Scoped and Unscoped access policy in OpenStack
Ozz did a fantastic job laying out the rules around policy. This article assumes you’ve read that. I’ll wait. I’d like to dig a little deeper into how policy rules should be laid out, and a bit about...
View ArticleManually Adding SSH Keys to a Cloud Image
Not all of my virtual machines run on OpenStack; I have to run a fair number of virtual machines on my personal workstation via libvirt. However, I like using the cloud versions of RHEL, as they most...
View ArticleLaunching a VM From the virsh command line interface
I do this infrequently enough that I want to record a reminder how I do it: sudo cp ~/Downloads/rhel-server-7.6-x86_64-kvm.qcow2 /var/lib/libvirt/images/tower.qcow2 sudo virt-install --vcpus=2 --name...
View ArticleClik here to view.
Updated Home Network Setup
OpenStack is Network intensive. The setup I had previously, based around a Juniper Router, did not have enough Ports to reflect a real OpenStack deployment. I decided to forgo GigE speeds and get an...
View ArticleMapping Network Ports from Physical to Logical
The Workstation on top of my server rack has 3 Ethernet ports. One is built in to the mother board, and and two are on a card. I want to use these three ports for different purposes. How can I tell...
View ArticleClik here to view.
PXE in a VM for Baremetal
One of the main reasons for a strategy of “go virtual first” is the ease of checkpointing and restoring key pieces of infrastructure. When running a PXE provisioning system, the PXE server itslef is a...
View ArticleAzure: from Portal to Ansible: part 2
In my last post, I went from the Azure Web Portal to the command line. Time to go one step further and use Ansible. Table of contents Ansible Modules for Azure Switch to CLI Ansible Modules for Azure...
View ArticleYour Own, Personal, Ansible
Me. Us. Them. The story I tell when I explain the various offereings that Red Hat has based on Ansible follow is based on the progression of Me. Us. Them. Me: Get my playbook working for me on my...
View ArticleAnsible and FreeIPA Part-1
Ansible is a workflow engine. I use it to do work on my behalf. FreeIPA is an identity management system. It allows me to manage the identities of users in my organization How do I get the two things...
View ArticleAnsible and FreeIPA Part 2
After some discussion with Bill Nottingham I got a little further along with what it would take to integrate Ansible Tower and FreeIPA. Here are the notes from that talk. FreeIPA work best when you...
View ArticleExtract Method Refactoring in Rust
I’m writing a simple utility for manage the /etc/hosts file. I want it in a native language so I can make it SUID, or even better, to lock it down via capabilities. I want to remember how to code in...
View ArticleReading Linux groups via the Rust Foreign Function Interface
The world continues to embraces Rust for its safety properties. While writing utilities in Rust, we are going to have to work with existing code to perform common tasks. I recently needed to list the...
View ArticleIterating through an FFI API in Rust
Now that I know I can read a single group, the next step is to iterate. Iteration of this C API requires the ability to test for the end of iteration. For this, I use the std::ptr to test for a null...
View ArticleAccessing C Arrays of String from Rust
Now that I can list the group names, I want to be able to list the member of the groups. First task is to add an field to the GroupEnt structure that can access the member list. The structure now...
View ArticleBuilding the Kolla Keystone Container
Kolla has become the primary source of Containers for running OpenStack services. Since if has been a while since I tried deliberately running just the Keystone container, I decided to build the Kolla...
View ArticleConvert Docker Image Output to an HTML Table
#!/bin/sh docker images | awk ' BEGIN {print ("")}; /REPOSITORY/{ print("" $1,"" $2,"" $3,$4,"" $5"" $6"")} /MB/{ print ("" $1,"" $2,"" $3,"" $4,$5,$6 " " $7,$8 "")} END {print ("")}'
View ArticleSynchronizing Keystones Via the API
When building a strategy for computing, we need to think large scale. I’ve been trying to frame the discussion in terms of a million nodes in a dozen data centers. How is OpenStack going to be able to...
View ArticleUsing nmcli to set nameservers
Using a customer nameserver often requires disabling the DHCP based resolv.conf modifications. Here is what I got to work. I needed to modify the connection associated with the Ethernet device. In my...
View ArticleSuccessful OpenShift 4.1 Disconnected install
This one is going to be a little light on details, as we are still working through it, but I’d just like to share what I’ve been working on the past couple weeks. Note that this is for a...
View ArticleClik here to view.
Package Management Domain Model
Many years ago, when I first started working at Red Hat, I worked up a package management domain model diagram. I’ve referred to it many times over the years, but have never posted or explained it in...
View Article
