Ansible, App Pool, and Specific Identity

Is it possible to create an IIS Application Pool that uses a custom identity with Ansible?

I asked the question on the Ansible forums and got the following response.

  1. Create the Application Pool first using “win_iis_webapppool
  2. Then switch the pools Identity using module “win_command” and the “appcmd.exe” command.

Here are the results and notes from my implementation.

  1. Create playbook that creates pool and then updates (Example below)

    • – hosts: windows
      remote_user: buildadmin
      tasks:
      – name: Create new application pool
      win_iis_webapppool:
      name: “{{ apppool }}”
      state: started
      attributes: ‘managedRuntimeVersion:v4.0|autoStart:false’
      – name: Update application pool identity
      win_command: ‘C:\Windows\System32\inetsrv\appcmd set config /section:applicationPools /[name=”{{ apppool }}”].processModel.identityType:SpecificUser /[name=”{{ apppool }}”].processModel.userName:buildadmin /[name=”{{ apppool }}”].processModel.password:myPassword’
  2. Run the playbook against my windows machines with a command line variable
    • ansible-playbook -v installWebsiteApplication.yml -i hosts –extra-vars “apppool=devopsWebsite_1_1_2017”

appPool

AWS S3 – Versioning

By default, your S3 bucket in AWS will have versioning disabled.  The following link explains the different S3 storage classes.

There are three S3 versioning states that you should be aware of.  Once you enable versioning on your bucket, you can’t go back to unversioned, but rather just the suspended state.

  • unversioned (the default)
  • versioning-enabled
  • versioning-suspended

Enabling versioning is relatively easy.  Be aware that there is a cost associated with this as additional data is stored.

To view the versioning state of a S3 bucket, you can use any of the following tools.

Telerik TFS Work Item Manager (WIM)

I just recently found the need to use the Telerik TFS dashboard again.  This was a tool I used in the past all the time to help facilitate Scrums with remote individuals.  I was disappointed to read the following forum response on the future of the tool.

I understand the discussion as future versions of TFS include dashboard features out-of-the-box (TFS 2013+).

Anyways, until I upgrade to an unsupported TFS version, I will continue to use the tool.

TICK Stack – Beginner Notes

What is the TICK stack?  Its the combination of “open source” products that make up the InfluxData monitoring and analytics platform.

  • T = Telegraf
    • Responsible for collecting data (metrics) and shipping to InfluxDB
  • I = InfluxDB
    • Responsible for storing the data
  • C = Chronograf
    • Gui for visualization of data in InfluxDB
  • K = Kapacitor
    • Framework for providing action against the data.  (e.g alerts, anomaly action)

Below are some helpful notes for getting the TICK stack components setup and running.

Installing\configuring InfluxDB

  1. The following link is a great resource on getting the InfluxDB installed
  2. By default the following locations will be used for the DB data and can be adjusted in the influxdb.conf file. (Helpful Link)
    • /var/lib/influxdb/meta [Info]
    • /var/lib/influxdb/data [Info]
    • /var/lib/influxdb/wal [Write Ahead Log – Info]
  3. By default the following HTTP port will be used and can be adjusted in the influxdb.conf file.
    • bind-address = “:8086”
  4. After installing InfluxDB, you may need to start the service.  You can always verify the service is running as needed.
    • service influxdb status
  5. For additional verification after you install and start the InfluxDB, you can verify the ports are listening using “netstat“.  If netstat is missing install as needed “yum install net-tools” for RHEL.
    • netstat -vatnp | grep 8086
  6. You can also connect to the DB and execute a simple query.
    • influx -host <host_name> -port <port_number>
    • show databases
  7. To adjust what conf file is used by the InfluxDB at service startup, you will want to look at the influxdb.service file in the following locations.
    • /usr/lib/systemd/system/
    • /run/systemd/system/
    • /etc/systemd/system/

Installing\configuring Telegraf

  1. The following link is a great resource on getting the Telegraf installed on a Linux server.
  2. The default configuration file used by Telegraf will be the following.
    • /etc/telegraf/telegraf.conf
  3. In the default conf file you will notice the following lines that represents the InfluxDB that will be used.  You will need to adjust as needed.
  4. If the above database does not exist, you will need to create it using the “Influx” commandline.
    • CREATE DATABASE telegraf
  5. You will want to execute the following command to verify the Telegraf service status and if stopped start as needed.
    • service telegraf status
  6. You will probably want to enable some inputs such as memory and cpu initially and setup the output to influxdb.  You can do this by running the following command from the /etc/telegraft/ dir to create a new conf file.
    • telegraf -sample-config -input-filter cpu:mem -output-filter influxdb > telegraf.conf
  7. You will need to restart the Telegraf service to pickup the new conf file changes.
    • service telegraf restart
  8. Finally you should be able to query the InfluxDB for your data using the following influx commands.
    • use telegraf (Specify what database we are using)
    • show measurements (Should return mem and cpu)
    • SELECT time, usage_system FROM cpu WHERE time > now() – 1m (Show time and system usage entries for the last minute from cpu)
  9. To adjust what conf file is used by the Telegraf at service startup, you will want to look at the telegraf.service file in the following locations.
    • /usr/lib/systemd/system/
    • /run/systemd/system/
    • /etc/systemd/system/

