I’ve been running VMware’s Tanzu Kubernetes Grid in HobbitCloud for quite a while. It’s an easy way for me to consume Kubernetes, which I use for demonstrating containerised workload connectivity between clouds. I also deploy container workloads direct from vRealize Automation to TKGm clusters. Continue reading
Automate SSL Certificate Issuing and Renewal with HashiCorp Vault Agent – Part 1: Configure Vault
One of the biggest challenges operations teams face is SSL certificate issuing and renewal. Often this is because different applications, like vendor appliances, have a complicated renewal process. Others can be because corporations simply miss the renewal date. If large enterprises like Microsoft sometimes fail at this, what hope do the rest of us have? Continue reading
Managing Windows hosts using Ansible Tower/AWX and SSH
I’ve recently been working with Ansible as a configuration management solution. Workloads deployed from vRealize Automation to the private cloud are handed off to Ansible Tower, whereas existing infrastructure is managed in the downstream product – AWX. This is mainly Continue reading
Enabling HashiCorp Vault Lookups in Ansible AWX – Part 2
Earlier in the year, I wrote about how to create a Python virtual environment on Ansible AWX to run the HashiCorp lookup module.
The last task is to create the credentials to support the Vault lookup, followed by configuring the necessary variables in the inventory.
Using Continuous Deployment to Provision VDI Desktops
Back in May, I wrote about using GitLab to automate my server builds using HashiCorp Packer. Whilst it is trivially easy to update it to accommodate desktop builds for our VDI users, I now needed a solution to automate the entire workflow – building the image and updating my VMware Horizon desktop pool. In this post, I will document how to do just that, Continue reading
Enabling HashiCorp Vault Lookups in Ansible AWX
Recently I’ve decided to change how I retrieve privilege escalation credentials for production hosts added to Ansible AWX. When I first started out I only had a few machines, so the root/Administrator credential was defined on each host. Whilst this approach is fine for a limited amount Continue reading