no expert learning needed here…
i just want to stand up a single system, so that next time, I don't have to go through the rigmarole of doing stuff over and over.
finished with a basic course. now to actually try stuff. have the docs open along with a search engine
it’s slow going, because i want to write my files in yaml and i have to look up every single thing.
looking this up and running it is like turning a heavy flywheel. i only hope, this gets me a lot of motion
got it to ping.
now to figure out how to update the system
cannot seem to find a ‘unified’ update command. will look for one later.
right now, will try and figure out how to use the apt module
powercut! now back
learnt how to run a playbook as a different user
figuring out how to create a user
while the creation seems doable, how do I pass the password securely? this seems to be convoluted! (for now)
figured it out.
1. encrypt your passwords using passlib
2. put that into a vars file for your user or something
3. encrypt the vars file using ansible vault
4. access the var in your playbook.
5. put the vault password in a file and configure ansible.cfg to look for that file or you’ll be prompted for the password every darned time.
6. don’t keep the password in that file if you are not currently using the playbook. store it in your password manager
am i confident enough to create the second one, without a check?
why yes, i am and yes it worked! :)
figured out how to copy my ssh keys over
figured out how to disable root ssh access and password authentication
and rebooted the machine!
phase one done. now to figure out how to do the rest with a non root usere
blew the vm away and ran the playbook against a brand new one. Worked like a charm
So more work tomorrow
ok, let’s get this show on the road …
"msg": "Missing sudo password"
gotta figure out how to run root commands as a user
got it to run by supplying the password to the ansible_become_pass variable in the playbook
now to figure out how to make it use the password in my vault
ok the problem all along was that it did not like the hash from passlib, that i used
i just set the password to another variable and called it in my playbook
and now i have privilege escalation
if past me, read this toot in isolation, he would think i am some kind of wizard at ansible 😂
ooh ufw is preinstalled.
ok now to configure it to my liking
got fail2ban installed.
be back to configure it later
as an aside, i just learnt how to tunnel back to my machine using ssh
figured when to use the copy module vs the template module from a couple of my expert friends
for me, i guess it’ll mostly be the copy module.
fail2ban is installed!
learnt how to loop in ansible too :)
Did you miss me?
I guess not! 😂
Let’s get back!
got znc up and running
learnt to transfer whole folders with znc
transferred the settings from the old server to my desktop
and then ansible-copied them to the new server
tested it out. all works swimmingly well!
i bid adieu for today.
will be back from the new server in a day or two
and we’re back in business!
Ansible is done and dusted!
Managed to add a new piece of software to the server, by modifying my playbook today.
Love that this is not something i will miss next time!
Be kind, be helpful or begone!