Realizacje projektów
Migration from Icinga to Zabbix with Automated Host Provisioning
DevOps Engineer / System Administrator | Apr 22, 2025
I migrated an on-prem monitoring system from Icinga to Zabbix, implementing automated host provisioning from oVirt. The script validated duplicates across configuration files and sent Slack notifications about changes. This reduced onboarding time for new machines and improved infrastructure visibility.
Wymagania
Pełna migracja checków, szablonów i logiki powiadomień z Icinga2 do Zabbixa. Automatyczne wykrywanie hostów z oVirt oraz skrypt Bash/Python do ich dodawania. Skrypt sprawdza, czy host jest już monitorowany i wybiera szablon na podstawie metadanych.
Wprowadzone zmiany
Zastosowanie dynamicznych progów, powiadomień Slack z widokiem diff i deduplikacją konfiguracji.
Wyzwania
Przeniesienie skomplikowanej konfiguracji przy jednoczesnym wprowadzeniu automatyzacji i eliminacji konfliktów plików.
Użyte technologie
Zabbix, Icinga2, Python, Bash, Slack API, oVirt, Ansible, Linux (Debian/RHEL), Zabbix LLD
Wpływ
Migracja zapewniła lepszą widoczność i pełną automatyzację procesu dodawania hostów. Nowe maszyny trafiają do monitoringu natychmiast, z ustandaryzowanymi szablonami i progami oraz pełnym śladem zmian w Slacku.
Rezultaty
Skrócono ręczną konfigurację monitoringu do zera i uspójniono progi alarmowe. Cały proces od utworzenia VM po alerty jest zautomatyzowany, a zmiany raportowane w Slacku.
Automation scripts available under NDA or on request.
🛡️ 802.1x Deployment with FreeIPA and Automated Certificate Management
Network Security Engineer | Apr 22, 2025
I designed and deployed secure 802.1x authentication across the office LAN using FreeIPA and automated certificate issuance. The solution integrated with Juniper and Unifi switches and helped enforce strict access policies across physical infrastructure.
Wymagania
📌 Project Overview I led the implementation of a secure dot1x network access control system integrated with FreeIPA to enforce identity-based policies for wired and wireless devices across office infrastructure. The system ensured that only authorized users and devices could access the internal network by dynamically assigning VLANs based on FreeIPA group membership. The entire certificate lifecycle was fully automated using custom app certmenanger, eliminating manual issuance and renewal. This deployment included configuration of Juniper EX switches, Unifi access points, and a RADIUS backend managed through FreeIPA-integrated policies.
Wprowadzone zmiany
🧱 Key Responsibilities 🔐 802.1x configuration for both wired and wireless environments 👥 FreeIPA user and host management, group-based access policy enforcement 🧾 Certificate automation using certmenager, including issuing, renewal, and revocation 📶 Switch and AP configuration (Juniper EX, Unifi) for dynamic VLANs and MAC-based fallback 🔄 Automated onboarding workflows for laptops and users, including certificate provisioning on login 🔎 Monitoring and logging of authentication attempts and rejected access with alerting 📋 Documentation and training for IT staff on adding new devices and handling expirations
Wyzwania
🔧 Purpose and Impact The project drastically improved the security posture of the office network by ensuring all access was identity-verified and traceable. By automating certificate management and integrating with existing identity infrastructure, the system became scalable, maintainable, and resistant to credential leaks or MAC spoofing.
Użyte technologie
Skills and deliverables dot1x Junos OS UniFi Ansible Python 🛠️ Technologies Used FreeIPA certmenager 802.1x / EAP-TLS Juniper EX series Unifi Controller RADIUS (FreeRADIUS) Bash / Python / Ansible Linux (RHEL)
Wpływ
Key benefits included: 🚫 Prevented unauthorized access to internal resources 🔄 Zero-touch certificate issuance and renewal via certmonger 🧘♂️ Seamless onboarding/offboarding for users and laptops 🔐 Group-based policy control and dynamic VLAN assignment 📈 Full visibility into access attempts and authentication outcomes
Rezultaty
🐳 Containerization and CI/CD Setup with Jenkins in Kubernetes
DevOps Engineer | Apr 22, 2025
My role. DevOps Engineer Project description. I containerized internal apps and deployed them in a Kubernetes cluster. Then I implemented a CI/CD pipeline using Jenkins to automate testing, building, and deploying. Integration with Vault allowed secure secrets management and dynamic environment setup.
Wymagania
📌 Project Overview I led the containerization of several internal applications and deployed them into a production-ready Kubernetes environment. The goal was to modernize deployment workflows, ensure horizontal scalability, and implement a robust CI/CD pipeline using Jenkins. This project included the creation of Helm charts, persistent storage handling, secret management, and full automation of build, test, and deployment pipelines – reducing release time and deployment risks.
