Re: [bitfolk] Configuration management systems

I know you said you weren’t considering containers, but it might be worth another look for a few reasons: - each service is ‘encapsulated’ and logically separated from everything else running on the machine - depending on your exact needs, you could more than likely use existing images from Docker Hub and not have to build your own - you can easily externalise the config backup files to known locations on the host disk, making it easy to back up the configurations - upgrades are easy; just pull the latest version of the container, and roll back to the previous one if stuff breaks - with tools like docker-compose you could bring up all your services, in the correct order, with a single command - it would be very easy to move the services and config across to another machine in the event of a hardware failure I’ve used Puppet in the past (but ~10 years ago now so it may have moved on quite a bit)… there’s going to be a significant amount of effort in setting up the Puppet/Ansible infrastructure, config, etc., and for one machine you will probably feel like it’s easier to just do it manually/script it with bash or similar. Kind regards, Paul Sent from my iPad. Please excuse brevity, spelling, and punctuation. On 21 Nov 2021, at 09:18, Ross Younger via users <users(a)lists.bitfolk.com> wrote: I always meant to get my head around Ansible (or Chef, or Puppet) for my VPS based on recommendations on this very list. Sadly I have not yet got round to it, and I suddenly find I have a need for something of this ilk at work. My use case is a single Linux instance, on-prem. (No fleet, no cloud, no VMs or containers planned.) It's to provide internal services for an office network: DHCP, DDNS, maybe NAS, maybe print accounting, maybe firewall/router/IDS, maybe apt cache or other proxies. I think what I want is infrastructure-as-code: * Config files (/etc) under revision control with convenient automated backup * All superuser actions are fully logged and replayable (fire drill: complete reimage from scratch) * Nobody gets direct sudo access, but I can give out admin access via the config management tool. I've had root shells for about 25 years now but I'm new to thinking deeply about IaC. I would be grateful for feedback: - is what I think I want reasonable and achievable? (what are the gotchas?) - am I on the right track by looking at Ansible/Chef/Puppet and do any of them particularly suit my use case? Are the paid-for versions worth paying for? - is there a useful noobs guide? Thanks Ross _______________________________________________ users mailing list users(a)lists.bitfolk.com https://lists.bitfolk.com/mailman/listinfo/users