I know you said you weren’t considering containers, but it might be worth another look for a few reasons:

- each service is ‘encapsulated’ and logically separated from everything else running on the machine
- depending on your exact needs, you could more than likely use existing images from Docker Hub and not have to build your own
- you can easily externalise the config backup files to known locations on the host disk, making it easy to back up the configurations
- upgrades are easy; just pull the latest version of the container, and roll back to the previous one if stuff breaks
- with tools like docker-compose you could bring up all your services, in the correct order, with a single command
- it would be very easy to move the services and config across to another machine in the event of a hardware failure

I’ve used Puppet in the past (but ~10 years ago now so it may have moved on quite a bit)… there’s going to be a significant amount of effort in setting up the Puppet/Ansible infrastructure, config, etc., and for one machine you will probably feel like it’s easier to just do it manually/script it with bash or similar.

Kind regards,
Paul

Sent from my iPad. Please excuse brevity, spelling, and punctuation.

On 21 Nov 2021, at 09:18, Ross Younger via users <users@lists.bitfolk.com> wrote:

I always meant to get my head around Ansible (or Chef, or Puppet) for my VPS based on recommendations on this very list. Sadly I have not yet got round to it, and I suddenly find I have a need for something of this ilk at work.

My use case is a single Linux instance, on-prem. (No fleet, no cloud, no VMs or containers planned.) It's to provide internal services for an office network: DHCP, DDNS, maybe NAS, maybe print accounting, maybe firewall/router/IDS, maybe apt cache or other proxies.

I think what I want is infrastructure-as-code:

* Config files (/etc) under revision control with convenient automated backup
* All superuser actions are fully logged and replayable (fire drill: complete reimage from scratch)
* Nobody gets direct sudo access, but I can give out admin access via the config management tool.

I've had root shells for about 25 years now but I'm new to thinking deeply about IaC. I would be grateful for feedback:

- is what I think I want reasonable and achievable? (what are the gotchas?)
- am I on the right track by looking at Ansible/Chef/Puppet and do any of them particularly suit my use case? Are the paid-for versions worth paying for?
- is there a useful noobs guide?

Thanks

Ross

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users