Elektrine
Log in Register

#ansible

10 posts · Last used 12h

Back to Timeline
Larvitz
Larvitz :fedora:
@Larvitz@burningboard.net · 12h ago
I'm more than 25 years into IT at this point, but this is a first for me. Not one I'm proud of, but one I take responsibility for: My project ansible_jailexec (an Ansible connection plugin for FreeBSD Jails) had a bug that turned out to be a vulnerability. Improper Link Resolution Before File Access (CWE-59), a jail escape. It's been assigned CVE-2026-55074 so people can scan for it (I know it's bundled into Collections out there). If you're running < 2.0.0: please upgrade. 2.0.0 fixes it. Advisory: https://github.com/chofstede/ansible_jailexec/security/advisories/GHSA-cxgv-hp74-jj7r Release: https://github.com/chofstede/ansible_jailexec/releases/tag/v2.0.0 #ansible #cve #security #freebsd
11
2
10
TheBadPlace
The Bad Place
@TheBadPlace@mastodon.ozioso.online · 5d ago
google news | IBM, ServiceNow team to bring AI to legacy enterprise systems AI generated summary, Read the full article for complete information. IBM and ServiceNow are partnering to help enterprises modernize decades‑old, interconnected legacy systems by layering ServiceNow’s AI‑Platform workflow on top of existing infrastructure and using IBM’s AI, data, and automation tools. The collaboration will offer three services—application modernization using IBM Bob, Watsonx.data and Java runtimes; autonomous infrastructure operations that embed Red Hat Ansible, Instana, Terraform and Vault into ServiceNow IT workflows; and data‑governance capabilities that combine Watsonx.data with ServiceNow’s Data Fabric and catalog—scheduled for release in the second half of 2026. By leveraging IBM’s expertise with mainframes and large‑scale legacy applications together with ServiceNow’s workflow and agent‑management platforms, the joint solution aims to enable AI‑ready operations without replacing existing systems. Read more: https://www.networkworld.com/article/4184195/ibm-servicenow-team-to-bring-ai-to-legacy-enterprise-systems.html #IBM #ServiceNow #RedHat #watsonx #Ansible #JohnAisien
0
0
0
Larvitz
Larvitz :fedora:
@Larvitz@burningboard.net · Jun 10, 2026
ansible_jailexec 2.0.0 is out. It's security release. Versions <2.0.0 have a jail-escape bug: put_file followed symlinks placed inside a jail during a root-owned, host-side move, allowing arbitrary root writes on the host. All file transfers now run inside the jail via jexec, confined to its chroot. Advisory: GHSA-cxgv-hp74-jj7r Release: https://github.com/chofstede/ansible_jailexec/releases/tag/v2.0.0 #FreeBSD #Ansible #infosec
4
0
5
Larvitz
Larvitz :fedora:
@Larvitz@burningboard.net · Jun 05, 2026
Just released ansible_jailexec v1.3.0 It's an Ansible connection plugin I wrote for managing FreeBSD jails. No SSH required. New in this version: you can now run it without a privilege escalation method (sudo/doas) if you connect Ansible directly to the host as root. Codeberg: https://codeberg.org/Larvitz/ansible_jailexec/releases/tag/v1.3.0 PyPI: https://pypi.org/project/ansible-jailexec/1.3.0/ GitHub: https://github.com/chofstede/ansible_jailexec/releases/tag/v1.3.0 #python #ansible #freebsd #jails #devops
7
1
4
Larvitz
Larvitz :fedora:
@Larvitz@burningboard.net · May 06, 2026

nvim-ansible: My Neovim config for Ansible and Python just got a substantial refresh:

  • modernized for Neovim 0.11 (vim.lsp.config, LspAttach, vim.filetype.add)
  • ansible-lint now routed through Mason, sidestepping distro-related issues and ensuring a consistent version
  • tighter lazy-loading, full README rewrite

https://codeberg.org/Larvitz/nvim-ansible

#neovim #ansible #python #vim #linux

8
1
3
Larvitz
Larvitz :fedora:
@Larvitz@burningboard.net · May 01, 2026
Fresh gist: mitigating CVE-2026-31431 ("Copy Fail") on RHEL 8/9/10 with a tiny Ansible playbook. It blacklists algif_aead via a kernel boot arg (initcall_blacklist=algif_aead_init), reboots only when needed, and asserts the mitigation actually stuck after reboot. Idempotent & safe to re-run. https://codeberg.org/Larvitz/gists/src/branch/main/2026/20260501-CVE-2026-31431_RHEL_Mitigation.md #Ansible #RHEL #Linux #InfoSec #SysAdmin #DevOps #CVE #CVE_2026_31431 #copyfail
27
4
22
In reply to
mdione
Marcos Dione
@mdione@en.osm.town · Apr 13, 2026

@wild1145@mastodonapp.uk @philcowans@universeodon.com several points:

  • You can find out if an apt upgrade needs reboot. I don’t know the details, but the info is somewhere.
  • You can define Ansible variables per machine, including the user used to connect with.
  • You can bootstrap an Ansible user with an arbitrary sudoer user, like https://gist.github.com/StyXman/0003d9f903edb0dc12a3ac561a37c8df

#Ansible

1
1
0
askubuntu
AskUbuntu
@askubuntu@ubuntu.social · Mar 28, 2026
Can't install Ansible 2.18 in Ubuntu 24.04 anymore #apt #server #python #2404 #ansible https://askubuntu.com/q/1565244/612
0
0
1
Larvitz__dup_34529
Larvitz :fedora: :redhat:
@Larvitz__dup_34529@burningboard.net · Feb 27, 2026
New post: Neovim Crash Course for Sysadmins Not a beginner's guide. This covers the things you still get wrong after years of Vim - efficient navigation, why your paste lands in the wrong place (and the one-key fix), YAML indentation workflows, quick macros, and what Neovim's LSP actually gives you for infrastructure work. Written for people who edit configs and playbooks all day. https://blog.hofstede.it/neovim-crash-course-for-sysadmins-the-20-that-solve-80-of-the-pain/ #neovim #vim #sysadmin #devops #linux #ansible #yaml
20
6
15
who2industries
Who2Industries
@who2industries@mstdn.business · Feb 23, 2026
We just recorded two Videos and go into the cutting phase soon. Stay tuned to learn more about Semaphore UI and Podman Quadlets! #video #odysee #videoproduction #ansible #semaphoreui #podman #quadlets
1
0
1

You've seen all posts