Blog Entries

12. 09. 2023 Lorenzo Candeago DevOps

How to Convert and Add a .pfx cert to Pulp 3 Operator

On our OpenShift cluster we use pulp3 as the repository manager. One recent task we had to do was to add a certificate before we could expose the repository over TLS. Our IT department provided us with the certificate in .pfx format. Following this guide for converting the certificate to a format usable by OpenShift,…

Read More
12. 09. 2023 Davide Gallo Contribution, DevOps, NetEye

Automating Icinga 2 Deployment on Linux Systems

Currently, deploying an Icinga 2 Agent on a Linux system can be intricate, given the substantial variations in the process across different releases or OS families. For instance: Fortunately, there’s no need to develop and maintain a custom script to manage these diverse scenarios. We can leverage the readily available Ansible Plugins for this purpose….

Read More
25. 08. 2023 Lorenzo Candeago DevOps

Debug and Workarounds for a Stuck Update on OpenShift 4.13.6

Today we wanted to update our OpenShift cluster, and after a while we came up against the following error: Not good… Let’s start by checking the clusterversion to investigate if we can find any errors: By analyzing the logs further we found the following error: it seems like the openshift-etcd-operator is not able to deploy…

Read More
18. 07. 2023 Alessandro Valentini DevOps

My OpenShift Journey #6: Pipelining Part II

In my previous blog-post I wrote an introduction to pipelining in OpenShift. This blog post is a follow-up to explain how to trigger a pipeline automatically. Tekton triggers are quite complex and need some explanation in order to be understood. To trigger a pipeline you need several components. In the graph below you can see…

Read More
17. 07. 2023 Alessandro Valentini DevOps

My OpenShift Journey #6: Pipelining Part I

It’s been a while since my last blog post about our OpenShift journey since as a devops team, we’ve been focusing on other activities for a while. Today I’d like to talk a bit about how to use OpenShift for CI purposes. As described in our productive use case, we implemented several pipelines to build…

Read More
06. 04. 2023 Alessandro Valentini DevOps, NetEye

A Productive OpenShift Use Case: NetEye User Guide

In December 2022 we decided to completely restructure the code of our User Guide. Previously, each project contained its own documentation, but this led to very difficult and time-consuming development having the code scattered across more than 40 repositories. Furthermore our contributors are not necessarily NetEye developers, or even developers at all. Setting up a…

Read More
10. 02. 2023 Elena Valgoi DevOps, Events, NetEye, Service Management

Atlassian new products’ announcements! Wuerth Phoenix goes to Unleash Berlin!

Unleash is an event powered by Atlassian, which aims to bring together partners, customers and Jira enthusiasts in one single location. The event took place on February 9th in Berlin… and I was there! Berlin’s event, Unleash, was mainly dedicated to empowering agile & DevOps teams, therefore mainly focusing on Jira. The day started with…

Read More
20. 12. 2022 Alessandro Valentini DevOps

One Year as a DevOps Engineer

The Beginning When I started my new role as a DevOps Engineer at the beginning of 2022, we had little experience in DevOps as a team. We tried several times to implement automation in order to simplify maintenance and reduce the amount of overall effort we invested in routine activities. However, since DevOps engineers are…

Read More
20. 12. 2022 Lorenzo Candeago Development, DevOps

A Simple and Portable Dockerfile for Working with Azure and Ansible

For our use case, we need to be able to deploy Azure machines using Ansible from developer’s laptops and from our own CI/CD infrastructure both on Jenkins and OpenShift. The easiest way to ship a working and easy-to-use environment for our use case is to create a Docker instance: we based our Docker on rockylinux…

Read More
10. 10. 2022 Lorenzo Candeago DevOps

My OpenShift Journey #5: Run Unprivileged Containers with systemd in OpenShift: Part 2 – Testing

In my previous blog post, we modified the boot parameters to enable cgroups v2 and the user namespace in CRI-O. In this second part I’ll show you how to run a sample container with systemd and check that the modifications we made actually worked. Setting up a Test Docker To test the new config, let’s…

Read More
06. 10. 2022 Lorenzo Candeago DevOps

My OpenShift Journey #4: Run Unprivileged Containers with systemd in OpenShift: Part 1 – Deployment

For our ongoing transition from Jenkins to OpenShift, we’re currently working on porting our testing infrastructure to OpenShift. Our tests involve installing and running our product, NetEye, in a container. The installation requires a working systemd environment inside the container, and systemd needs to run with PID 1 and as root user (UID 0). Until…

Read More
05. 10. 2022 Alessandro Valentini DevOps

My OpenShift Journey #3: Active Directory Integration and User Management

In our migration journey from multiple VMs to OpenShift, one mandatory step is the integration with our company’s Active Directory. This is the default IdP for our services like Jenkins, NetEye, etc., and we want to centralize authentication and permissions as much as possible. Integration with OpenShift is less straightforward than it is with other…

Read More
14. 07. 2022 Alessandro Valentini DevOps

My OpenShift Journey #2: Nginx Load Balancing and SSL Termination

In a previous blog post I described how we installed our first OpenShift cluster and how we used HA Proxy as a load balancer. Our cluster is meant to host both internal services (like CI and docker registry) and public services, and we thus have to expose them on multiple domains with valid SSL certificates….

Read More
07. 07. 2022 Lorenzo Candeago DevOps

How to Test an ISO with Packer and Change the Root Password at Boot

In a previous blogpost, we showed how to test an ISO using Packer, an open source software tool for creating machine images for multiple platforms. One of the issues we faced was due to a security requirement we have: that the ISO we ship must have its password already expired so that when NetEye is…

Read More
07. 07. 2022 Lorenzo Candeago DevOps

How to Use a Host’s Redhat Subscription to Run Containers Using Docker instead of Podman

In NetEye 4.23 we shifted our base containers from CentOS to RedHat Enterprise Linux. Within our NetEye image and container we ship packages that come from RedHat Enterprise Linux’s private repositories and are thus subject to subscription, hence we need a way to be able to use our subscription when building NetEye containers. RedHat allows…

Read More