24 Nov
2021
24 Nov
'21
1:25 p.m.
On Sun, Nov 21, 2021 at 10:09:32PM +1300, Ross Younger via users wrote:
I always meant to get my head around Ansible (or Chef,
or Puppet) for my VPS
based on recommendations on this very list. Sadly I have not yet got round
to it, and I suddenly find I have a need for something of this ilk at work.
Ansible user here, SSH+Python is all that is required for it work.
My use case is a single Linux instance, on-prem. (No
fleet, no cloud, no VMs
or containers planned.) It's to provide internal services for an office
network: DHCP, DDNS, maybe NAS, maybe print accounting, maybe
firewall/router/IDS, maybe apt cache or other proxies.
I think what I want is infrastructure-as-code:
You are thinking absolutely right. I used to do old-school hand editing config
files directly on boxes myself. That all changed 10 years ago when I finally got
a chance to use an internally developed tool very similar to ansible. All
configuration changes was committed to a repo before being pushed out.
* Config files (/etc) under revision control with convenient automated
backup
* All superuser actions are fully logged and replayable (fire drill:
complete reimage from scratch)
* Nobody gets direct sudo access, but I can give out admin access via the
config management tool.
I've had root shells for about 25 years now but I'm new to thinking deeply
about IaC. I would be grateful for feedback:
- is what I think I want reasonable and achievable? (what are the gotchas?)
- am I on the right track by looking at Ansible/Chef/Puppet and do any of
them particularly suit my use case? Are the paid-for versions worth paying
for?
- is there a useful noobs guide?
You should be fine using one of Ansible/Chef/Puppet, no need to blow up money
for commercial tools.
Even though you are managing just a single machine, believe me using a config
management tool will save you a lot of hassles. I have had to do your "fire
drill" quiet a few times and config management saved me all those times. I use
subversion (SVN) since I am the only one managing the stuff. I would use Git if
I was part of a team.
HTH.
Kind regards,
Didar
Thanks
Ross
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
--
All constants are variables.