-term strategy work.

Reframe

  • See the current situation from different perspectives

Brainstorming

  • Brainstorming is almost the ability to doodle through a problem

Employ flash of insight

  • A Flash of Insight happens when you’re not thinking about the problem. It happens when you’re out for a walk or in the shower.

Challenge

  • To question the status quo

Flow

  • Ignore Distraction and focus wholly on a given task

Recognising Creative Thinkers

You can recognise the creative thinkers from their key phrases

“Can we try?”

Have you thought about doing this instead?

I had this great idea?

by

Europe’s Leading Quantum Computer Manufacturer Launches Free Online Course for All

IQM Quantum Computers (IQM), a European leader in building quantum computers, today launched a global initiative, “IQM Academy,” to offer a free online quantum training course to educate and prepare talent for quantum workforce development.

IQM aims to reach high school and university students, educators, and enthusiasts who are curious to start learning about the fundamentals of quantum computing.

For more information, do take a look at https://academy.meetiqm.com/

by

Using Find to Search Better

Basic Use of FIND

If you are looking to find a file, one of the most common tools is Find. Here is a recap.

OFILE TYPEDESCRIPTION
1type -fLimits search results to files only
2type -dLimits search results to directories only
3type -lLimits search results to symbolic links only

For example, search for a case-insensitive file named “hello.mov”

$ find $HOME -type -iname "Hello.mov"

Parameters

NOPARAMETERSDESCRIPTION
1-namePerform a case-sensitive search for “files”
2-inamePerform a case-insensitive search for “files”
3size +nMatches files of size larger than size n
4size -nMatches files of size smaller than size n
5-mtime nMatches files or directories whose contents were last modified n*24 hours ago
6-atime nMatches files last access n*24 hours ago

For example, search for all case-insensitive files with the extension *mov 2 days ago

$ find $HOME -type -iname "*.mov" -mtime 2

Operators

S/NOOPERATOREXPLANATION
1-andMatch for both sides of the operators
2-orMatch for either test of the operators
3-noteDon’t match the test of the operators

For example, search for all files with Hello*, but excl ude pdf and jpg

$ find \( -name "Hello*" -mtime 2 \) -and -not \( -iname "*.jpg" -or -iname "*.pdf" \)

When using the () to combine tests, remember to escape the (\) brackets. You will need to leave a space after you open and close the brackets

find -type f -iname "*.mov" -exec chmod +x {} \;

The first part find -type f -iname”*.mov” will not be explained….. Executed commands must end with \; (a backslash and semi-colon) and may use {} (curly braces) as a placeholder for each file that the find command locates.

References:

  1. Linux Format – March Edition
  2. Use the Unix find command to search for files
by

Setting up 2 Gateways with a Default Gateway for most Traffic and the 2nd Gateway for selected Subnet Traffic on Rocky Linux 8

Issues:

Suppose you have 2 network cards and their own gateway. The challenge is that you can only have 1 default gateway. How do we work this out?

Solution:

Type the following command

$ ip route show
default via 192.168.1.254 dev eno0 proto static metric 104
192.168.2.0/24 via 192.168.2.254 dev eno1 proto static metric 103
10.10.1.0/24 via 192.168.2.254 dev eno1 proto static metric 103

That means the default route for traffic is via eno1. All traffic except 192.168.2.0 and 10.10.1.0 will pass through the second gateway. How do we do it?

Set Default Route for all traffic

To set all traffic through the default gateway, do the following

$ ip route add default via 192.168.1.254 dev eno0 proto static metric 104

Set Selected IP Subnet for 2nd Gateway

$ ip route add 192.168.2.0/24 via 192.168.2.254 dev eno1 proto static metric 103
$ ip route add 10.10.1.0/24 via 192.168.2.254 dev eno1 proto static metric 103

Setting the DNS Correctly for each Network Card

If each of the Network Cards requires a different DNS, do make sure you put in the /etc/sysconfig/network-scripts

$ vim /etc/sysconfig/network-scripts/ifcfg-eno0
....
....
DEVICE=eno0
ONBOOT=yes
IPADDR=192.168.1.1
GATEWAY=192.168.1.254
DNS1=192.168.1.252
DNS2=192.168.1.253
NETMASK=255.255.255.0

