a wandersick's Tech Notes

This introductory article is about Infrastructure-as-Code (IaC) and a major player of which, Ansible , its concepts — control node, managed host, inventory, playbook and modules — along with a quick example using an ansible command to remediate configuration drift of managed computers, so that a specified service on them is running in its desired state. Infrastructure-as-Code DevOps is not a Goal, but a never-ending process of continual improvement. —  Jez Humble It is the era of DevOps, where development (Dev) and operation (Ops) are converged and streamlined for the benefit of the business. On the infrastructure side, it is also desired that managing hosts (mostly servers and workstations) be done in a modern way to fit in the DevOps mindset where everything is defined as code to allow for agility which enables continual improvement. Comes Infrastructure-as-Code automation engines, available as command-line tools which can be leveraged for infrastructure compliance remediation. Such ...

Note: This is a template to ease development. The storage-vendor-specific part of the scripts have to be coded by yourself. An alternative way is to engage professionals to develop the script on one of the freelancing platforms . There sometimes comes a need to simplify complex operations, in this case failover and failback operations of SAN storage replication between sites (e.g. production and DR), for reasons such as letting operators or the less technically-confident colleagues to more easily perform the operations in case of disasters or drill tests. To achieve that, this template has been created. Written primarily in PowerShell, this package contains a set of SAN storage failover and failback scripts for Microsoft Failover Cluster (including Hyper-V cluster) and vendor-neutral pseudo code for SAN storage (for further modification to support different SAN vendors). Not only does it perform storage failover and failback, services running on top of it such as databases and vir...

Recently, I have been working on Exchange migration projects and the “ 70-345 – Designing and Deploying Microsoft Exchange Server 2016 ” exam. (Yes. I have passed the exam, thankfully, and I am now a certified MCSE of the Productivity track.) I have found video lessons on Pluralsight to be of great help, such as this one . Based on studies, a checklist including PowerShell commands has been crafted in the hopes of easily keeping track of milestones throughout similar projects. Except where noted, the example is for non-HA migration scenario from Exchange 2010 and 2013 to 2016. (This document is also available on GitHub as “ exchange-2016-migration-checklist.md ”). Need a Pluralsight referral code? Here's my referral URL: http://referral.pluralsight.com/mQgdSmZ for a discount (up to 50%) in Pluralsight registration (Last updated: 16 April 2020) Inventorying Existing Environment List existing Exchange servers in the environment Get-ExchangeServer | ft Name, Edition, Adm...

CIS, Center for Internet Security, publishes prescriptive system hardening documents which provide guidance for establishing a secure system configuration on platforms such as Windows. Usually, their Windows hardening documents are over a hundred pages long and would take a long time to perform hardening manually by one person. Thankfully, there is an Infrastructure-as-Code configuration management approach, e.g. the one introduced below leveraging Chef and Inspec, to achieve automation of the hardening process and validating the results. Figure 1. Content of harden_winrm.rb, with references from CIS sections as an example of Chef recipes. (This one is from MattTunny/windows_hardening GitHub repository) Instead of demonstrating the power of infrastructure-as-code fully, this quick post only aims at introducing the concept by leveraging Chef hardening recipes found on the Internet, showing the steps to perform Windows hardening on a single local machine quickly, which may suit o...

This is a quick guide showing how to include/slipstream custom packages (rpm, exe, etc.) in HP/HPE SPP (Service Pack for ProLiant) ISO images for updating of system software or firmware of components within HPE/HP servers. Next, the process of offline updating will be shown. Finally, a few handy tips and reference URLs will be provided before conclusion. The Need for SPP Customization Below are a few of the reasons: SPP is released several times per year by HPE. Component updates released in between may not be covered and would require a separate updating process had SPP not been customized. Although SPP supports online firmware updating within a suitable OS, in limited environments where online updating is impossible, offline updating, which often require SPP, might be the only way. The current SPP ISO is over the size of a single-layer writable DVD disc. However, not all firmware files are required for everyone; it may be desirable to only select desired firm...

This is a quick guide on how to connect FC3171, a 8Gb QLogic SAN switch within IBM Flex System chassis, to a Brocade 300 SAN switch. By enabling transparent mode (also known as NPIV/N-Port ID Virtualization/Pass-thru/Access Gateway) on FC3171 and configuring port mapping, the WWNs of blade-internal hosts (there are 3 hosts in our example) can be detected by the upstream SAN switch (e.g. Brocade 300) successfully as shown in the outputs of portshow Brocade Fabric OS command below: Before