Installing\configuring Chronograf

  1. The following link is a great resource on getting Chronograf installed
    • Installation document on github. [Link]
  2. To adjust what DB, IP and Port is used by the Chronograf at service startup, you will want to look at the chronograf.service file in the following locations.
    • /usr/lib/systemd/system/
    • /run/systemd/system/
    • /etc/systemd/system/
  3. By default, the local firewall may block the default Chronograf port 8888, so you may need to update your firewall rules as needed.
  4. When you initially log into Chronograf, you will enter the InfluxDB connection details.
  5. The example below shows our Telegraf cpu\mem input filter data in Chronograf.
    • Chronograf.png

Installing\configuring Kapacitor

  1. The following link is a great resource on getting the Kapacitor installed.
  2. The default configuration file used by Kapacitor will be the following.
    • /etc/kapacitor/kapacitor.conf
  3. In the default conf file you will notice the following lines that represents the InfluxDB that will be used, along with many other settings.  You will need to adjust as needed.
  4. To adjust what config file is used by the Kapacitor at service startup, you will want to look at the kapacitor.service file in the following locations.
    • /usr/lib/systemd/system/
    • /run/systemd/system/
    • /etc/systemd/system/
  5. After installation, you an start the Kapacitor service
    • service kapacitor start
    • service kapacitor status
  6. Now you should be able to log into the Chronograf UI and add the Kapacitor instance.
    • KapacitorRules2
  7. After the Kapacitor instance is added, you can configure Alerts directly through the gui, rather than through the CLI.  This will save you valuable time!
    • KapacitorRules1
  8. After you save your new Alert, you can run the following commands to view the Alert details from the Kapacitor database
    • kapacitor list tasks
    • kapacitor show <id_from_list_tasks_command_above>

Final thoughts

These tools make a great OpenSource monitoring solution that can handle easy to advanced alerting.  My next step is to research using this solution for live stats.

KapacitorRules3.png

Ansible and Windows – Setup Notes

Using Ansible to manage Windows hosts gives sys admins the ability to use the same tool-set between Linux and Windows hosts.

Below are some notes, issues, and resolutions, you may find useful during your Windows setup.

  1. On the Ansible controller instance, you will want to install the Python library for Windows Remote Management (WinRM).
    • sudo pip install pywinrm
  2. Configure Ansible to work with Windows hosts.  Follow the links below for configuring Ansible to work with your Windows host.
  3. On the Windows host, you will want to execute the bootstrap WinRM powershell script.  This script will setup WinRM on the Windows host(s)
  4. On your Windows host, you will want to configure a new user with Admin privileges.  This username and password will be added to your windows.yml file.
  5. If you encounter the following error, you will want to set “ansible_winrm_server_cert_validation: ignore” in the windows.yml file.
    • msg”: “ssl: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)”
  6. Finish your testing with a quick win ping test.
    • ansible windows -i hosts -m win_ping
  7. If you encounter issues pinging your Windows host, you can manually try to access the Windows host WinRM endpoint with curl.
    • curl -vk -d “” -u ‘<username>:<password>’ https://host:5986/wsman
      • “…the default ports used for WS-Management and PowerShell remoting have been changed to 5985 an 5986 for connections over HTTP and HTTPS, respectively.” Source
    • You can also verify your WinRM configuration on the host as needed using this command.
      • winrm g winrm/config

If all goes well, you should get the following output back from your ping command.

[myUser@myServer]$ ansible windows -i hosts -m win_ping
1.1.1.1 | SUCCESS => {
“changed”: false,
“ping”: “pong”
}

VirtualBox\Guest Additions\Linux

If you are using VirtualBox and want some additional features present in your guest VM (RHEL), then you will probably end up “trying” to install Guest Additions within your VM. (e.g Shared folders, viewing guest properties from the host)

In my case, I had a VM up and running fine, but was unable to get the IP address of the VM from my host using the following command. (Host = Windows 10)

  • VBoxManage guestproperty enumerate <vm_name> | findstr IP

So after doing some research, I landed on a solution.  Install Guest Additions for VirtualBox on my VM and I will be able to retrieve the VM property “/VirtualBox/GuestInfo/Net/0/V4/IP” !

Next step, install Guest Additions using the following link.

Unfortunately I encountered the following error…..  Arrrgggg…

Unable to insert the virtual optical disk C:\Program Files\Oracle\VirtualBox\VBoxGuestAdditions.iso into the machine CentOS. Would you like to try to force insertion of this disk? Count not mount the media/drive ‘C:\Program Files\Oracle\VirtualBox\VBoxGuestAdditions.iso’ (VERR_PDM_MEDIA_LOCKED).

After some serious digging on the internet, I was able to finally find a solution.

