network automation blog
-
MariaDB tuning for Zabbix
I have a Zabbix server with 40GB of memory that requires around 700 new values per second. The server runs MariaDB 11.4 in a standard LAMP-stack and I use MySQLTuner-perl to tune the database. Here is how. Enable the following configuration in /etc/my.cnf.d/mariadb_server.cnf Restart MariaDB: Let the server run for some time and then execute…
-
MariaDB 10.5 to 11.4 upgrade
I recently upgraded MariaDB from version 10.5 to 11.4 for a couple of RHEL9 servers. Here are the steps I used: Add the MariaDB repo containing version 11.4 and exclude MariaDB 10.5 from the system default AppStream repository. Uninstall MariaDB 10.5 and install version 11.4: Create socket: Start and enable MariaDB: Run the upgrade script:…
-
Useful Linux commands
Command Comment $ sudo su – Get root privileges and load the root user’s environment. $ sudo !! Repeat the last command with sudo privileges. $ printenv Prints all environment variables. $ ssh-copy-id remote-host Use locally available keys to authorize logins on a remote machine. $ journalctl -rx -p 4 Displays logs in the reverse…
-
Faster SNMP monitoring in Zabbix 7.0
I recently upgraded Zabbix from version 6.0 to 7.0, and one of the major improvements is that you can use SNMP GETBULK when performing low-level discovery. In this post, we will discover all the object identifiers (OIDs) representing the interface names (which start at OID 1.3.6.1.2.1.31.1.1.1.1) for a Cisco Nexus switch with IP 192.0.2.1. The…
-
Conditional variables in Ansible
I recently had to use a Jinja2 if statement to create variables depending on a set of conditions in an Ansible role. To achieve this, I had to revisit YAML block scalars and Jinja2 whitespace control. YAML block style scalar A scalar in YAML represents an indivisible value such as a string, number, or boolean,…
-
Linux troubleshooting with journald
systemd is a service and system manager for Linux that contains the command line tool journalctl and the journald daemon that aims to make life easier for anyone troubleshooting syslog messages in a Linux system. The journald daemon collects syslog messages and forwards them to the rsyslog service which sorts the syslog messages and writes…
-
SELinux and Firewalld
I harden all my RHEL servers with SELinux and Firewalld. Here is a crash course. SELinux SELinux (Security-Enhanced Linux) is a security architecture that enforces mandatory access controls to restrict applications, processes, and users to the least privileges necessary. For instance, if a web server tries to read files in /home/user/private (even if the file…
-
Ansible directory structure for efficient work
There is a lot of ways you can structure your playbooks, inventory, roles, and collections in Ansible, but it’s beneficial to find a structure that is suitable for both development and AWX/AAP. This is what my layout looks like: I have a Git repository called playbooks that contains all my playbooks. Symbolic links point to…
-
Adding directories to $PATH safely
$PATH is an environment variable containing a list of directories where executable programs are located in UNIX systems. The shell will search for executables in directories separated by the colon punctuation from left to right until it finds a match. A typical scenario is to add ~/.local/bin as the first directory in $PATH, so you…
-
Installing Python from source
The Ansible Control node requires a relatively new version of Python (see matrix here), often newer then the one your OS relies on. For example, the default Python implementation in RHEL 9 is Python 3.9, while ansible-core 2.17 requires Python 3.10 or higher for the Ansible Control Node. Sometimes you can install a newer version…