Introduction

The article explains how to run your own OpenVPN server. We will create a Certificate Authority Server and an OpenVPN server. We will also generate certificates for the clients. We will also learn how to manage revocation of client certificates using the Ansible roles.

Use the Ansible roles gavika.openvpn and gavika.easy_rsa to install and configure your OpenVPN server.

You can install the OpenVPN server on any public cloud or hosting provider or on-premise servers. The Ansible roles are designed to install the OpenVPN server and a Certificate Authority server.

We are pleased to announce gavika.administrators.

The Ansible role provides a declarative method to create Linux user accounts with administrative privileges. In other words, these users have sudo access without password and are empowered to run all commands on the system.

You might be wondering why you would need a role when you can write a couple tasks yourselves in an Ansible playbook. The reason is, Do Not Repeat Yourself(DRY). Instead of writing such tasks over and over, use the abstraction provided by the role. You just have to write some YAML declaration and be done with it. Moreover, the maintenance is outsourced to an Apache licensed open source software. The role has Molecule tests to boost your confidence.

Short answer: use ipify

ipify provides a simple public address API.

Using the tool, you can determine your public IP address programmatically. If you are using the shell:

curl 'https://api.ipify.org'

Using it in a shell script:

my_ip=$(curl 'https://api.ipify.org' -s)
echo $my_ip

Using the Ansible ipify module:

- hosts: localhost
  vars:
  tasks:
    - name: Get my public IP
      ipify_facts:
        timeout: 20
      delegate_to: localhost
      register: public_ip
    - name: output
      debug: msg="{{ ipify_public_ip }}"

Sample output of Ansible playbook execution:

ansible-playbook ipify.yml 
 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [localhost] **************************************************************************************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************************************************************
ok: [localhost]

TASK [Get my public IP] *******************************************************************************************************************************************************************************************
ok: [localhost -> localhost]

TASK [output] *****************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "49.206.13.205"
}

PLAY RECAP ********************************************************************************************************************************************************************************************************
localhost                  : ok=3    changed=0    unreachable=0    failed=0   

Yesterday, we announced the launch of Ansible role to install and configure AWS CloudWatch Agent.

You might have seen my other open source Ansible roles on Ansible Galaxy and Github.

In the same spirit, the company, Gavika Information Technologies Pvt. Ltd. Bangalore, has started publishing open source projects on Github.
Ansible role to install and configure AWS CloudWatch Agent is the first project. Expect more projects in the future.

These are some guidelines for the Ansible role projects that Gavika follows:

Install the Ansible role gavika.aws_cloudwatchagent via Galaxy

ansible-galaxy install gavika.aws_cloudwatchagent

Create The Playbook File - cw-play.yml :

---
- hosts: all
  become: true
  vars:
  roles:
    - role: gavika.aws_cloudwatchagent

Prepare the AWS CloudWatch Agent configuration

In your variables file, use aws_cloudwatch_agent_config

agent:
    metrics_collection_interval: 60
    run_as_user: "cwagent"
    metrics:
      namespace: "Gavika"
      append_dimensions:
        InstanceId: "${aws:InstanceId}"
      metrics_collected:
        disk:
          measurement:
            - used_percent
          metrics_collection_interval: 60
          resources:
            - "*"
        mem:
          measurement:
            - mem_used_percent
          metrics_collection_interval: 60

In this example, I am using the namespace, Gavika. Feel free to change it. We collect the cpu, disk, diskio, mem and swap metrics. The agent will send these metrics once in 360 seconds.

Ansible comes with a vault feature. It is meant to be used in the context of configuration management. But you can also use it as a standalone simple password vault for your personal or organization’s use.

Initial setup of password vault:

• Create or clone a Git or another SCM repository

git init 

• Create the password vault

ansible-vault create myvault.secret

Type the new master password and confirm, ansible-vault will open your text editor. Type your secrets in the editor and save and quit. To open your vault for viewing or editing in the future, you will need your vault password.

Install PostgreSQL Server

Fedora and CentOS:

sudo dnf install postgresql-server

Ubuntu 18.04:

sudo apt install postgresql

New Server Initialization

On CentOS 7/Fedora 30:

sudo postgresql-setup initdb

Upgrading From An Older Version

sudo postgresql-setup --upgrade

Administering The Database Server

Managing The postgresql Daemon

Starting PostgreSQL server

sudo systemctl start postgresql

Checking PostgreSQL Server Status:

sudo systemctl status postgresql

Enabling PostgreSQL Server Systemd Unit/Enabling PostgreSQL Server On Boot:

sudo systemctl enable postgresql

Allowing Password Based Login From localhost

Edit /var/lib/pgsql/data/pg_hba.conf as privileged user(root) and add this line:

You access Python dictionary keys using the syntax:

my_dicy[my_key]

For example:

>>> my_dict = {'food': 'idly'}
>>> my_dict['food']
'idly'

Sometimes, you might want to access the dictionary keys using:

my_dict.my_key

syntax. If you do this is what happens:

>>> my_dict.food
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'dict' object has no attribute 'food'

How can you solve this? Easy.

 pip install attrdict

How do you use the newly installed package?

>>> from attrdict import AttrDict
>>> my_dict = AttrDict({'food': 'idly'})
>>> my_dict.food
'idly'

In this tutorial, I will provide step-by-step process to implement MySQL replication. We will create one master and one slave. We will use two CentOS 6 servers - one for master and the other for slave. This following steps have been tested on two virtual machines.

Our master server will have IP address 192.168.122.10. Our slave server will have IP address 192.168.122.12.

You might want to run SELinux in permissive mode.

If you have to insert a comment on several lines do you do manually insert the comment character in every line? Stop. Vim is a good editor and has a nice feature to accomplish this quickly. Here are the steps:

1. Enter visual blocking mode by pressing CTRL V (CTRL key and the lowercase v).
2. Make your selection using motion keys(jklm, etc.).
3. Press I(uppercase I) to enter block insert mode.
4. Press #, the comment character.
5. Press Esc key. The comment character # will be inserted on each line the visual block selection.

Read more about visual blocking mode using the vim help topic visual-block. At the command line(:), type help visual-block.