It’s been almost 3 years since my last post it seems, so I thought I’d fire up VSCode and write something new.
I wish I hadn’t now, as I had to hack around with my Hugo theme to get it to work again!
As I mentioned in my previous post, I bought an OrangePi R1+ to use as a router for my work laptop. Well, I received it the other day and its great! It does run hot, even with the CPU/RAM heatsinks I added it hovers around 65c, that’s partially due to the case it seems, which maybe could have some more air holes. The thing is tiny - about half the length of a RPi.
I’ve recently been updating various Debian Buster boxes to Bullseye. I’ve got a couple of laptops to do yet but the rest run Sid.
On my headless servers, the update mainly consisted of - make sure you’re running the latest kernel and latest Buster packages, add the new Bullseye repo’s, update, remove old packages and configs, reboot and then remove the old kernel:
apt update && apt dist-upgrade cat << "EOF" > /etc/apt/sources.
Been doing a lot with Kickstart recently, as I’ve had to build some airgapped VM’s in a hurry and have gone off Ansible again. Been templating the more complex bits using j2cli and YAML, so its a bit like Ansible without the SSH - and its ready at first boot rather than afterwards. I’ve uploaded my RHEL/Alma/Rocky/CentOS 8.4 CIS-hardened kickstart to github
Oddly enough I’ve found that the SLES install being so slow in esxi appears to be SUSE (or AutoYAST?
I thought I’d give Ansible another shot now it’s owned by RedHat (IBM). As kickstart is a bit limiting.
It seems a bit more robust these days, there’s less need to shell out to do the simplest tasks - probably due to the growing number of builtin modules.
Inventories seem to have matured as has Vault, which is now very simple to use - especially if you use it inline. For example, to encrypt your ssh/su/grub password you can use the following in inventory.