Archy's Blog

Ansible Automation Platform's Execution Environments offer a robust and efficient solution for managing automation workflows. By encapsulating playbook dependencies within a containerized environment, these environments ensure consistency and reproducibility across deployments, while also preventing conflicts with the underlying system's packages. This approach not only streamlines automation processes but also enhances security by isolating playbook execution, mitigating potential risks associated with dependency conflicts or vulnerabilities. Before installing ansible-builder, confirm that the system has access to the required repositories. Once confirmed, proceed with the installation of ansible-builder and podman by running the command below: [archy@ansible ~]$ sudo dnf -y --refresh install ansible-builder podman Now, we'll create the execution-environment.yml file that defines the configuration for our Ansible Execution Environment. To keep the home-directory organiz...

OpenShift offers the capability to leverage a Directory Service as an authentication source for user lookup. However, it lacks native functionality for automatic group synchronization into its Identity Management system. To achieve group syncing, we will implement a workaround solution. This involves deploying a cronjob that synchronizes groups from the source LDAP (FreeIPA in this instance) to OpenShift's OAuth service. Start by creating a dedicated namespace to encapsulate all the resources required for the automated synchronization of LDAP groups with OpenShift. $ cat << EOF > 0-namespace.yml --- apiVersion: v1 kind: Namespace metadata: name: ldap-group-sync ... EOF $ oc apply -f 0-namespace.yml Given the use of LDAPS with certificates signed by a custom Certificate Authority (CA), it is necessary to create: A ConfigMap to store the CA certificate. A Secret to securely store the password for the service account used for LDAP lookups." $ o...

      NOTE: this guide exists for Upgrading from v3.11 to v3.12 as well -->  here Additionally, ensure the successful completion of the upgrade/migration to an EL9 host. Refer to this post for guidance on upgrading from EL8 to EL9 using Leapp:  Foreman - upgrade from el8 to el9 using leapp . With the current version, the  official documentation  is quite good and can be referenced. I would recommend executing all of these commands in a tmux session so that your session will remain on the server in case anything happens to your workstation. Start by checking for running tasks that would prohibit an update: [root@katello01 ~]# foreman-rake katello:upgrade_check Next, update the katello host and reboot if yum tells you to: [root@katello01 ~]# dnf -4 --refresh upgrade [root@katello01 ~]# dnf needs-restarting -r If there were any updates to foreman-related packages, make sure foreman is in a consistent state: [root@katello01 ~]# foreman-maintai...