At work I've recently had to set up a few Linux servers and get UniVerse installed on them. Now that I've done it a few times in rapid succession, I think it's time to automate it. I enjoy doing it every now and then but I think now is a good time to automate this step.
I was originally going to write a bash script and I already have a good idea of how it would look, I also would want to make it idempotent but as I thought about it, it didn't make sense that I would do this bash. I would need to check so much things to make sure my script doesn't blow up and leave the server in a weird state.
Ansible was something I had heard of but never really looked at and looking at the docs it looks like exactly what I'm looking for. I want describe the state of the system at the end and ansible will simply get to that state. I don't really care how it gets there. It's a very cool idea and one that I have never used before. Though it reminds me of docker but I only used docker a bit so this looks quite fun.
https://docs.ansible.com/ansible/latest/getting_started/index.html
Ansible has a set of hosts in the /etc/ansible/hosts file. Makes sense
The first step of simply pinging the hosts failed. I have my first host as the ansible server itself it already threw an error. It seems I needed to pass in the user and add the flag ask-pass.
# ansible all -m ping -u root --ask-pass
This worked.
The next step is to use inventory files. This seems to be a level up from the hosts file. This is also the way that is recommended to manage multiple systems.
This step worked relatively well.
I needed to use the -k option to for it to prompt for the password. I'll need to set up the password vault so i don't need to keep getting asked.
Copy pasting the encrypted password is a bit of a pain.
I also don't like how whitespace matters in yaml.
Reading is hard! I ran into some bugs here as I wasn't paying enough attention.
https://docs.ansible.com/ansible/2.5/network/getting_started/first_inventory.html
Here are the instructions to set up a vault password so you can then add passwords to the inventory file.
> ansible machines -m ping -i inventory.yaml --vault-id root@passwords
Now I can ping the server automatically!
Slowly slowly.
Running a playbook was pretty easy!
After writing a simple playbook I wrote the steps to install samba!
This was quite fun
https://stackoverflow.com/questions/62405671/ansible-playbook-to-check-the-condition-of-selinux-status
This checks to see if selinux is enabled, and only runs when it is.
Ansible was pretty straightforward. At this point I think I have decent idea of how to use it and it is definitely better than the shell script I was going to write.