▲ 18 r/ansible

Renewing SSL certs on 2.6 Containerized w/o running the installer?

I know what the official RH docs say, but I think it's dumb so I'm here to ask; Has anyone been able to replace tls files (cert and key) for certificate renewals on the containerize AAP 2.6 platform without running the installer?

I'm talking just the main platform url, the Gateway's url.

EDIT
In my environment, I created a SAN cert using LE to cover themain url and each hosts fqdn.. there were reasons at the time but honestly right now I can't remember. Regardless, specifying thesame cert for each role is supported.

So under /home/*aap_user*/aap/*role*/etc on all 8 hosts the custom cert exists as gateway.cert, tower.cert, pulp.cert and eda.cert. (.key files exist in the same place too)

EDIT2
The tasks named `tls.yml` for each Role simply copies the specified {{ role_tls_cert }} and {{role_tls_key }} from the src which would be. defined in the inventory file, to {{ role_conf_dir }}/role.cert (role.key)

So logically yes, putting hte two new files on each hosts Config directory (/home/aap_installer_user/aap/*role*/etc/name.cert and name.key) is def step 1. Well after backing up the existing files obviously, lol.

EDIT3
So edit2, then bounced all container services (under the user scope, my new cert in in play and all services are testing good.

reddit.com
u/invalidpath — 6 days ago

Tawas Weather Station Source?

I'm just wondering if anyone knows the location of the weather data source (temp, wind, etc) that local stations use in Tawas?
Why you ask? They are consistently 10-20* cooler than where a family member lives (about .5 hours away). And I always hear things like 'I need to move there! It's always so much cooler there in the summer!
it's obvious that the sensors are very likely near the shoreline there on M-23, but I wanted to try to be sure about that.

reddit.com
u/invalidpath — 7 days ago

Vyvanse things; timing & sleeplessness

40's/M/diagnosed with ADD/ADHD in the mid-80's.

TL;DR Took Vyvanse for a few years in the 2010's, then stopped due to insurance issues. Got back on it \~8 years ago.

Since starting back I've gone from 30mg, to 40mg and the past year 50mg once daily. The increase from 40 to 50 was only because I told my dr that I really don't feel any different anymore. Sure the pits get active, the bowels get emptied quicker and if I get up and move around I can go all day. But mentally I don't feel it.. and haven't in a long time.

My dr asked me about trying 60mg but with the 50's I encounter sleep issues.. not so much getting tired, or falling asleep but staying asleep.. but usually in certain situations;

If I stay up to game or work or for whatever reason and it's past 11:30pm then more often than not I have issues\*. If I go to bed before 11 then I typically sleep at least 6 hours.

\*Those issues being: staying asleep, sleeping less than 3 hours, tossing/turning

Now when I typically don't have problems also involve physical exertion, if I get up and do a bunch outside (firewood, etc) then I'm still tired but more often than not I sleep longer. That also goes for alcohol, if I have 4-5 beers (the good micro/7%+ stuff) then I also sleep longer.

I know we aren't supposed to ask for experiences, but IDK where else to go for stuff like this. I do wonder if others in similar boats experience the same things. I also wonder what advice ya'll might have.

I take my pill every morning before 8am.. if I wake up late then I don't take it. I know what the average effective # of hours is supposed to be but either my body's processing it slower or it doesn't care about the average time.

I'm researching other drugs like Jornay.

Anyway Thanks!

reddit.com
u/invalidpath — 17 days ago

Homarr deploying but port 3000 not responsive

Just wondering if anyone else has deployed Homarr via the Community Scripts in the past week or so and had it seemingly complete alright but even though port 3000 shows open, it's not responsive.

This is only like the 9th lxc I've deployed from those scripts but this is the only one that's resulted in something other than a working container.

Im not looking for troubleshooting help just merely wondering if it deploys broken for others.

u/invalidpath — 26 days ago
▲ 25 r/Proxmox

New to PVE, setting up UPS monitoring.. NUT or APCUPSD?

So I've got an SMT1500RM2UC that, like many, I want to shut things down in an orderly fashion during a power outage.

This units got the RJ/10-pin, USB-A, and a network adapter.. but not the typical mgmt add-in card. Anyway I'm lacking the cables for the USB and RJ/Serial and after a couple days of looking I simply cannot find the USB cables pinout anywhere.

So I think this means my only option is to use APCUPSD, because NUT doesn't support IP communications is this correct?

reddit.com
u/invalidpath — 27 days ago

Protecting copper joints in portable AC units?

Over the past 8 years we've been through no less than 4 portable AC units for an upstairs room with only a double-door to a balcony and no window.

