Lately I’ve been experimenting with ansible a lot.
Dealing with linux hosts is straightforward enough, and you’ll be able to find all sorts of information with google, but ansible can also deal with windows hosts, and that’s where it gets a bit more interesting.
To be able to manage a windows host with ansible, you have to:
create a user account on the machine (or in the windows domain) who has to be a member of the administrators group
make sure you use the right ansible modules, if there are special modules for windows for any given purpose they will start with win_, for example instead of copy: for a windows host you’d use win_copy. Some modules simply do not exist as a win_ version, but the generic unix version does not work on windows, for example the telegram notification module, but that you can safely delegate_to: localhost when you want to use it (unless your management host does not have internet access).
set up a group in your inventory for your windows hosts, and add the variables for winrm access as group_vars for that group
Here’s an example for a simple playbook that installs all the latest updates, and reboots the target host if necessary:
You’ll notice that the handler: that reboots the target has a when: condition that uses a variable I haven’t mentioned yet. It’s easy enough: two of the windows hosts I am managing have dual boot setups, by default they reboot to linux. I’m dealing with that by creating TWO host entries in my inventory, the regular one, and one with a different name, and two host_vars:
I just came across this article about captive portals (these annoying websites that force you to a “accept TOS” page on public wifis) that we all hate so much.
I can only agree with what’s said in there, to 200%, but it’s even worse than that: A captive portal is a real danger to the security of your mobile device.
An attacker could easily setup a microcomputer for 15$ to run as access point, and send out the SSID of a well known public WiFi, and then redirect every client to a version of that WIFI’s captive page that has malicious things built it. It could trick you into giving away your credit card information, social security number, or any other valuable information, or maybe even worse, install backdoors on your device.
The script operates under a few assumptions (yes I know, assume makes an ass out of you and me), but what can you do, except calling them prerequisites:
Your system has all the latest updates applied according to your current repository setup (run “zypper patch; zypper dup” until there is nothing left to install)
All enabled repositories have priorities set that make it crystal clear which of them are preferred over which in case a package appears in more than one repo
All enabled repositories also exist for the target version, and use a repository URL that has that version number in it, and where the version number is the only difference between versions (this should usually be true for repositories from OBS and/or packman, buy YMMV)
If all this is true, running the script will create a backup of your current repository structure under /etc/zypp/repos.d_(current_version), and a repo setup for the target version under /etc/zypp/repos.d_(target_version), and then link the new structure to /etc/zypp/repos.d, and after that it will clean zyppers cache, refresh all repositories, and tell you the commands to execute to actually run the upgrade.
You might want to do those commands inside a screen session. You have been warned.
This script is provided with no warranty at all. Use it at your own risk. If you break things you get to keep the pieces.
If by any chance your root filesystem is on either LVM or btrfs, do a snapshot before you start upgrading your system.
So far I have used this script on two desktop systems which each use 20++ different repositories from OBS and packman, and no problems (aside from a few glitches in 42.3 that are connected to the nvidia drivers, but not to this upgrade process).
Update: in the last 4 days I updated five different machines using my script: my desktop computer which runs with 23 different repositories from OBS, my laptop and my work laptop which both run with 25 repos, my cloud host which runs with 10 repositories and my internal server/firewall which also runs with 10 repositories… no problems so far.
…or is it maybe being broken by people who think it is broken?
I’m pretty sure a lot of people here in Germany have heard the common complaint about end user internet connections being slow in the afternoon and evening because “everybody is watching netflix now” and similar stuff.
I was voicing the same complaint, over and over. My 400MBit cable link at home would drop down to under 80MBit in the evenings, and in downspikes go as low as TEN megabit/second. So I started measuring regularly with speedtest-cli which measures against the closest speedtest..net server, and the graphs in munin were pretty awful. Every day at around noon the performance would start to drop, and go down to around 50mbit by 11pm, and then after midnight would normalize again.
but, here’s the thought: What if it is not actually my internet connection?
What if it’s because everybody thinks their internet connection is bad, and starts hitting the speedtest.net servers so hard that they start to slow down?
… So I switched to measuring against a speedtest.net mini server that I’m hosting myself, and no-one else uses… and guess what. My internet performance still drops in the afternoon and evening, but nowhere as dramatic as before.
Makes you think about self-fulfilling prophecies, or maybe internet speed is related to Schrödingers Cat.
Edit: Here are two bandwidth graphs from my connection. The first one’s from when I was measuring against the official speedtest.net servers:
The second one was created the same way, but instead of using a random speedtest.net server for every data point I have been measuring against my own speedtest mini server on my cloud host:
I just hope that that new test site run by the Bundesnetzagentur has enough power to handle the load without drooping.
Live Upgrade, with my tried and trusted method. By now that method is so polished that I had no issue whatsoever, so I did all three computers at the same time. I’m just glad to have a decent internet connection… I think the total downloads added up to somewhere near 15 gigabyte.
Now I’m on 42.1 using Plasma 5, and so far I mostly like it. A few features and settings have gone from parts of the kdepim suite, and there is one weird glitch-error where starting kopete gets me a weird “file: ioslave has been terminated” error, that I’m sure is somehow related to kopete styles. Maybe when I’ll do my desktop I’ll do the upgrade to Leap first, and then the upgrade to the latest plasma5, and not the other way around like on this laptop.
On the whole I’m happy with what I have here.
One little thought just keeps nagging me:
How come that Plasma 5 with the breeze style looks a LOT like Windows 10? …, wait, Windows 10 came after Plasma 5, right?
Edit, 2016-09-14: Turns out I should have done the upgrade to Leap 42.1 first, and THEN the KF5 update. I had some repositories enabled that should not be mixed. Disabled the bad ones, zypper dup -l, all is well.