Ansible - Powerful Open Source system management and task automation tooling!

Рет қаралды 8,847

Күн бұрын

=== Links ===
Show Notes
wiki.opensourceisawesome.com/...
Ansible Series from Learn Linux TV
• Getting started with A...
Get the AwesomeOpenSource Merchandise
awesomeopensource.creator-spr...
Support my Channel and ongoing efforts through Patreon:
/ awesomeopensource
Buy Me a Coffee or Beer
paypal.me/BrianMcGonagill?cou...
=== Timestamps ===
00:00 Beginning
00:08 Introduction to Ansible
04:04 Thank you to my Patrons over at Patreon
04:41 What You'll Need
06:18 Setup SSH Key Pair
09:31 Send SSH Keys to Target Machines
11:32 Install Ansible
13:22 Setup our Ansible Project Space
13:57 Setup Our Inventory File
20:22 Testing Ansible with Ansible-Ping
23:02 Make an Ansible Playbook
=== Contact ===
Twitter: @mickintx
Telegram: @MickInTx
Mastodon: @MickInTx@fosstodon.org
Try out SSDNodes VPS Services! Amazing Specs for incredibly low costs. I'm running a 32 GB RAM / $ CPU Server for only $9 a month! Seriously. FOr long term server usage, this is the way to go!
www.ssdnodes.com/manage/aff.p...
Get a $50.00 credit for Digital Ocean by signing up with this link:
m.do.co/c/a6a61ae55242
Use Hover as your Domain Name Registrar to get some great control over you domains / sub-domains:
hover.com/SHPaiirr
Support my Channel and ongoing efforts through Patreon:
/ awesomeopensource
What does the money go to?
To Pay for Digital Ocean droplets, donations to open source projects I feature, any hardware I may need to purchase for future episodes (which I will then give to a subscriber in a drawing or contest).

Пікірлер: 50

@bugdozer314 Ай бұрын

A few considerations. One, if you're using virtualization, build the pubkey into your base image, so you can clone or deploy a new VM and you get the keys being pre-installed for "free". This is scriptable on Proxmox. Two, another benefit to having things (machine configurations, not just actions like "upgrade apt") in Ansible is they are repeatable and idempotent. If there's any question about a configuration, just run Ansible again. Three, put all this Ansible configuration into git and you have a history of your previous settings should reverting to them become interesting. Your git repo becomes your "source", and makes it easy to move between workspaces. Great content as always. Lots to encourage here, well done.

@AwesomeOpenSource Ай бұрын

Awesome tips!

@realjoecast Күн бұрын

Note: if you want to use RSA instead, use --private-key instead of --key-file thanks for all your videos find some stuff that i didn't know here and there.

@mattiavadala7870 Ай бұрын

unattainable clarity in the exposition, as always, well done!

@AwesomeOpenSource Ай бұрын

Thank you so much 😀

@jeffherdz Ай бұрын

Ansible is a great tool for all you 're computers needs. Not only for the Linux/Unix world. But I use it in our Windows Environment here at work. We update 12 Linux servers, and over 300 Desktop computers and another 15 Windows ..2019 servers. Which Ansible really comes in handy when they ALL (Windows Servers/Desktop computers) need to be rebooted, after an update. Actually, they get rebooted once a month...regardless. They just turn to garbage if they are not rebooted once a month. Linux/Unix machines when a kernel update gets pushed. So once or twice a year.

@AwesomeOpenSource Ай бұрын

It's absolutely awesome!

@bugdozer314 Ай бұрын

Passphrases are easy and cheap. If you don't want to type the passphrase in for every use, you have two options. 1) use the ssh-agent, and typically all you really need to do in a usual Linux desktop environment is type "ssh-add" and enter the passphrase, which will add keys to the agent. It'll be available and not requested again for the duration of that logged in desktop session. Note, you can also "give up" the credential when you're done. 2) use control-master in ssh config. This will activate a persistent ssh session (definable), so you don't then need to re-establish connection details. This MAY NOT help you much at all in this ansible case (each connection to a new target host would still require establishing a connection), however, if you have a bunch of playbooks against a small number of hosts, it may be a net win in terms of not typing passwords, and it may also be a net win in terms of time by re-using established sessions were possible. I do both.