Each time when they die, I disassemble and you can tell the refrigerant leaked usually from a solder joint on one of the little elbows. I'm so damn tired of having to spend $3-400 bucks to barely get two years out of one.

So my question is, is there anything I could do to one to help protect the copper joints? Obviously I can't re-solder them (nor would I want to).. Do I have any options?

And no, getting central AC installed isn't in the cards.

Perhaps Viper Coil Coat or Blue Coil Guard spray?

reddit.com
u/invalidpath — 28 days ago
▲ 80 r/fo76

Infestation experience on a private server

Since the release I have seen exactly one green circle on a public server but didn't get to even see the mobs. So reading posts here about how they also exist on a private server so I decided to try last night.

It's pretty goddamn one-sided towards those who pay for FO 1st. I solo'd 5 different infestations, every mob and the bosses. I probably netted like 25 or so 3 star and half a dozen 4 star items.

While I still don;t quite understand how the mobs and bosses are being wiped out so fast in public, I now understand exactly how stupid and shitty this update was.

reddit.com
u/invalidpath — 1 month ago

[Request] Seeking an invite to IpTorrents

American user, symmetric 1GB link, will be active seeder, fresh server setup with a 4TB p2p volume.

I was part of the community about 12 years ago.. life happened and I stepped away from the scene.

reddit.com
u/invalidpath — 1 month ago

Kinetico 1054FR Air Injection Iron filter, leaking from air injection port

So, After the first full regeneration water started dripping from the air intake port. I dismantled that assembly and cleaned the hell out of it just to be safe. Reassembled and after the next regeneration it started again. the injector thart's part of this assembly wasn't plugged.. o-rings were all present.

I've had the side cap off that holds the white plastic filter behind it.. there's no other injectors under there, just blanks.

According to the 5900-BT Maintenance guide I might be in for a new stack of seals and spacers. Can anyone confirm?

(I have the second iteration of that one way valve.. not the duck bill but the spring loaded plastic plunger design)

u/invalidpath — 1 month ago

AAP 2.6-8 Containerized, Time Zone breaks get_service_token()

So for the past three weeks I've gone through the guide here, Upgrading and Migrating from AAP 2.5 RPM to 2.6 Container and wanted to document a bug I hit and I resolved it.

I'm going to fast-forward and not touch on every little tid bit during this process, but please ask questions if you want. I also do not claim 100% accuracy on the statements I make below.. this is just what I found, and what worked for me.

So went through the guide and got the the past where it's time to install 2.6 and upgrade the containerized 2.5 hosts. I've gotta mention how the installation process took upwards of 8 hours (!!!), this is on M6i.xlarge EC2's as well!

Anyway, so the installation was completing however the web gui reported an Error connecting to the Controller API. Web dev tools showed an HTTP 401 to /api/controller/v2/me/. So I started digging into the controller and gateway logs. This is a gist of what I found:

  • Envoy auths theuser, add a JWT then forwards to the controller
  • Controller validates the JWT, then needs the user claims from the gateway
  • Controller generates a service token using datetime.now(), which in this case returned CDT or 5 hours behind UTC
  • PyJWT encoded the CDT time as UTC
  • Controller sends the expired token value to the gateway's /api/gateway/v1/jwt_claims/ endpoint
  • Gateway rejects the expired token, returns HTTP 401
  • Controller can't validate the user, returns HTTP 401 to the browser
  • Dashboard shows "Error connecting to the controller api"

Now at the time I was unaware that containers default to UTC time.. I did find a RH KB on resolving the receptor images TZ, but I did not find info on the other containers. Now since I like seeing logs and events in my local timezone, I used those steps and created a mounts.conf under .config/container/ for the AAP user on all 8 hosts to set it to 'America/Chicago'.

Now this did not resolve the token issue.. I figure because Django doesn't care what the OS is set to use. So I changed the time_zone in my inventory file to 'UTC'.. went ahead and tested this by editing the /home/aap_user/aap/controller/etc/settings.py under controller_extra_settings time_zone to UTC and restarted the containers.

Controller API error resolved.

From what I gather, this might not be a problem if get_service_token() at /var/lib/awx/venv/awx/lib64/python3.12/site-packages/ansible_base/resource_registry/resource_server.py line:

payload["exp"] = datetime.now() + timedelta(seconds=expiration)
Was changed to:
from datetime import timezone

payload["exp"] = datetime.now(tz=timezone.utc) + timedelta(seconds=expiration)

But Im no python dev so.. IDK. Anyway thanks for reading.

u/invalidpath — 2 months ago

Kinetico AIO, high pressure backwash?

