Category Archives: Sysadmin

Getting hostname information from the beaker command line

Posted on by
Reply

We use Beaker to allocate and loan computer hardware. If you want to talk to it via the comand line, you can use the bkr executable. Some of the information comes back as json, but beaker tends to speak xml. To look up a host name from a job, you need to be able to parse the xml. To do that, I used the xq execuable from the python yq package. Yes, x and y.

I installed yq via pip. That puts both the xq and yq executablees into ~/.local/bin.

If i know the job ID, I can parse it using the following syntax.

bkr job-results 'J:5078388' | xq -r  ".job | .recipeSet | .recipe| .task | .[] | .roles | .role | .system | .\"@value\""
hpe-apollo-cn99xx-14-vm-12.khw4.lab.eng.bos.redhat.com
hpe-apollo-cn99xx-14-vm-12.khw4.lab.eng.bos.redhat.com

UPDATE: So here is a useful script that makes use of bkr, jq, and xq to list the hostnames of the hosts I currently have on loan from beaker.

for job in $( bkr job-list -o $USER  --unfinished | jq -r '.[]' ) ; do bkr job-results $job | xq -r  ".job | .recipeSet | .recipe| .task | .[] | .roles | .role | .system | .\"@value\"" ; done

Homelab OpenShift 4 on Baremetal: Part 1

Posted on by
Reply

My work as a cloud Solutions Architect is focused on OpenShift. Since I work in the financial sector, my customers are very security focused. These two factorshave converged on me working on OpenShift installs on disconnected networks.

The current emphasis on OpenShift is for virtualization. While virtualization can be nested, it typically has a performance penalty. More important, though, is that virtualization is a technology for taking advantage of bare metal installs.

I need to run OpenShift 4 on baremetal in my homelab via a disconnected install . Here we go.

Continue reading

Adding an IP address to a Bridge

Posted on by
Reply

OpenShift requires a load balancer for providing access to the hosted applications. Although I can run a three node cluster, I need a fourth location to provide a load balancer that can then provide access to the cluster.

For my home lab set up, this means I want to run one on my bastion host….but it is already running HTTP and (FreeIPA) Red Hat IdM. I don’t want to break that. So, I want to add a second IP address to the bastion host, and have all of the existing services make use of the existing IP address. Only the new HA Proxy instance will use the new IP address.

This would be trivial for a simple Ethernet port, but I am using a Bridge, which makes it a touch trickier, but not terribly so.

Continue reading

Introduction to Ironic

Posted on by
Reply

“I can do any thing. I can’t do everything.”

The sheer number of projects and problem domains covered by OpenStack was overwhelming. I never learned several of the other projects under the big tent. One project that is getting relevant to my day job is Ironic, the bare metal provisioning service. Here are my notes from spelunking the code.

Continue reading

DHCP Lease Design

Posted on by
Reply

The key piece of persisted data in an DHCP server is the lease. A lease is a the mapping between a MAC address and an IP address, limited in time. A Lease typically has a start time and an end time, but can be renewed. Because I am still living in an IPV4 world, I have to deal with arbitrarily small pools of IP addresses. Thus, the design needs to strike the balance between static and dynamic: a machine should generally get back the same IP address each time. However, if addresses get tight, address reuse should be aggressive.

Continue reading

Extract Function Refactoring using inline functions.

Posted on by
Reply

The Extract Function refactoring is the starting point for much of my code clean up. Once a “Main” function gets sufficiently complicated, I pull pieces of it out into their own functions, often with an eye to making them methods of the involved classes.

While working with some rust code, I encountered an opportunity to execute this refactoring on some logging code. Here’s how I executed it.

Continue reading

Podman login to a secured registry

Posted on by
1

I took the container registry I ran via podman and put it behind an Apache HTTPD instance secured with mod_ssl. Now when I try to log in to it, I get:

error authenticating creds for “nuzleaf.home.younglogic.net”: error pinging docker registry nuzleaf.home.younglogic.net: invalid status code from registry 403 (Forbidden)

Here’s my debugging notes.

Continue reading