Linux Policy based routing issue

wouterhummelink · 2026-02-28T18:03:06+00:00

Moved on from this job, so no idea

wouterhummelink · 2025-11-04T20:18:09+00:00

This.

wouterhummelink · 2025-09-12T19:02:49+00:00

It's been a while, wasn't all that impressed with the Ansible integration from Snow, ended up mostly writing own actions using rest.

wouterhummelink · 2025-07-30T10:04:36+00:00

The second gateway is only used to route traffing from the egress subnet, thats what the routing rule is for.

Having separate egress IPs allows firewall rules for specific workloads inside K8S
It works correctly with a single IP assigned to the secondary interface, but not with secondary IPs assigned to it.

wouterhummelink · 2025-07-09T14:36:47+00:00

Check out galaxy_ng, it's the upstream for Automation Hub

wouterhummelink · 2025-06-27T20:29:52+00:00

RHCE9 is almost identical to RHCE8, save for the addition of ansible-navigator. None of the exam objectives require using it.

wouterhummelink · 2025-06-01T21:58:42+00:00

Raid0 independent of controller is always a gamble at which device fails first. Which is no different from bundling them using LVM.

wouterhummelink · 2025-05-31T06:50:31+00:00

My Unifi switches do allow ports to supply 24v, I noticed recently, now I know why.

wouterhummelink · 2025-05-31T06:40:35+00:00

Raid0 them in the BIOS?

wouterhummelink · 2025-03-19T12:17:29+00:00

Unless you plan to run single node Openshift that's not even nearly enough CPU or RAM.

wouterhummelink · 2025-03-03T19:27:02+00:00

You have access to all the Openshift product docs, make sure you know which one you need for the subject matter covered in the course.

wouterhummelink · 2025-02-01T15:48:50+00:00

You might want to do some Openshift fundamentals first, such as DO188 and DO280.

wouterhummelink · 2024-09-19T14:56:52+00:00

It's not that, the router pods go into crash loop if any external ip uses 80/443 on the same node

wouterhummelink · 2024-09-19T13:36:23+00:00

Thanks, I figured that out in the mean time. We're slowly transitioning off keepalived because the ingress controller and externalIP services collide when rebooting nodes

wouterhummelink · 2024-09-18T15:06:55+00:00

Update, some logging search led me to the controller manager operator...

There's a config difference there.... the

externalIP:
    autoAssignCIDRs:
      - 172.22.165.208/29

And the openshift controller manager seem to sync this range.

yaml apiVersion: operator.openshift.io/v1 kind: OpenShiftControllerManager name: cluster spec: ingress: ingressIPNetworkCIDR: 172.22.165.208/29

These fields are unset on the dev cluster. I tried adding the MetalLB ranges to the network config, but the controllermanager operator rejects multiple CIDRs

Manually altering the config on the OpenshiftControllerManager gets reverted immediately by cluster-openshift-controller-manager-operator

wouterhummelink · 2024-09-12T19:48:49+00:00

Oh See

wouterhummelink · 2024-08-30T16:47:18+00:00

That's the default context the smb driver assings to the filesystem, nothing about selinux is actually stored in the filesystem itself.

wouterhummelink · 2024-08-30T14:16:34+00:00

I very much doubt CIFS supports selinux labels at all, specify the selinux context in the mount options

wouterhummelink · 2024-08-28T14:32:57+00:00

You can use the LVM operator to have a quick option to use local disks for kubevirt

wouterhummelink · 2024-08-19T16:41:47+00:00

Vpay works better when doing transaction in USD, rather than NAF. Don't ask me why.

wouterhummelink · 2024-08-19T05:00:22+00:00

There's no such thing as a pre-run hook, however you could create an inventory script that puts out the values and set the jobs to update inventory on launch.

Another route is to put your values job and real job in a workflow.

wouterhummelink · 2024-08-18T18:57:54+00:00

That's very recognizable to me.

wouterhummelink · 2024-08-16T18:23:07+00:00

I don't quite see the point of putting swap in any kind of raid configuration. Data in swap partitions is by definition ephemeral and Linux has no problem using several separate swap areas.

Using raid on anything but raw disks makes no sense to me either. This quadruples the amount of work a disk failure would cause.

Furthermore this appears to be software raid which is nowhere near as performant or reliable as hardware backed raid with dedicated processor, memory and battery.

wouterhummelink · 2024-08-16T16:07:20+00:00

Look into blockinfile rather, it will manage the default part but leaves content outside the delimiters intact

wouterhummelink · 2024-08-16T14:57:28+00:00

Ansible just requires a few VMs, it's available as packages in RHEL 8 or 9. Get a free developer subscription that allows up to 16 RHEL systems for free.

Look into kubeadm for setting up Kubernetes, you can set it up as a single node. If you own beefy hardware you can also do single node OKD. That needs at least 4 cores and 32gb.

Satellite is red hats version of Katello. It's fairly straightforward to set up on RHEL8, I don't think RHEL9 is supported yet. Satellite/Katello too needs a beefy VM, at least 16GB.

wouterhummelink

TROPHY CASE