Iterating lists of lists using Ansible

Let's say you want to query some information for one of your instances, like the volumes associated with it:

Using the AWS CLI, you might do something like this to traverse the lists within lists:

aws ec2 describe-instances --instance-ids i-3e9217aa --query Reservations[*].Instances[*].BlockDeviceMappings[*]
.Ebs.VolumeId 

Assuming your using an Ansible dynamic inventory, you can traverse the sub-lists of your inventory like this:

Ansible project setup

  1. Setup virtual environment
  2. Setup access keys
  3. Setup remote inventory
  4. Setup github
  5. Create symbolic links
       ----
        cd ~/
        ln -s [working directory] working
        cd working

Github basics

Setup

git clone https://github.com/[USERNAME]/[PROJECT].git
git remote set-url origin git@github.com:[USERNAME]/[PROJECT].git

Add to .bash_profile:
    ----------------
    if [ -z "$SSH_AUTH_SOCK" ] ; then
              eval `ssh-agent -s`
                ssh-add /home/ec2-user/.ssh/id_rsa_github
                ssh-add -l
        fi
    ----------------
Log out & log back in

ssh -T git@github.com

Update your entire repository

git add .
git commit -m "[MESSAGE]"
git push origin master

Useful strace commands

Capture a command's conversation with a local socket

strace -e trace=read,write -s 2048 <command>

Portable Raspberry Pi Firewall

The other day I found myself with no internet connection at home. A storm had come through that night, and knocked the whole area out. So, I had to find another location to work for the day. I found solace at a nearby Starbucks, and I figured all would be fine. The problem was, the type of work I do requires that I have a handful of virtual machines on my laptop with some non-standard networking between them, and enabling the firewall on macOS broke it all.

Useful powershell one-liners

Watch port availability

cls;while($true){get-date;$t = New-Object Net.Sockets.TcpClient;try {$t.connect("10.45.2.68",3389);write-host "RDP is up"}catch{write-Host "RDP is down"}finally{$t.close();sleep 30}}

Watch the event viewer

cls;$idxA = (get-eventlog -LogName Application -Newest 1).Index;while($true){$idxA2 = (Get-EventLog -LogName Application -newest 1).index;get-eventlog -logname Application -newest ($idxA2 - $idxA) |  sort index;$idxA = $idxA2;sleep 10}

Watch the current status of specific EC2 instances

Writing truly random data to disk

Use this if you're having problems getting accurate disk read and write statistics due to de-duplication.

Using the AWS CLI to check user permissions

The total permissions of a single user are compiled from several places, so you have to use several commands to catch them all.

aws iam list-groups-for-user --user-name
aws iam list-attached-group-policies --group-name
aws iam list-group-policies --group-name
aws iam list-attached-user-policies --user-name
aws iam list-user-policies --user-name

Here's a quick powershell script that can automate this output:

How to manage a dynamic inventory using ansible on AWS

Building on the ansible tutorial from earlier, this tutorial shows you how to use your existing virtual environment to control your AWS ansible inventory. This saves you from having to upload playbooks and maintain ansible installations - basically you can run your playbooks from your work station using your workstation's ansible installation to send commands to your inventory over SSH.

IPSec Troubleshooting

Some handy commands to see what's going on with a strongswan-based ipsec connection

ip -s xfrm state
ip route list table 220
ipsec status

Pages

Subscribe to badllama.com RSS