Tag: DevOps

Move Terraform Providers to Other Folders

Create a new control file with the name .terraformrc or terraform.rc in your profile folder.

Add the following lines:

plugin_cache_dir   = "$HOME/.terraform.d/plugin-cache"

Create the folder .terraform.d/plugin-cache in your profile folder.

The providers will be downloaded to the cache folder when you run terraform init.

If you don’t want to create the control file in the profile folder. Alternative is to create an environment variable.

export TF_PLUGIN_CACHE_DIR="$HOME/.terraform.d/plugin-cache"

Setup Terraform and Ansible for Windows provisionon CentOS

black server racks on a room

Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it’s a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system.

  1. Install required repos for yum.
yum -y install https://repo.ius.io/ius-release-el7.rpm
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm
yum -y install epel-release
yum -y install yum-utils
yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
  1. Install Terraform.
sudo yum -y install terraform
  1. Install Ansible.
sudo yum -y install ansible
  1. Install Kerberos.
yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation
  1. Install pip.
sudo yum -y install python-pip

# You probably need the following packages if you are using VPN
pip install pysocks
  1. Install pywinrm[kerberos].
pip install pywinrm[kerberos]
  1. Configure /etc/krb5.conf.
    The following are the required lines. Please make sure to change the domain name to yours. And it’s case-sensitive.
[libdefaults]
 dns_lookup_realm = true
 dns_lookup_kdc = true
 forward = true
 forwardable = true
 default_realm = ZHENGWU.ORG


[realms]
 ZHENGWU.ORG = {
  kdc = DC.ZHENGWU.ORG
  admin_server = DC.ZHENGWU.ORG
 }

[domain_realm]
 .zhengwu.org = ZHENGWU.ORG
 zhengwu.org = ZHENGWU.ORG
  1. Create an Ansible inventory file.

[win] #Group name
dc.zhengwu.org #This is the target server list
 

[win:vars]
ansible_connection=winrm 

ansible_user=administrator #It's better a domain admin account.
ansible_password=P@ssw0rd #Change this password
ansible_port=5985
ansible_winrm_transport=kerberos
ansible_winrm_server_cert_validation=ignore
  1. Run Ansible win_ping test.
ansible <group in inventory file> -m win_ping -i <inventory file>

Packer Naming Conflicts with Linux Native Command

Packer Naming Conflicts

HashiCorp Packer is a standalone tool for image management across multi-cloud providers. The installation is simple. But you may experience packer command naming conflicts if the OS is Red Hat or CentOS.

For example, run following command and see nothing returned back on the screen.

packer

And if you hit ‘Enter’ key. The return is:

skipping line: 1
skipping line: 2
skipping line: 3
skipping line: 4
skipping line: 5
skipping line: 6
skipping line: 7

If you see same behavior on the machine. Certainly you are experiencing the same issue here.

The reason is the packer naming conflicts with the Red Hat / CentOS native module cracklib. Some articles on the internet say delete the native packer command. However, I think that’s not an ideal option. Because the module is used to generate a random password and check the password complex level.

The alternative I’m using is rename my HashiCorp Packer command.

Firstly, you need to rename the HashiCorp Packer command:

mv packer packer.io

Secondary, specific the HashiCorp Packer path in the environment variables. I assume the HashiCorp Packer is installed under /packer/ directory.

cd /etc/
echo 'PATH="$PATH:~/packer/"' >> .bash_profile
source .bash_profile

The drawback is you have to use the renamed command packer.io instead of packer for HashiCorp Packer.

Following are some references about cracklib.

How To Check Password Strength In Linux With Cracklib?

cracklib2 – utilities

Update 05/21/2021: HashiCorp document also mentioned this issue. Thanks, Abe! 🙂