Ansible - Powerful Open Source system management and task automation tooling!
HTML-код
- Опубликовано: 3 июл 2024
- === Links ===
Show Notes
wiki.opensourceisawesome.com/...
Ansible Series from Learn Linux TV
• Getting started with A...
Get the AwesomeOpenSource Merchandise
awesomeopensource.creator-spr...
Support my Channel and ongoing efforts through Patreon:
/ awesomeopensource
Buy Me a Coffee or Beer
paypal.me/BrianMcGonagill?cou...
=== Timestamps ===
00:00 Beginning
00:08 Introduction to Ansible
04:04 Thank you to my Patrons over at Patreon
04:41 What You'll Need
06:18 Setup SSH Key Pair
09:31 Send SSH Keys to Target Machines
11:32 Install Ansible
13:22 Setup our Ansible Project Space
13:57 Setup Our Inventory File
20:22 Testing Ansible with Ansible-Ping
23:02 Make an Ansible Playbook
=== Contact ===
Twitter: @mickintx
Telegram: @MickInTx
Mastodon: @MickInTx@fosstodon.org
Try out SSDNodes VPS Services! Amazing Specs for incredibly low costs. I'm running a 32 GB RAM / $ CPU Server for only $9 a month! Seriously. FOr long term server usage, this is the way to go!
www.ssdnodes.com/manage/aff.p...
Get a $50.00 credit for Digital Ocean by signing up with this link:
m.do.co/c/a6a61ae55242
Use Hover as your Domain Name Registrar to get some great control over you domains / sub-domains:
hover.com/SHPaiirr
Support my Channel and ongoing efforts through Patreon:
/ awesomeopensource
What does the money go to?
To Pay for Digital Ocean droplets, donations to open source projects I feature, any hardware I may need to purchase for future episodes (which I will then give to a subscriber in a drawing or contest). Наука
A few considerations. One, if you're using virtualization, build the pubkey into your base image, so you can clone or deploy a new VM and you get the keys being pre-installed for "free". This is scriptable on Proxmox.
Two, another benefit to having things (machine configurations, not just actions like "upgrade apt") in Ansible is they are repeatable and idempotent. If there's any question about a configuration, just run Ansible again.
Three, put all this Ansible configuration into git and you have a history of your previous settings should reverting to them become interesting. Your git repo becomes your "source", and makes it easy to move between workspaces.
Great content as always. Lots to encourage here, well done.
Awesome tips!
unattainable clarity in the exposition, as always, well done!
Thank you so much 😀
Very helpful! I've used Ansible before and it was great. I only did basic stuff with it but I'm planning to add it to my homelab to learn more.
Regarding Wazuh, I've been working with it a little lately. Some things are really easy, other things not so much. The basic setup is very easy and it works very well. I'm looking forward to your video on it!
Awesome! I'm learning as quickly as I can on it.
Here is a tip for you that I stumbled upon, Defguard Wireguard 2fa open source project. Thanks for this video and all the other.
Defguard is on my list.
Ansible is a great tool for all you 're computers needs. Not only for the Linux/Unix world. But I use it in our Windows Environment here at work. We update 12 Linux servers, and over 300 Desktop computers and another 15 Windows ..2019 servers. Which Ansible really comes in handy when they ALL (Windows Servers/Desktop computers) need to be rebooted, after an update. Actually, they get rebooted once a month...regardless. They just turn to garbage if they are not rebooted once a month.
Linux/Unix machines when a kernel update gets pushed. So once or twice a year.
It's absolutely awesome!
By the way from the man-page off ssh-keygen "The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an Ed25519 key." But I think that is a fairly recent thing. 1 or 2 versions they used the more insecure RSA.
Great info!
Great video! Some feedback.
Because ssh keys are so ubiquitous and documentation is literally everywhere, I wish you would have spent those 5 minutes walking through your lxd install. If you are going to skip something to make a video shorter, let it be ssh key pairs.
But otherwise, great. Personal preference. Thank you!
I've covered the incus stuff in previous videos. Do you mean installing LXD on the host, or the actual container I setup?
Passphrases are easy and cheap. If you don't want to type the passphrase in for every use, you have two options.
1) use the ssh-agent, and typically all you really need to do in a usual Linux desktop environment is type "ssh-add" and enter the passphrase, which will add keys to the agent. It'll be available and not requested again for the duration of that logged in desktop session. Note, you can also "give up" the credential when you're done.
