Inspecting OpenShift cgroups from inside the pod
·1052 words·5 mins
My team at Red Hat builds a lot of kernels in OpenShift pods as part of our work with the Continuous Kernel Integration (CKI) project.
Ansible
2019
Running Ansible in OpenShift with arbitrary UIDs
·590 words·3 mins
My work at Red Hat involves testing lots and lots of kernels from various sources and we use GitLab CE to manage many of our repositories and run our CI jobs.
2017
Ensuring keepalived starts after the network is ready
·310 words·2 mins
After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time:
Changes in RHEL 7 Security Technical Implementation Guide Version 1, Release 3
·501 words·3 mins
The latest release of the Red Hat Enterprise Linux Security Technical Implementation Guide (STIG) was published last week.
Import RPM repository GPG keys from other keyservers temporarily
·311 words·2 mins
I’ve been working through some patches to OpenStack-Ansible lately to optimize how we configure yum repositories in our deployments.
Apply the STIG to even more operating systems with ansible-hardening
·215 words·2 mins
Tons of improvements made their way into the ansible-hardening role in preparation for the OpenStack Pike release next month.
Old role, new name: ansible-hardening
·164 words·1 min
The interest in the openstack-ansible-security role has taken off faster than I expected, and one piece of constant feedback I received was around the name of the role.
Enable AppArmor on a Debian Jessie cloud image
·472 words·3 mins
I merged some initial Debian support into the openstack-ansible-security role and ran into an issue enabling AppArmor.
OpenStack-Ansible networking on CentOS 7 with systemd-networkd
·568 words·3 mins
Although OpenStack-Ansible doesn’t fully support CentOS 7 yet, the support is almost ready.
RHEL 7 STIG v1 updates for openstack-ansible-security
·204 words·1 min
DISA’s final release of the Red Hat Enterprise Linux (RHEL) 7 Security Technical Implementation Guide (STIG) came out a few weeks ago and it has plenty of improvements and changes.
augenrules fails with “rule exists” when loading rules into auditd
·425 words·2 mins
When I came back from the holiday break, I found that the openstack-ansible-security role wasn’t passing tests any longer.
2016
Talk recap: The friendship of OpenStack and Ansible
·569 words·3 mins
The 2016 Red Hat Summit is underway in San Francisco this week and I delivered a talk with Robyn Bergeron earlier today.
Talk Recap: Automated security hardening with OpenStack-Ansible
·597 words·3 mins
Today is the second day of the OpenStack Summit in Austin and I offered up a talk on host security hardening in OpenStack clouds.
Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS
·693 words·4 mins
Let’s Encrypt has taken the world by storm by providing free SSL certificates that can be renewed via automated methods.
2015
What I learned while securing Ubuntu
·1308 words·7 mins
The blog posts have slowed down a bit lately because I’ve been heads down on a security project at work.
Automated testing for Ansible CIS playbook on RHEL/CentOS 6
·127 words·1 min
I started working on the Ansible CIS playbook for CentOS and RHEL 6 back in 2014 and I’ve made a few changes to increase quality and make it easier to use.
Test Fedora 22 at Rackspace with Ansible
·105 words·1 min
Fedora 22 will be arriving soon and it’s easy to test on Rackspace’s cloud with my Ansible playbook:
2014
Try out LXC with an Ansible playbook
·406 words·2 mins
The world of containers is constantly evolving lately.
Test Fedora 21 at Rackspace with Ansible
·73 words·1 min
Fedora 21 reached Alpha status last month and will reach beta status at the end of October.
Get colorful ansible output in Jenkins
·228 words·2 mins
Working with ansible is enjoyable, but it’s a little bland when you use it with Jenkins.