learning Ansible.
writing random thoughts to keep me on track

no expert learning needed here…

i just want to stand up a single system, so that next time, I don't have to go through the rigmarole of doing stuff over and over.

Show thread

finished with a basic course. now to actually try stuff. have the docs open along with a search engine

Show thread

it’s slow going, because i want to write my files in yaml and i have to look up every single thing.

e.g.
[label]
hostname-or-ip

turns into

all:
children:
label:
hosts:
hostname-or-ip

looking this up and running it is like turning a heavy flywheel. i only hope, this gets me a lot of motion

Show thread

got it to ping.

now to figure out how to update the system

Show thread

cannot seem to find a ‘unified’ update command. will look for one later.
right now, will try and figure out how to use the apt module

Show thread

learnt how to run a playbook as a different user

Show thread

while the creation seems doable, how do I pass the password securely? this seems to be convoluted! (for now)

Show thread

figured it out.
1. encrypt your passwords using passlib
2. put that into a vars file for your user or something
3. encrypt the vars file using ansible vault
4. access the var in your playbook.
p.s.
5. put the vault password in a file and configure ansible.cfg to look for that file or you’ll be prompted for the password every darned time.
p.p.s.
6. don’t keep the password in that file if you are not currently using the playbook. store it in your password manager

Show thread

am i confident enough to create the second one, without a check?

Show thread

figured out how to disable root ssh access and password authentication

Show thread

phase one done. now to figure out how to do the rest with a non root usere

Show thread

blew the vm away and ran the playbook against a brand new one. Worked like a charm

Powercut now
So more work tomorrow

Show thread

"msg": "Missing sudo password"

gotta figure out how to run root commands as a user

Show thread

got it to run by supplying the password to the ansible_become_pass variable in the playbook

now to figure out how to make it use the password in my vault

Show thread

ok the problem all along was that it did not like the hash from passlib, that i used

i just set the password to another variable and called it in my playbook

and now i have privilege escalation

Show thread

if past me, read this toot in isolation, he would think i am some kind of wizard at ansible 😂

Show thread

ooh ufw is preinstalled.
ok now to configure it to my liking

Show thread

got fail2ban installed.
now lunch
be back to configure it later

Show thread

as an aside, i just learnt how to tunnel back to my machine using ssh

Show thread

figured when to use the copy module vs the template module from a couple of my expert friends

Show thread

for me, i guess it’ll mostly be the copy module.

Show thread

done.
fail2ban is installed!
learnt how to loop in ansible too :)

Show thread
Follow

Did you miss me?
I guess not! 😂
Let’s get back!

got znc up and running
learnt to transfer whole folders with znc

transferred the settings from the old server to my desktop
and then ansible-copied them to the new server

tested it out. all works swimmingly well!

Show thread

i bid adieu for today.
will be back from the new server in a day or two

Show thread

Managed to add a new piece of software to the server, by modifying my playbook today.
Love that this is not something i will miss next time!

Show thread
Sign in to participate in the conversation
Mastodon

Be kind, be helpful or begone!