Disclaimer, My Kinetico 1054fr AIO is used.

Just wondering if the backwash cycle should be at line pressure? I was greatly surprised when I ran the first couple because theres just so much water, at feeder pressure being ejected from the waste outlet. I run my internal pressures a smidge higher at 70lbs.

The oem elbow adapter has a very small orifice, and Im using 1/2” ID tubing.

reddit.com
u/invalidpath — 2 months ago

Larsen Storm Door lock, repin?

Bought this door today, guy lost the key long ago. I’m fairly handy so I’d like to try repinning it, except I’m hung up on step one. How to remove these blanks without damaging the housing?

u/invalidpath — 2 months ago

So I'm running the 2.5-23 installer for the containerized variant and encountering a super weird issue.. the installer fails with:

TASK [ansible.containerized_installer.automationgateway : Render proxy variables] ***
fatal: [gw01.domain.com]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_controller_hostname'. 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_controller_hostname'. 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_controller_hostname'. 'ansible.vars.hostvars.HostVarsVars object' has no attribute '_controller_hostname'\n\nThe error appears to be in '/home/user/ansible-2.5-23-container/collections/ansible_collections/ansible/containerized_installer/roles/automationgateway/tasks/facts.yml': line 148, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Render proxy variables\n  ^ here\n"}

Splitting the installer log file by `PLAY [*` (and verifying the raw file) the automationcontroller task calling facts.yml just doesn't run. Like.. nothing. here's a log excerpt:

TASK [Install and configure redis tcp socket] **********************************
skipping: [eda01.domain.com] => {"changed": false, "false_condition": "redis_mode | default('cluster') == 'standalone'", "skip_reason": "Conditional result was False"}
skipping: [eda02.domain.com] => {"changed": false, "false_condition": "redis_mode | default('cluster') == 'standalone'", "skip_reason": "Conditional result was False"}
skipping: [gw01.domain.com] => {"changed": false, "false_condition": "redis_mode | default('cluster') == 'standalone'", "skip_reason": "Conditional result was False"}
skipping: [gw02.domain.com] => {"changed": false, "false_condition": "redis_mode | default('cluster') == 'standalone'", "skip_reason": "Conditional result was False"}
skipping: [hub01.domain.com] => {"changed": false, "false_condition": "redis_mode | default('cluster') == 'standalone'", "skip_reason": "Conditional result was False"}
skipping: [hub02.domain.com] => {"changed": false, "false_condition": "redis_mode | default('cluster') == 'standalone'", "skip_reason": "Conditional result was False"}

PLAY [Get Automation Controller configuration for gateway] *********************

PLAY [Get Automation EDA configuration for gateway] ****************************

TASK [ansible.containerized_installer.automationeda : Set eda hostname, port(s) and protocol] ***
ok: [eda01.domain.com] => {"ansible_facts": {"_eda_hostname": "eda01.domain.com", "_eda_port": "8445", "_eda_ports": [8082], "_eda_protocol": "https", "_eda_ws_protocol": "wss"}, "changed": false}
ok: [eda02.domain.com] => {"ansible_facts": {"_eda_hostname": "eda02.domain.com", "_eda_port": "8445", "_eda_ports": [8082], "_eda_protocol": "https", "_eda_ws_protocol": "wss"}, "changed": false}

TASK [ansible.containerized_installer.automationeda : Set eda redis hostname] ***
ok: [eda01.domain.com] => {"ansible_facts": {"_eda_redis_hostname": "eda01.domain.com"}, "changed": false}
ok: [eda02.domain.com] => {"ansible_facts": {"_eda_redis_hostname": "eda02.domain.com"}, "changed": false}

The preflight checks are all good, the installer host can def reach all 8 target hosts.. ansible -m ping returns pongs. The inventory file group for the controllers is correct (or else the preflights would fail).

My inventory files controller section is:

[automationcontroller]
ctl01.domain.com receptor_type=hybrid
ctl02.domain.com receptor_type=hybrid

As a test I added a debug task to the very beginning of the /roles/automationcontroller/tasks/facts.yml and theresulting log was unchanged.. which means for some reason the call is failing or not being ran(?)

- name: Get Automation Controller configuration for gateway
  hosts: automationcontroller
  any_errors_fatal: true
  gather_facts: false
  become: false
  tasks:
    - name: Set automation controller facts
      ansible.builtin.import_role:
        name: automationcontroller
        tasks_from: facts.yml

I did check just now and there is not an updated installer, 23 is the latest I saw for download. Just curious if anyone has seen this before?

reddit.com
u/invalidpath — 2 months ago