Quick and dirty:
service cockpit stop service cockpit.socket stop systemctl disable cockpit systemctl disable cockpit.socket systemctl mask cockpit.socket systemctl mask cockpit
I had fun wasting hours working out how to do correct ‘when’ statements in Ansible - In end up consulting #ansible on IRC to get the answers.
Anyway I hope the following playbook makes sense to you. Note that ‘admintool’ is a valid group in my situation.
- name: Debug all the things
hosts: all
tasks:
- set_fact: renew_cert="renew"
# Valid - Should pause
- name: Test 0 PASS
pause: prompt="Test" seconds=1
when: '"admintool" in group_names and renew_cert == "renew"'
# Valid - Should skip
- name: Test 1 SKIP
pause: prompt="Test" seconds=1
when: '"I-Dont-Exist" in group_names and renew_cert == "renew"'
# Valid - Should skip
- name: Test 2 SKIP
pause: prompt="Test" seconds=1
when:
- "'i-dont-exist' in group_names"
- renew_cert == "renew"
# Valid - Should pause
- name: Test 3 PASS
pause: prompt="Test" seconds=1
when:
- "'admintool' in group_names"
- renew_cert == "renew"
# Invalid - Should skip - but eval's True - DONT USE
- name: Test 4 SKIP
pause: prompt="Test" seconds=1
when: ("'admintool' in group_names" and renew_cert == "renew")
# Invalid - Should skip - but eval's True - DONT USE
- name: Test 5 SKIP
pause: prompt="Test" seconds=1
when: ("'I-dont-exist' in group_names")
# Valid - Should pause
- name: Test 6 PASS
pause: prompt="Test" seconds=1
when: ("admintool" in group_names and renew_cert == "renew")
# Valid - Should skip
- name: Test 7 SKIP
pause: prompt="Test" seconds=1
when: ("I-dont-exist" in group_names and renew_cert == "renew")
I keep saying time and time again that Ansible is not a programming language, it’s similar to one, it can do some programming things but ultimately it’s messy and I hate it BUT I can make it do some strange things.
List manipulation being one of those.
In this example I have two directories that I want to compare, directory one (/tmp/1) and directory two (/tmp/2). Directory one is the Source, that I want directory two to look like.
The use case is I want to sync /tmp/1 to /tmp/2 but you only want to remove the files in that are no longer /tmp/1, then you can sync (copy/template) the /tmp/1 directory knowing that nothing exists /tmp/2 that shouldn’t be there.
The ansible code is this with debug statements:
- hosts: local
become: false
tasks:
- name: find 1
find: path=/tmp/1
register: one
- debug: msg="{{ one }}"
- name: find 2
find: path=/tmp/2
register: two
- debug: msg="{{ item.path }}"
with_items:
- "{{ two.files }}"
- set_fact:
one_list: []
two_list: []
new_list: []
- name: append
set_fact: one_list="{{ one_list }} + [ '{{ item.path | basename }}' ]"
with_items:
- "{{ one.files }}"
- name: append
set_fact: two_list="{{ two_list }} + [ '{{ item.path | basename }}' ]"
with_items:
- "{{ two.files }}"
- debug: msg="{{ one_list }}"
- debug: msg="{{ two_list }}"
- set_fact: new_list="{{ two_list | difference(one_list) }}"
- debug: msg="{{ new_list }}"
The final result is new_list is a list (array) that contains what needs to be removed from /tmp/2 to bring it in line with /tmp/1
The problem: Modifying firewall rules on a host that runs Docker or Rancher (cattle) causes the docker-bridges and rancher NAT rules to be blown away, causing all your containers networking to break.
The solution: Modify /etc/sysconfig/iptables as normal and instead of running iptables-restore /etc/sysconfig/iptables run as root: dockerFirewallMerge.py
I’d appreciate some constructive feedback! https://github.com/c … /DockerFirewallMerge
openssl req -x509 -nodes -days <# of days> -newkey rsa:<keysize> -keyout <key_name>.key -out <cert_name>.crt