my posts
I keep this blog to write down stuff I ran into along the way.Ansible check if a file exists in when statement
In Ansible, if you have playbooks with variables that are filenames, and that should point to actual files, it’s sometimes necessary to make sure the file exists before continuing.
Read more ...Redis Sentinel for ISVA WebSEAL
Redis is a key-value in-memory database (Redis.io). You can use Redis since version 10.0.1 in IBM Verify Access Manager as an alternative to the DSC (Distributed Session Cache) in WebSEAL and also in the Federation component as a replacement for the HVDB in some situations. Although it’s not possible yet to store everything in Redis , I think this will be definitely the case in the future!
Read more ...String formatting in Ansible
This post is about configuring ISAM WebSeal using the IBM Security Ansible Collection https://github.com/IBM-Security/isam-ansible-collection, but it is valid for any string related operation in Ansible yaml files.
There are different moving parts in play that impact how your strings will be rendered, and I try to clear that up a bit here.
It can be a Python, Yaml or Jinja syntax thing.
HCL Domino mail export using iNotes
Since I don’t have a Notes client anymore, I needed a different approach to export some mails from a Domino server.
Read more ...Publishing Jekyll website using Github Actions
I tend to suffer from the “if you have a hammer, everything starts to look like a nail” syndrome. So I started off with an Ansible deployment for this blog site.
Read more ...Ansible Execution Environment for the IBM ISVA Ansible collection
In Ansible Automation Platform 2.0 (the new version of Ansible Tower), there’s changes in how you work with custom environments. Instead of creating Python virtual environments, Automation Platform works with “ansible execution environments”.
Read more ...Ansible Collection for Pleasant password retrieval
Recently I came across Pleasant Password Server in use as a PAM (Privileged Access Management) solution. https://pleasantpasswords.com/info/pleasant-password-server.
I needed to integrate it with the Ansible playbooks I was using to deploy and configure IBM Verify Security Access Manager.
Unfortunately, there was no Ansible plugin available for use as there are for CyberArk or Thycotic or …, so I created one myself.
Change ISVA admin password using BeyondTrust BeyondInsight PAM
Here’s an example on how to change the ISVA/ISAM admin@local password using BeyondTrust’s BeyondInsight PAM (Privileged Access Manager) tool:
Read more ...Jekyll is dead
So I’m in the process of migrating my HCL Domino based blog to Jekyll, but apparently it’s been dead for a while already .
Read more ...IBM Security Verify Access monitoring and alerting with Zabbix
This is a “How-to” on using the opensource Zabbix monitoring tool for monitoring IBM Security Verify Access appliances. This document includes instructions to install Zabbix on your own machine, and Ansible playbooks to configure both Zabbix and an IBM ISVA Appliance.
Read more ...Binance referal code
Use this referal code to get 10% off on crypto orders, on binance.
Read more ...content-security-policy with nonce in ISAM/ISVA for junction cookie
Read more ...UPDATE 27/4/2022 : CSP is greatly enhanced in the upcoming 10.0.4 release, so doing this yourself will no longer be necessary.