How SELinux screws with scripts when run over VMware Tools

SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API). This can be solved two ways: Disabling SELinux: BAD, but easy Writing a custom SELinux policy: complicated but more secure Note: Adding/Changing this policy through a VMware tools connection is thankfully possible Example policy This policy is the base for a VMware tools policy and allows entering the rpm context (yum). module custom-vmtools 1. [Read More]

Replace Line In YAML While Keeping Indentation Using Ansible

In theory Ansible should be declarative and have full control over the systems we touch with it.

In practice, this is unfortunately not always the case.

With this nifty task we can replace the value of a key (given as yaml_key) to a new value (given as new_value) while preserving it’s indentation.

- name: Replace values in YAML file while keeping their indentation
  lineinfile:
    backup: true
    backrefs: true
    state: present
    path: foo.yaml
    regexp: '^(\s*){{ yaml_key }}:.*'
    line: '\1{{ yaml_key }}: {{ new_value }}'

#ansible

Looping Dates macOS

date on MacOS does not support --date, so a workaround is needed. Converting Date to unix epoch, adding one day in epoch and converting back. The Scripty Way Taken from a blog post #!/bin/zsh start=$year-01-01 end=$year-12-31 currentDateTs=$(date -j -f "%Y-%m-%d" $start "+%s") endDateTs=$(date -j -f "%Y-%m-%d" $end "+%s") offset=86400 while [ "$currentDateTs" -le "$endDateTs" ] do date=$(date -j -f "%s" $currentDateTs "+%Y-%m-%d") echo $date currentDateTs=$(($currentDateTs+$offset)) done The Brew Way As I found out long after writing the above you can simply brew install coreutils and get a date command with the --date option. [Read More]
macos  bash 

Ansible VMware Connection Plugin & Become

When using VMware as the connection plugin to connect to remote hosts you commonly set two facts for username and password: ansible_vmware_tools_user:"mkamner"ansible_vmare_tools_password:"Super Secret PW"This will work just fine for windows and with many tasks on linux. However, if you want to use become: true on linux it will fail with the strangest error messages. For example: apt will fail, because it can’t acquire the lock file The solution is rather simple, become does not honor the VMware facts set, instead it wants two different facts set: [Read More]