Debian Lighttpd does infinite redirect loop and fails to connect
Just imagine your running a blog that requires zero maintenance and one day you access it and it doesn’t load!
You try Firefox and then Chrome and finally Edge (the new IE)
You notice that Firefox and Chrome seem to loop and then finally fail - You notice that Edge works….
You notice that cURL works.
Things are but aren’t working.
Finally you notice Firefox is trying to do TLS1.3! Interesting how do I disable that on Debian 9 with Lighttpd? You Can’t!
What’s the fix?
in lighttpd.conf in your SSL section input:
ssl.disable-client-renegotiation = “disable”
ssl.disable-client-renegotiation exists because of a bug back in 2009 - This bug has long been patch in newer versions of OpenSSL and is safe to turn back on.
Disabling this setting allowed you to find the answer to your troubles :-)
Disable Fedora Cockpit
Quick and dirty:
service cockpit stop service cockpit.socket stop systemctl disable cockpit systemctl disable cockpit.socket systemctl mask cockpit.socket systemctl mask cockpit
Ansible Conditionals and Parentheses evaluate to True
I had fun wasting hours working out how to do correct ‘when’ statements in Ansible - In end up consulting #ansible on IRC to get the answers.
Anyway I hope the following playbook makes sense to you. Note that ‘admintool’ is a valid group in my situation.
- name: Debug all the things hosts: all tasks: - set_fact: renew_cert="renew" # Valid - Should pause - name: Test 0 PASS pause: prompt="Test" seconds=1 when: '"admintool" in group_names and renew_cert == "renew"' # Valid - Should skip - name: Test 1 SKIP pause: prompt="Test" seconds=1 when: '"I-Dont-Exist" in group_names and renew_cert == "renew"' # Valid - Should skip - name: Test 2 SKIP pause: prompt="Test" seconds=1 when: - "'i-dont-exist' in group_names" - renew_cert == "renew" # Valid - Should pause - name: Test 3 PASS pause: prompt="Test" seconds=1 when: - "'admintool' in group_names" - renew_cert == "renew" # Invalid - Should skip - but eval's True - DONT USE - name: Test 4 SKIP pause: prompt="Test" seconds=1 when: ("'admintool' in group_names" and renew_cert == "renew") # Invalid - Should skip - but eval's True - DONT USE - name: Test 5 SKIP pause: prompt="Test" seconds=1 when: ("'I-dont-exist' in group_names") # Valid - Should pause - name: Test 6 PASS pause: prompt="Test" seconds=1 when: ("admintool" in group_names and renew_cert == "renew") # Valid - Should skip - name: Test 7 SKIP pause: prompt="Test" seconds=1 when: ("I-dont-exist" in group_names and renew_cert == "renew")
List comparison and list manipulation in Ansible
I keep saying time and time again that Ansible is not a programming language, it’s similar to one, it can do some programming things but ultimately it’s messy and I hate it BUT I can make it do some strange things.
List manipulation being one of those.
In this example I have two directories that I want to compare, directory one (/tmp/1) and directory two (/tmp/2). Directory one is the Source, that I want directory two to look like.
The use case is I want to sync /tmp/1 to /tmp/2 but you only want to remove the files in that are no longer /tmp/1, then you can sync (copy/template) the /tmp/1 directory knowing that nothing exists /tmp/2 that shouldn’t be there.
The ansible code is this with debug statements:
- hosts: local become: false tasks: - name: find 1 find: path=/tmp/1 register: one - debug: msg="{{ one }}" - name: find 2 find: path=/tmp/2 register: two - debug: msg="{{ item.path }}" with_items: - "{{ two.files }}" - set_fact: one_list: [] two_list: [] new_list: [] - name: append set_fact: one_list="{{ one_list }} + [ '{{ item.path | basename }}' ]" with_items: - "{{ one.files }}" - name: append set_fact: two_list="{{ two_list }} + [ '{{ item.path | basename }}' ]" with_items: - "{{ two.files }}" - debug: msg="{{ one_list }}" - debug: msg="{{ two_list }}" - set_fact: new_list="{{ two_list | difference(one_list) }}" - debug: msg="{{ new_list }}"
The final result is new_list is a list (array) that contains what needs to be removed from /tmp/2 to bring it in line with /tmp/1
Docker and IPtables Firewall Merger
The problem: Modifying firewall rules on a host that runs Docker or Rancher (cattle) causes the docker-bridges and rancher NAT rules to be blown away, causing all your containers networking to break.
The solution: Modify /etc/sysconfig/iptables as normal and instead of running iptables-restore /etc/sysconfig/iptables run as root: dockerFirewallMerge.py
I’d appreciate some constructive feedback! https://github.com/c … /DockerFirewallMerge