Spent a good chunk of yesterday and some of this morning stumped by a simple mistake I made. I was trying to use our Satellite server via the Hammer command line tool to launch an instance, and kept getting and error in the content-view section. I tried to list content views and got the same problem. Here is a short section from my bash session.
Category Archives: Uncategorized
Solutions Architect
Today is my first day at Red Hat! Well, OK, I’ve been here a few years, but today I move from Engineering to Sales. My new role is “Specialist Solutions Architect” where that specialty is Cloud.
I have a lot to learn, and I will try to use this site to record the most important and interesting details I learn.
What are the Cloud Products? well, according to Red Hat’s site, they are (please mentally prepend Red Hat to all of these) OpenStack Platform, OpenShift, CloudForms, Virtualization, Certificate System, Directory Server, as well as products bundles built out of these. Of these all, I’d guess I have the most to learn about CloudForms, as I’ve only recently started working with that. Really, though, I have a lot to learn across the board. I know that both Ansible Tower and Satellite server are major integration points for management of servers in the large, and I’ll be expected to provide expertise there as well. Plus, everything builds on the other product lines: RHEL and variants, as well as the Storage and Networking solutions.
This is going to be fun. Time to dig in.
Getting the URLs out of the Service Catalog with jq
When you make a call to Keystone to get a token, you also get back the service catalog. While many of my scripts have used the $OS_AUTH_URL to make follow on calls, if the calls are administrative in nature, you should use the URL in service catalog.
This makes use of curl fetch the token and jq to parse the output.
Continue reading
Installing FreeIPA in as few lines as possible
I had this in another post, but I think it is worth its own.
sudo hostnamectl set-hostname --static undercloud.ayoung-dell-t1700.test export address=`ip -4 addr show eth0 primary | awk '/inet/ {sub ("/24" ,"" , $2) ; print $2}'` echo $address `hostname` | sudo tee -a /etc/hosts sudo yum -y install ipa-server-dns export P=FreIPA4All ipa-server-install -U -r `hostname -d|tr "[a-z]" "[A-Z]"` -p $P -a $P --setup-dns `awk '/^name/ {print "--forwarder",$2}' /etc/resolv.conf`
Testing Fernet Tokens on Tripleo
Not the way to do it long term, but this will give you a chance to play with it.
From the controller node:
sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone sudo crudini --set /etc/keystone/keystone.conf token provider fernet sudo systemctl restart httpd.service
Test it
$ openstack token issue -f shell expires="2016-05-05T05:21:44Z" id="gAAAAABXKspYhz7Ti5ldwi0mU4D69NqTINEU_t-e8MoxqVkVhR40w1E7GOmgai-9lanr2Z6bnoyQSgNWIhD63UOm1Mlsm9_hw5oTCqVO_pWJZwTomlWM2BrG5LqTOyp6PNqYz2pZ0DIaSTOnOQPeVqKp4ot8S3B6oA4Xy1JZo3305DPiApCzOyQ" project_id="b383d314cc344639939f2a9a381a6945" user_id="4e154e7d166d4bd6b8199dfd3a6f2468"
Leadership in Software Development Part 1
I’ve been in and out of leadership roles from High School onward. For the past decade and a half, I’ve been a professional software developer. During that time, I’ve been in a leadership position roughly a third of the time. Recently, I was asked to evaluate my Leadership Philosophy (more on that later). I’ve also had to do the annual counselling that My company formalizes.
One tool we learned in the Army was the list of Leadership principals. As part of my evaluation, I want to see how I think they apply to what I do: Software Development in an Open Source project space. Here’s what I’ve come up with so far:
MySQL On Fedora 20 Setup
I’ve set up MySQL enough times figuring things out from docs that I decided I need to take notes.
This is a destructive re-install. Don’t do this if you value your data. In fact, just don’t do this.
Three Types of Keystone Users
Keystone supports multiple backend for Identity. While SQL is the default, LDAP is one of the most used. With Federation protocols, the user data won’t even be stored in the identity backend at all. All three of these approaches have different use cases, and all work together. The way that that I’ve come to think of them is as three types of Keystone users: employees, partners, and customers. Take the following as a metaphor, not literal truth.
Kerberos for Horizon and Keystone
I have a Horizon instance Proof of Concept. It has a way to go to be used in production, but the mechanism works.
Continue reading
Who holds the keys to the Kingdom
During the years I worked as a Web application developer, it seemed like every application had its own authentication mechanism. An application developer is thinking in terms of the domain model for their application whether it be eCommerce, Systems management, photography, or weblogs. Identity Management is a cross cutting concern, and it is hard to get right. Why, then, do so many applications have “user” tables in their databases?
Continue reading