Wprowadzone zmiany
🧱 Key Responsibilities 📦 Containerization of legacy/internal applications using Docker ☸️ Deployment to Kubernetes clusters with Helm, including resource definitions, autoscaling, and persistence 🛠️ CI/CD pipeline implementation with Jenkins (build, test, deploy, rollback) 🔐 Secrets management integrated with HashiCorp Vault and Jenkins credentials plugin 🔄 Staging and production environments with namespace separation and promotion flow 🧪 Automated test suites triggered on each push (unit, integration, linting) 📈 Monitoring and logging for deployed apps via Prometheus, Loki and Grafana 📤 Slack integration for build/deploy notifications
Wyzwania
🔧 Purpose and Impact The project enabled full automation of application delivery pipelines, significantly reduced manual errors, and introduced fast rollback procedures. Containerization also allowed the development and DevOps teams to collaborate on a unified platform, resulting in: 🚀 Faster delivery cycles with reliable rollback support 📦 Environment parity from development to production 🔒 Secure and dynamic secret handling via Vault 📊 Real-time observability of application performance and deployments ⛓️ Seamless integration with GitOps workflows
Użyte technologie
Skills and deliverables Docker Kubernetes Jenkins Git HashiCorp Vault 🛠️ Technologies Used Docker Kubernetes Helm Jenkins HashiCorp Vault Prometheus / Loki / Grafana GitHub Ansible / Bash Ingress-NGINX
Wpływ
The pipelines provided environment parity and real-time visibility into deployments.
Rezultaty
Published on Apr 22, 2025 🚀 Faster delivery cycles, secure dynamic secrets handling, and seamless GitOps integration.
⚙️ Dynamic Bitbucket Pipelines Runners with KVM and Ansible
DevOps Engineer | Apr 22, 2025
My role. DevOps Engineer Project description. I implemented a dynamic CI/CD runner environment using Bitbucket Pipelines and KVM. Runners are provisioned on-demand using Ansible and deleted after job completion. This ensured full isolation for each pipeline job while optimizing hardware usage and costs.
Wymagania
📌 Project Overview I implemented a fully dynamic CI/CD runner infrastructure integrated with Bitbucket Pipelines, designed to provision and destroy virtual machines on-demand using KVM and Ansible. This system allows each pipeline job to run in a clean, isolated environment, improving both security and reliability. After the job completes, the VM is automatically decommissioned, freeing up resources and reducing operational costs. This setup is ideal for organizations needing disposable, reproducible, and scalable CI runners without relying on external services like GitHub Actions or Bitbucket-hosted runners.
Wprowadzone zmiany
🧱 Key Responsibilities 🔧 Design of dynamic runner lifecycle: automatic VM provisioning and cleanup per pipeline job 💾 KVM-based virtualization with qcow2 images, bridged networking, and resource constraints 🤖 Ansible automation for provisioning OS, installing runners, configuring SSH keys and agents 🔄 State tracking and cleanup routines to prevent orphaned VMs and stale builds 🔐 Secure key injection for repo access, secrets fetching, and logging 📬 Email/Slack notification hooks on build status, failures, and VM lifecycle events 📦 Custom runner images built for specific tech stacks (Node, Python, Golang, Java) 📊 Integration with monitoring and dashboards (Grafana + custom Bash scripts)
Wyzwania
🔧 Purpose and Impact By eliminating the need for persistent build agents and implementing true infrastructure-as-code for CI environments, the system delivered:
Użyte technologie
Skills and deliverables Ansible CI/CD Bash Linux Bitbucket 🛠️ Technologies Used Bitbucket Pipelines KVM / libvirt / virt-install Ansible Debian / Ubuntu cloud images Bash / Python QEMU / qcow2 Grafana / custom metrics Slack Webhooks Git / SSH automation
Wpływ
🔄 Automatic cleanup after builds – no resource leakage 🧩 Modular runner templates for multiple languages and build systems 💸 Cost-effective infrastructure by spinning up only what’s needed 🧱 Isolated builds for every job – no cross-contamination between pipelines ⚙️ Simple local hosting without cloud dependency
Rezultaty
The result: CI pipelines became faster, safer, and more scalable, while reducing the maintenance burden.
Nazwa projektu
Twoja rola | Rok
Tutaj krótki opis projektu wraz z kontekstem biznesowym.
Wymagania
Opis wymagań...
Wprowadzone zmiany
Lista zmian w projekcie...
Wyzwania
Największe trudności...
Użyte technologie
Wykorzystane narzędzia...
Wpływ
Krótki opis wpływu...
Rezultaty
Najważniejsze rezultaty...
Nazwa projektu
Twoja rola | Rok
Tutaj krótki opis projektu wraz z kontekstem biznesowym.
Wymagania
Opis wymagań...
Wprowadzone zmiany
Lista zmian w projekcie...
Wyzwania
Największe trudności...
Użyte technologie
Wykorzystane narzędzia...
Wpływ
Krótki opis wpływu...
Rezultaty
Najważniejsze rezultaty...