Securing nginx on VMware TKGm with the NSX Advanced Load-Balancer and HashiCorp Vault

April 28, 2022April 28, 2022 / Mark Brookfield / Leave a comment

I’ve been running VMware’s Tanzu Kubernetes Grid in HobbitCloud for quite a while. It’s an easy way for me to consume Kubernetes, which I use for demonstrating containerised workload connectivity between clouds. I also deploy container workloads direct from vRealize Automation to TKGm clusters. Continue reading →

Automate SSL Certificate Issuing and Renewal with HashiCorp Vault Agent – Part 1: Configure Vault

January 11, 2022January 11, 2022 / Mark Brookfield / 2 Comments

One of the biggest challenges operations teams face is SSL certificate issuing and renewal. Often this is because different applications, like vendor appliances, have a complicated renewal process. Others can be because corporations simply miss the renewal date. If large enterprises like Microsoft sometimes fail at this, what hope do the rest of us have? Continue reading →

Managing Windows hosts using Ansible Tower/AWX and SSH

November 26, 2020November 26, 2020 / Mark Brookfield / 2 Comments

I’ve recently been working with Ansible as a configuration management solution. Workloads deployed from vRealize Automation to the private cloud are handed off to Ansible Tower, whereas existing infrastructure is managed in the downstream product – AWX. This is mainly Continue reading →

Enabling HashiCorp Vault Lookups in Ansible AWX – Part 2

November 11, 2020February 8, 2021 / Mark Brookfield / Leave a comment

Earlier in the year, I wrote about how to create a Python virtual environment on Ansible AWX to run the HashiCorp lookup module.

The last task is to create the credentials to support the Vault lookup, followed by configuring the necessary variables in the inventory.

Continue reading →

Using Continuous Deployment to Provision VDI Desktops

November 6, 2020April 5, 2021 / Mark Brookfield / 3 Comments

Back in May, I wrote about using GitLab to automate my server builds using HashiCorp Packer. Whilst it is trivially easy to update it to accommodate desktop builds for our VDI users, I now needed a solution to automate the entire workflow – building the image and updating my VMware Horizon desktop pool. In this post, I will document how to do just that, Continue reading →

Enabling HashiCorp Vault Lookups in Ansible AWX

July 23, 2020January 28, 2021 / Mark Brookfield / 3 Comments

Recently I’ve decided to change how I retrieve privilege escalation credentials for production hosts added to Ansible AWX. When I first started out I only had a few machines, so the root/Administrator credential was defined on each host. Whilst this approach is fine for a limited amount Continue reading →

virtualhobbit

Big IT, Hobbit sized

Vault