At work I’ve recently had to set up a few Linux servers and get UniVerse installed on them. Now that I’ve done it a few times in rapid succession, I think it’s time to automate it. I enjoy doing it every now and then but I think now is a good time to automate this step.
I was originally going to write a bash script and I already have a good idea of how it would look, I also would want to make it idempotent but as I thought about it, it didn’t make sense that I would do this bash. I would need to check so much things to make sure my script doesn’t blow up and leave the server in a weird state.
Ansible was something I had heard of but never really looked at and looking at the docs it looks like exactly what I’m looking for. I want describe the state of the system at the end and ansible will simply get to that state. I don’t really care how it gets there. It’s a very cool idea and one that I have never used before. Though it reminds me of docker but I only used docker a bit so this looks quite fun.
Ansible has a set of hosts in the /etc/ansible/hosts file. Makes sense
The first step of simply pinging the hosts failed. I have my first host as the ansible server itself it already threw an error. It seems I needed to pass in the user and add the flag ask-pass.
# ansible all -m ping -u root --ask-pass
The next step is to use inventory files. This seems to be a level up from the hosts file. This is also the way that is recommended to manage multiple systems.
This step worked relatively well.
I needed to use the -k option to for it to prompt for the password. I’ll need to set up the password vault so i don’t need to keep getting asked.
Copy pasting the encrypted password is a bit of a pain.
I also don’t like how whitespace matters in yaml.
Reading is hard! I ran into some bugs here as I wasn’t paying enough attention.
Here are the instructions to set up a vault password so you can then add passwords to the inventory file.
> ansible machines -m ping -i inventory.yaml --vault-id root@passwords
Now I can ping the server automatically!
Running a playbook was pretty easy!
After writing a simple playbook I wrote the steps to install samba!
This was quite fun
This checks to see if selinux is enabled, and only runs when it is.
Ansible was pretty straightforward. At this point I think I have decent idea of how to use it and it is definitely better than the shell script I was going to write.