  1. Before doing anything, you should install gcc kernel-devel bzip2 on the VM.
    • yum install -y gcc kernel-devel bzip2
  2. Download the corresponding “VBoxGuestAdditions_<version>.iso” from the following link.
  3. With your VM turned off, remount the Optical Drive (cdrom) to the location of the new .iso file.
    • guestadditions
  4. Now mount the .iso location
    • mount /dev/cdrom /mnt
  5. From within the /mnt folder, you can install Guest Additions using the following command. (May need to use sudo)
    • ./VBoxLinuxAdditions.run
  6. Reboot the VM to start the Guest Addition service.

Note: If there are issues with the install, the output from the Guest Addition install will reference log files that will help you understand the issue.

Agile Testing Pyramid

If you have ever developed a build\deployment pipeline with automated UI testing at the end, then this article is for you!

Its spot on with how fragile UI tests can be and the amount of $$$$ it cost to keep maintaining them.

So in a nut shell, this is what I am taking away from the article in regards to testing strategies.  (#1 below is given the most priority, with #3 given the least)

  1. Focus most of your testing on unit testing.  Really get your developers to put effort into building out unit tests and make sure they are executed with every build.
    • Failed unit tests = failed builds
    • Automate everything!!!
  2. Next, try to test services individually via automation.  An important aspect here is that the UI shouldn’t contain service\logic features, but just UI controls that call back into the service.
  3. Finally, the UI testing that seems to always need maintenance should be given the least amount of attention.  Something that still needs to be done, but your focus should not be here exclusively.

pyramid

Interesting article….  Seems like back in the waterfall days the focus was on finding bugs, but now with agile, the focus is on preventing bugs…

My vote is for Agile! 🙂

Selenium via Firefox, CMD, and Jenkins

So you would like to execute tests using Selenium against a Website.  Below are 3 ways that you can execute Selenium for testing.

Selenium via Firefox.

  1. You must have Firefox installed.
  2. You will need the Selenium IDE add-on
  3. After installing the add-on, you should restart FireFox and verify the Selenium tool installed properly.
    • selenium1
  4. Now you can open the IDE from Firefox.  From the IDE you can record a test case or load an existing test case\test suite to execute.  (If creating a new test case, save as testcase.html)
    • Below is a simple test case for demonstration purposes.  (control\shift\c to inspect element id’s on the given webpage)
    • selenium2

Selenium via CMD.

  1. Before we run the test case from the command line, we must create a test suite html file that calls the test case html file. (Great link below)
  2. Now you will need to download the Selenium server jar (e.g. 2.45)
  3. If you are downloading the 3.0 Selenium jar, you will also need to download the latest geckodriver to support Firefox with Selenium 3. (exe must be in your path)
  4. With the files in place on your computer, you can execute the following command to launch the test case.
    • java -jar selenium-server-standalone-2.53.1.jar
    • -“htmlsuite” “*firefox”
    • http://www.google.com “GoogleTestSuite.html”
    •  GoogleTestSuiteResults.html

Selenium via Jenkins.

  1. If you know Jenkins, you know that you can launch commands above using the Windows batch command.
  2. You can also use the following plugin to configure\launch your test suite via Jenkins
  3. Finally, the above link contains information on an Ant task that can also be used in your build scripts to launch tests.  (Haven’t tried it, but it looks cool)

Docker and Jenkins

How easy is it to deploy Jenkins using Docker?  On a scale of 1 to 10, I would say something between 2 – 4.

Here are the quick steps you can follow (along with links) to help you get the job done!

  1. First and foremost, you need to get Docker installed on your server.  Here is a good link I would recommend.
  2. Next you will want to go to the Docker Store and search for Jenkins.
  3. Click on the “1” returned result
  4. Follow the instructions on the page to pull the image and run your Jenkins container
  5. I would recommend persisting your Jenkins data by specifying a volume when you start up\run the Docker Jenkins container.(-v /your/home:/var/jenkins_home)
    • -v, –volume=[host-src:]container-dest[:<options>]: Bind mount a volume

Putty and VirtualBox

I really like VirtualBox for testing new ideas.  However, I am not a huge fan of the VirtualBox preview console when working with Linux instances.

So I typically use Putty to ssh into the local instance as needed.  Seems to work pretty good for me.  Below are some configuration settings I needed to make to get things working.

  1. Download and install ssh client such as Putty.
  2. Configure the appropriate network settings for your VM.  I typically use Bridged Adapter as it seems to replicate my VM as a physical server closely.  (From a networking perspective)
  3. Once you have your VM running, you should be able to view your VM’s IP.
    • ip addr show (Run this command for Red Hat)
    • You should see something like this “inet 192.168.1.34” in the results.  This is the IP you will use to ssh into the VM.
  4. In my case, I did not see any IP address initially.  If I ran dhclient and then the above command, I would see an IP from my router.
  5. To help automate the DHCP process, I configured the network adapter to use DHCP and activate the network adapter on any reboot.
    • /etc/sysconfig/network-scripts/ifcfg-enp0s3
      • DEVICE=enp0s3
      • BOOTPROTO=dhcp
      • ONBOOT=yes

Now I can use all my nice ssh clients with ease when working with VB.