Friday, December 12, 2025

Executeing a command in Pod of Kubernetes or Openshift

 I am working on an application which is hosted in kubernetes and currently it does not support any kind of API. The only way to automate the workflow what we are trying to achieve is to login into one of the pod of that application and run a commds which will run the conciliation 

 So i have written a ansible playbook and to keep it simple i have installed kubernetes python library on the target machine using which i am accessing the kubernetes application  

pip install kubernetes

Once done i have wrote a ansible playbook the config are loaded from ~/.kube/config file on that server and below is the sample playbook. here am executing a sample play which is printing the nginx pod host name but it can be replace with the actual command we want to run

- name: Execute command inside a Kubernetes pod selected by label
hosts: all
gather_facts: no
collections:
- kubernetes.core
vars:
namespace: "default" ## add namespace here
label_selector: "app=nginx" # add lable selector here
container_name: "" # optional — leave empty to use default container
exec_command: "/usr/bin/hostname" # command to run inside the container
tasks:
- name: Get pods matching label selector
kubernetes.core.k8s_info:
api_version: v1
kind: Pod
namespace: "{{ namespace }}"
label_selectors:
- "{{ label_selector }}"
register: pod_list

- name: Fail if no pods found
fail:
msg: "No pods found with label {{ label_selector }} in {{ namespace }}"
when: pod_list.resources | length == 0

- name: Select the first pod
set_fact:
target_pod: "{{ pod_list.resources[0].metadata.name }}"

- debug:
msg: "Selected pod: {{ target_pod }}"

- name: Exec command inside pod
kubernetes.core.k8s_exec:
namespace: "{{ namespace }}"
pod: "{{ target_pod }}"
container: "{{ container_name | default(omit) }}"
command: "{{ exec_command }}"
register: exec_output

- debug:
var: exec_output.stdout

Sample output



Posted by at No comments:

Wednesday, December 10, 2025

RHEL patching with Insight and Anisble - without writing the code

 Hello Guys,

While working i got a request that client want to patch the rhel servers with a specific CVES not the whole and at last they want to reboot the system as well so i have work on it and come to know its a very straight forward flow where i can build the playbook in a insights and patch it using ansible 

Login into the insights and make sure your system which you are planning to patch is registered with insights and move to security --> Vulnerability --> systems here you will find the list of system which you are planning to patch 



select the system and you will see the list of CVEs you can select the cves and click on plan remediation


 a dialog box will open you can select the existing playbook or you can select new playbook and click next for couple of time and your playbook is ready



now you need to create a project in Ansible of type insights

Once done you have your playbook is downloaded and ready to patch create a template just shown in the picture and you are all set just make sure name of host in your inventory in ansible and name of server in the insight show be the same 

when you will run it you will be able to see the same CVE get getting patch on your rhel machine


and its not only batch but also rebooted the system and its also informing the insight using insights client utility which all patches are applied in the system so insights based on this info remove the CVEs for that system.


and now if we check in the insights the same CVEs are missing for that system 


let me know what needs to be automated
Posted by at No comments:
Labels:

Ansble Data migration from 2.4 to 2.5

 Hello Guys,


Recently while working i got a request to where a customer wanted to migrated the data from AWX to an Ansible AAP container based platform I tried to come up with an approach which is of least risk cant use 

I have use the API which can help in fetching all the required configurations and can be then imported back into the system. Downside is credentials and users can't be migrated as it contains sensitive information which is not expose to API here are the playbook

 ---

- name: export all aap config
hosts: ctrl
gather_facts: true
tasks:
- name: Export all assets
awx.awx.export:
controller_host: <ip address of controller>
controller_username: admin
controller_password: <password of controller>
validate_certs: false
all: True
register: export_output
delegate_to: localhost
run_once: true

- name: all assets from our export
ansible.builtin.debug:
var: export_output
- name: Display export completion message
debug:
msg: "AAP configuration export completed successfully."

- name: Save export to file
ansible.builtin.copy:
content: "{{ export_output.assets }}"
dest: "/home/nrathi/org.json"
delegate_to: ctrl
run_once: true

to import the playbook we need to place the file in the new AAP system with the import playbook and import it 

---
- name: export all aap config
hosts: ctrl
gather_facts: true
tasks:
- name: Display start message
debug:
msg: "Starting AAP configuration Import process."

- name: Export all assets
awx.awx.import:
controller_host: 192.168.64.67:8443
controller_username: admin
controller_password: primod123
validate_certs: false
assets: "{{ lookup('file', 'org.json') | from_json() }}"
delegate_to: localhost

- name: Display export completion message
debug:
msg: "AAP configuration Import completed successfully."


Posted by at No comments:
Subscribe to: Comments (Atom)