$ vim /etc/sysconfig/network-scripts/ifcfg-eno1
....
....
DEVICE=eno1
ONBOOT=yes
IPADDR=192.168.2.1
GATEWAY=192.168.2.254
DNS1=192.168.2.252
DNS2=192.168.2.253
NETMASK=255.255.255.0

Deleting Route from Table

ip route delete 192.168.2.0/24 via 192.168.2.254 dev eno1 proto static metric 103

Different DNS Servers and Different Domains (For RHEL 8)

You can configure dnsmasq service and NetworkManager to send DNS queries for a specific domain to a selected DNS server. The Information can be found in Chapter 38. Using different DNS servers for different domains

By default, Red Hat Enterprise Linux (RHEL) sends all DNS requests to the first DNS server specified in the /etc/resolv.conf file. If this server does not reply, RHEL uses the next server in this file.

In environments where one DNS server cannot resolve all domains, administrators can configure RHEL to send DNS requests for a specific domain to a selected DNS server. For example, you can configure one DNS server to resolve queries for example.com and another DNS server to resolve queries for example.net. For all other DNS requests, RHEL uses the DNS server configured in the connection with the default gateway.

Procedure 1: Install dnsmasq package

# dnf install dnsmasq

Procedure 2: Edit the /etc/NetworkManager/NetworkManager.conf file, and set the following entry in the [main] section:

dns=dnsmasq

Procedure 3: Reload the NetworkManager service:

# systemctl reload NetworkManager

Procedure 4: Verify that the nameserver entry in the /etc/resolv.conf file refers to 127.0.0.53:

# cat /etc/resolv.conf
nameserver 127.0.0.1

Procedure 5a: Verify using TCPDump Packet Sniffer

# dnf install tcpdump

Procedure 5b: On one terminal, start tcpdump to capture DNS traffic on all interfaces:

# tcpdump -i any port 53

Procedure 5c: On a different terminal, resolve host names for a domain for which an exception exists and another domain, for example:

# host -t A www.redhat.com
# host -t A www.MyInternalDomain.com

Verify in the tcpdump output that Rocky Linux sends only DNS queries for the http://www.redhat.com domain to the designated DNS server and through the corresponding interface and vice versa for the Internal Domain

References:

  1. Chapter 38. Using different DNS servers for different domains
  2. Two Default Gateways on One System
  3. Linux Set up Routing with IP Command
by

How to check Disk Usage

Checking whether the root partition has run out of inodes. Use the command. If it shows 100%, there are many small files. Perhaps, do look for some of these files at /tmp

df -i
Filesystem                                      Inodes        IUsed        IFree IUse% Mounted on
/dev/mapper/centos-root                        9788840       320849      9467991    4% /
devtmpfs                                      70101496          560     70100936    1% /dev
tmpfs                                         70105725            8     70105717    1% /dev/shm
tmpfs                                         70105725         1581     70104144    1% /run
.....
.....

You may want to check which directories is using the most space with the commands below

% du -hx -d 1 |sort -h
1.3M    ./Espresso-BEEF
4.9M    ./NB07
8.3M    ./Gaussian2
31M     ./Gaussian
65M     ./MATLAB
478M    ./Abaqus
647M    ./pytorch-GAN
10G     ./COMSOL
12G     .

-h argument produces the human-readable output
-x restricts the search to the current directory
-d 1 is the summary for each directory
sort -h produces human-readable output and the directories with the largest usage will appear at the bottom of the list.

by

Using SMART to predict the likelihood for disk failure

Modern Hard Disk implements a System called SMART (Self-Monitoring, Analysis and Reporting) that uses the electronics on the drive to store diagnostic and perform various tests which will help in the prediction of imminent failure of the Hard Disk.

Enable SMART in BIOS

Check and Enabled in the Computer’s BIOS/firmware menu if it not defaulted

Install smartmontools

# dnf install smartmontools

Check SMART data can be accessed

# smartctl --info /dev/sdb

SMART health check

# smartctl --health /dev/sdb

Depending on the amount of information. You need to either run a short test or a long run

# smartctl --test=short /dev/sdb
# smartctl --test=long /dev/sdb

When the smartctl test has completed, do take a look at 

# smartctl --log=selftest /dev/sdb