Automation of CloudForms appliance setup with Ansible

CloudForms ships as an appliance as a means of greatly minimising the deployment and configuration required. Whilst this deployment method removes a substantial amount of complexity by shipping with all packages and configuration needed to get a working appliance in a very short time, it isn’t entirely without human intervention.

At a minimum you will need to:

  1. Set hostname and network configuration, particularly if you wish to use a static IP address.
  2. Create a new Virtual Management Database (VMDB) and associated Region, or join an existing one.
  3. Configure encryption keys, particularly if you are joining an existing region.
  4. Set up external authentication via IPA, if your deployment method calls for it.
  5. Start the EVM server processes.

These steps can all be performed using the appliance console that ships with the appliance. Unfortunately, this menu-based interface doesn’t lend itself to automation (unless you want to get your hands dirty with expect).

If you’ve got one or two appliances that’s not a big impost. But if you’ve got 5? 10? Then we start to look at Ansible and think “I wonder if I could automate this?”

Turns out, you can!

Read more “Automation of CloudForms appliance setup with Ansible”

Mutual TLS with Python, Flask and Werkzeug

Over the last couple of days I’ve been working on a simple, no-frills HTTPS server for Python that supports WSGI applications and – most importantly for my use case – handles mutual TLS support.

I needed to perform mutual TLS to verify client certificates for a work project. I know that I can simply place a reverse proxy such as Apache or Nginx in front of my python application and have it handle the mutual TLS, but why can’t I have a Python server to do that for me? It turns out that’s it’s not as hard as I first anticipated.

Read more “Mutual TLS with Python, Flask and Werkzeug”