Step 3 of the 12 Factor app is to store config in the environment. For Keystone, the set of configuration options is controlled by the keystone.conf file. In an earlier attempt at containerizing the scripts used to configure Keystone, I had passed an environment variable in to the script that would then be written to the configuration file. I realize now that I want the whole keystone.conf external to the application. This allow me to set any of the configuration options without changing the code in the container. More importantly, it allows me to make the configuration information immutable inside the container, so that the applications cannot be hacked to change their own configuration options.Continue reading
Web base user interfaces are great at walking a user through tasks they do not know how to perform yet. In my case, I want to launch a MariaDB instance on OpenShift. Eventually, I want to do this from the command line. Here are my steps.
Cloud is easy. It is networking that is hard.
Red Hat supports installing OpenShift on OpenStack. As a Cloud SA, I need to be able to demonstrate this, and make it work for customers. As I was playing around with it, I found I could not tear down clusters due to a dependency issue with ports.Continue reading
Many years ago, when I first started working at Red Hat, I worked up a package management domain model diagram. I’ve referred to it many times over the years, but have never posted or explained it in detail. Recently, discussions over image building software caused me to refer to it a few times. Here it is, with annotations below.Continue reading
This one is going to be a little light on details, as we are still working through it, but I’d just like to share what I’ve been working on the past couple weeks. Note that this is for a proof-of-concept cluster, and is not for production.Continue reading
Using a customer nameserver often requires disabling the DHCP based resolv.conf modifications. Here is what I got to work.Continue reading
The world continues to embraces Rust for its safety properties. While writing utilities in Rust, we are going to have to work with existing code to perform common tasks. I recently needed to list the set of Linux groups registered on a system, and get access to the users assigned to each. Here’s my notes of what I learned.Continue reading
Ansible is a workflow engine. I use it to do work on my behalf.
FreeIPA is an identity management system. It allows me to manage the identities of users in my organization
How do I get the two things to work together? The short answer is that it is trivial to do using Ansible Engine. It is harder to do using Ansible tower.
Edit: Second part is here. Third part is coming.Continue reading