2) use control-master in ssh config. This will activate a persistent ssh session (definable), so you don't then need to re-establish connection details. This MAY NOT help you much at all in this ansible case (each connection to a new target host would still require establishing a connection), however, if you have a bunch of playbooks against a small number of hosts, it may be a net win in terms of not typing passwords, and it may also be a net win in terms of time by re-using established sessions were possible.
I do both.
Great to know! Thanks for the tips!
If you soend a considerable amount of time configuring your laptop or pc, especially developers that need to setup development environments, ansible is great. I use it to setup my laptop and pc. Ansible can handle differences pretty well. Its something better than a bunch of bash scripts but its also not NixOs.
My understanding is that NixOs is more concerned with reproducible buils. Ansible cares more about declarative automation. So ansible is not as flexible but makes automation very easy to understand.
Indeed, NixOS is great for setting up a machine in the exact same way, and Ansible is great for performing the same actions repeatedly on various machines and across OSes.
@@AwesomeOpenSource i like that👍
An idea for a future video, are there any open source business rule engines that might be added to your MSP series.
Can you tell me what you mean by "business rules" in this case?
@@AwesomeOpenSource A thought I had was imagine integrating for example Zammad, with a Business Rules Engine (BRE) like OpenL Tablets that can streamline and automate various aspects of your service management processes. You'd need a python script to interact between the two systems API's and then create easy to maintain rules around ticket prioritization, assignment and escalations. Other applications could be dynamic pricing of your items for sale, calculating shipping depending on location etc.
@@jaqrab I’ve never seen anything like that, but I’ll keep my eyes open.
I wish more businesses would use tools like Ansible instead of Microsoft top to bottom....
Me too. It's all about educating and making it known and consumable.
@@AwesomeOpenSource lately i am more and more tempted to try and get away from Microsoft and other big tech, where possible......and there the issues start.
@@AwesomeOpenSource the german BSI for some time now has security/config recommendations for LibreOffice, maybe you can try to set these up with Ansible :)
If you can link me to those suggestions in English, i'll take a look. I barely speak English, but definitely can't read German.
@@AwesomeOpenSource i dont think its available in german but i may be able if i got time to translate the document and mail you a link or the file
A couple of pointers. When you use Become at the top level, that is saying EVERY playbook task is run elevated. Typically this isnt ideal as "most" tasks do not require elevation. At the individual task level, you can add become to run that specific task elevated. If your playbook requires every task in the playbook to be run elevated, putting it at the top level is sufficient, and you dont need to redundantly add it on the individual tasks.
As a best practice, it is also recommended that you use FQDN for the modules you are running for the tasks, it helps with readability and identifying if a playbook that is shared requires additional galaxy roles/collections to be added (you didnt touch on these, but its important). IE: instead of apt, it should be ansible.builtin.apt and so on.
You can also set a variable in your inventory to identify either by individual groups of hosts, or the entire inventory of hosts, which SSH key to use, so that you dont need to convolute your playbook run command.
All great tips. A lot of these are in that Learn Linux TV ansible series I pointed to in the description as well. Just so much that could be covered on ansible alone, so had to pick a choose a bit to keep it from becoming a seven hour video.
Waiting For You, Now you are Here.
Yay!
It it a good option to clone the system to another machine or should I use clonezilla?
I would use Clonezilla or Rescuezilla for that.
puppet is agent base .
there are benefit to that .
Haven't had a chance to dig into puppet yet, but it's on my list.
Please, this is 'Part 5' of what serial?
Setting up an MSP
@@cephas2009 Thanks. Silly me, looking at playlists with 5 or 4 things in them ;)
This is part of my Build an MSP on Open Source series.
Thanks for the Video. One question:
Public SSH key wasn‘t Set up with passphrase. So if a Client got hacked and the Hacker has the public key they could login to the server without anything else, right?
no, the "hacker" needs the private key to establish a key-based ssh-connection. The public key can only validate packets signed with the private-key.
@UliGuenter has it right. You need the private key in order to connect. The public key is publicly shareable.
Got it. Thx
Public keys "never" have a passphrase, it's the private key that would/should be protected by the passphrase.
The public key is not a security concern in any dimension, it's "public". :)
Minor glitch:
inventory: ansible is misspelled for Fedora as ansibel
ruclips.net/video/mi9HPGap0R0/видео.html
Thanks. I'll check, but pretty sure I fixed it.