Free cookie consent management tool by TermsFeed Policy Generator

/dev/blog/ID10T

Advertisement

Ansible: Using Python string substituition in variables

Ansible, Codebites Comments

Scenario: Utilize Pythons string substitution in Ansible variables

- hosts: localhost
  connection: local

  vars:
    foobar: ">>%s<<"
    substitution: "adminswerk.de"

  tasks:
    - debug:
        msg: "{{ foobar % substitution }}"

Output (slightly truncated):

$ ansible-playbook string_format.yml
PLAY [localhost] **********************************************************************************************************************************************

TASK [debug] **************************************************************************************************************************************************
ok: [localhost] => {
    "msg": ">>adminswerk.de<<"
}

PLAY RECAP ****************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

Ansible: Using programatically constructed variables

Ansible, Codebites Comments

Scenario:

Use specific variables, depending on the environment a playbook is run in. In this example either a low load or high load environment

Playbook:

- hosts:
    - localhost
  gather_facts: no

  vars:
    - lowload_app_java_opts: "-Xms512m -Xmx2G"
    - highload_app_java_opts: "-Xms4G -Xmx8G"
    - services:
        - lowload_app
        - highload_app

  tasks:
    - debug:
       msg: "fixed_var: {{ lookup('vars', service_name + '_java_opts') }}"
      loop: "{{ services }}"
      loop_control:
        loop_var: service_name

Output (truncated):

$ ansible-playbook -v programatic_variable_lookup.yml
PLAY [localhost] *******************************************************************

TASK [debug] ***********************************************************************
ok: [localhost] => (item=lowload_app) => {
    "msg": "fixed_var: -Xms512m -Xmx2G"
}
ok: [localhost] => (item=highload_app) => {
    "msg": "fixed_var: -Xms 4G -Xmx8G"
}

PLAY RECAP *************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

Winbind: UID/GID range full

Linux, Samba Comments

We had a problem on a storage server. One user was not able to authenticate with the Samba service using his Active Directory credentials. Furthermore I couldn’t find his user via getent passwd AD\\username. After checking several LDAP/Kerberos/PAM configuration files, I had the glorious idea to also check the logs of winbind.

[2019/01/29 14:05:16.726252,  1, pid=4467, effective(0, 0), real(0, 0)]   Fatal Error: UID range full!! (max: 60000)
[2019/01/29 14:05:16.726299,  1, pid=4467, effective(0, 0), real(0, 0)]   Error allocating a new UID
[2019/01/29 14:05:16.726339,  1, pid=4467, effective(0, 0), real(0, 0)]   no backend defined for idmap config BUILTIN
[2019/01/29 14:05:16.726903,  1, pid=4467, effective(0, 0), real(0, 0)]   Fatal Error: GID range full!! (max: 60000)
[2019/01/29 14:05:16.726948,  1, pid=4467, effective(0, 0), real(0, 0)]   Error allocating a new GID

Huh, interesting. This wasn’t a heavily used server. Neither users nor groups were even in the proximity of 60000. Accordingly increasing the idmap uid/idmap gid did not help at all.
Several hours later I found the solution in the arstechnica forum:

Long story short, stop winbind, delete winbindd_cache.tdb & winbindd_idmap.tdb from /var/cache/samba, then restart winbind. Mappings now happen right. So I can log in with domain accounts and access shares.

The provided path /var/cache/samba did not fit for the Red Hat Enterprise Linux running on this server. But finding out that winbindd_cache.tdb and winbindd_idmap.tdb are located in /var/lib/samba was no big deal after nearly 60 minutes of unnecessary debugging.

Skype 7.36.0.101 Download mirror

Windows Comments

I recently read about Microsoft forcing users to update Skype Classic (aka version 7) to the new version 8 by denying an application start after updating Skype Classic to a newer version.

Skype Classic Forced update

I’m rarely using Skype at home, but I know a lot of people who do. Therefore I’m already preparing for the questions of how to circumvent this forced update. As already stated on bleepingcomputer, the only way of staying on Skype Classic is to downgrade to version 7.36.0.101. For convenience I’m providing this version for donwload here:

Bleepingcomputer also provided the original MD5Sum “0ec4d8991728ded1107598c789f0ec89” of the Installer. I’d recommend checking the MSI files you download here against that sum, just to be safe.

OpenWRT: Upgrade all packages with opkg

OpenWRT, Codebites Comments

Update April 2020: J. Reis rightfully mentioned in the comments this is not a good way. OpenWRT recommends flashing a sysupgrade.

There seems to be some indication that this may be a terrible idea and isn’t actually supported by OpenWRT in any official way (which may account for the lack of any simple GUI way of performing this function): https://forum.openwrt.org/t/okpg-upgrade-safeguards/30326

https://forum.openwrt.org/t/opkg-upgrade-vs-flashing-sysupgrade/58906 https://forum.openwrt.org/t/sysupgrade-instead-of-opkg-upgrade/32897/4

Original Post

I’m using OpenWRT on my Linksys WRT3200ACM. As the integrated package manager opkg does not have a pendant to apt-get dist-upgrade, this is the command I regularly execute, to upgrade the system:

opkg update && opkg list-upgradable| awk '{print $1}'| tr '\n' ' '| xargs -r opkg upgrade

I recommend running this command in a session detached from SSH. This way you’re safe in case your machine or the router get network problems. I’ve ran into that problem once which cost me a couple of hours for debuggin. Therefor I run the command in a detached tmux session:

tmux new -d "opkg update && opkg list-upgradable| awk '{print $1}'| tr '\n' ' '| xargs -r opkg upgrade"

If you are brave, you can automate this via cron. I prefer doing supervised updates regularly, as my router is a rather critical part of my infrastructure.

Advertisement