Hashicorp vault – Enable database secret engine for MariaDB/MySQL

Introduction There is a learning page for turning on database secret engine for postgresql but for my environment it is MariaDB, this post records on how to enable database engine to automatically rotate secrets for MariaDB user. This feature is very similar to CyberArk on password rotation for nix servers and database. For this lab, … Continue reading Hashicorp vault – Enable database secret engine for MariaDB/MySQL →

[python]Nornir framework usage example 1 – show ip int brief

Introduction Before using Nornir, I was using netmiko, netmiko is a steady module which makes configuring, getting information from cisco based devices easily. Of course netmiko is not limited to just Cisco, it is a multi-vendor module. Napalm is another network module which does the same thing as netmiko, however when dealing with Cisco ios … Continue reading [python]Nornir framework usage example 1 – show ip int brief →

[python]Comparing execution time without threading, with threadpoolexecutor and threading subclass

3 round results to print out the execution time of calling the functions This is a comparison in execution time by sending show version to three Cisco ASA - fw01, fw02 and fw03. All connections with netmiko.ConnectHandler has a global_delay_factor of 0.5s. I have made three functions: connect_device_type_1: This function does not use threading but … Continue reading [python]Comparing execution time without threading, with threadpoolexecutor and threading subclass →

[python]Filter inventory – Nornir

Introduction Nornir is a framework for network automation, it gels netmiko, paramiko, ansible, yaml, ansible, napalm, netconf together, this is a must have package for doing network automation and it is not too difficult to learn. There will be time when specific configuration is for specific device in the inventory, in order to push to … Continue reading [python]Filter inventory – Nornir →

[python]Dynamic hosts data, using Nornir framework

Introduction There are many examples that hardcoded username and password into the yaml file, and use InitNornir, best practice and example should not show hardcoded credentials, always use a vault or a database that centrally stores username and password securely, one particular credential storage I am using is Hashicorp vault. In my opinion, best practice … Continue reading [python]Dynamic hosts data, using Nornir framework →

[python]Usage examples of pyvault2

Introduction I am using hashicorp vault to store secrets of devices, and I am writing my own functions in python for my personal usage. There is a hashicorp vault api wrapper module known as hvac, at first I attempted to use hvac but I found it to be extremely difficult to use and not enough … Continue reading [python]Usage examples of pyvault2 →

[python]Show version with Ansible

Introduction These python scripts do the following: init_vault.py, initialized the vault and create an encryption key. The initialization creates 5 keys and 1 root token for unsealing and login the vault respectively. get_vault_resuly.py, this script gets the keys and token to unseal and login the vault. vault_mgmt.py, this script gets the key and value pair … Continue reading [python]Show version with Ansible →

Set up Hashicorp Vault

Introduction I came across this hashcorp vault which is a vault I need for storing network equipment credentials. There is an enterprise version and free version, the free version can be downloaded here. Hashicorp Vault has API for accessing the data stored in the vault, after the hashicorp vault is initialized 5 keys and 1 … Continue reading Set up Hashicorp Vault →