@AwesomeOpenSource Ай бұрын

Great to know! Thanks for the tips!

@AndreasHanfelt Ай бұрын

Here is a tip for you that I stumbled upon, Defguard Wireguard 2fa open source project. Thanks for this video and all the other.

@AwesomeOpenSource Ай бұрын

Defguard is on my list.

@KenPryor Ай бұрын

Very helpful! I've used Ansible before and it was great. I only did basic stuff with it but I'm planning to add it to my homelab to learn more. Regarding Wazuh, I've been working with it a little lately. Some things are really easy, other things not so much. The basic setup is very easy and it works very well. I'm looking forward to your video on it!

@AwesomeOpenSource Ай бұрын

Awesome! I'm learning as quickly as I can on it.

@ws_stelzi79 Ай бұрын

By the way from the man-page off ssh-keygen "The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an Ed25519 key." But I think that is a fairly recent thing. 1 or 2 versions they used the more insecure RSA.

@AwesomeOpenSource Ай бұрын

Great info!

@Sam-oz8tw Ай бұрын

Great video! Some feedback. Because ssh keys are so ubiquitous and documentation is literally everywhere, I wish you would have spent those 5 minutes walking through your lxd install. If you are going to skip something to make a video shorter, let it be ssh key pairs. But otherwise, great. Personal preference. Thank you!

@AwesomeOpenSource Ай бұрын

I've covered the incus stuff in previous videos. Do you mean installing LXD on the host, or the actual container I setup?

@BrianGiuffre Ай бұрын

A couple of pointers. When you use Become at the top level, that is saying EVERY playbook task is run elevated. Typically this isnt ideal as "most" tasks do not require elevation. At the individual task level, you can add become to run that specific task elevated. If your playbook requires every task in the playbook to be run elevated, putting it at the top level is sufficient, and you dont need to redundantly add it on the individual tasks. As a best practice, it is also recommended that you use FQDN for the modules you are running for the tasks, it helps with readability and identifying if a playbook that is shared requires additional galaxy roles/collections to be added (you didnt touch on these, but its important). IE: instead of apt, it should be ansible.builtin.apt and so on. You can also set a variable in your inventory to identify either by individual groups of hosts, or the entire inventory of hosts, which SSH key to use, so that you dont need to convolute your playbook run command.

@AwesomeOpenSource Ай бұрын

All great tips. A lot of these are in that Learn Linux TV ansible series I pointed to in the description as well. Just so much that could be covered on ansible alone, so had to pick a choose a bit to keep it from becoming a seven hour video.

@jhonyortiz5 27 күн бұрын

If you soend a considerable amount of time configuring your laptop or pc, especially developers that need to setup development environments, ansible is great. I use it to setup my laptop and pc. Ansible can handle differences pretty well. Its something better than a bunch of bash scripts but its also not NixOs. My understanding is that NixOs is more concerned with reproducible buils. Ansible cares more about declarative automation. So ansible is not as flexible but makes automation very easy to understand.

@AwesomeOpenSource 27 күн бұрын

Indeed, NixOS is great for setting up a machine in the exact same way, and Ansible is great for performing the same actions repeatedly on various machines and across OSes.

@jhonyortiz5 27 күн бұрын

@@AwesomeOpenSource i like that👍

@stevenwinderlich2891 Ай бұрын

I wish more businesses would use tools like Ansible instead of Microsoft top to bottom....

@AwesomeOpenSource Ай бұрын

Me too. It's all about educating and making it known and consumable.

@stevenwinderlich2891 Ай бұрын

@@AwesomeOpenSource lately i am more and more tempted to try and get away from Microsoft and other big tech, where possible......and there the issues start.

@stevenwinderlich2891 Ай бұрын

@@AwesomeOpenSource the german BSI for some time now has security/config recommendations for LibreOffice, maybe you can try to set these up with Ansible :)

@AwesomeOpenSource Ай бұрын

If you can link me to those suggestions in English, i'll take a look. I barely speak English, but definitely can't read German.

@stevenwinderlich2891 Ай бұрын

@@AwesomeOpenSource i dont think its available in german but i may be able if i got time to translate the document and mail you a link or the file

@mrbro9962 Ай бұрын

Waiting For You, Now you are Here.

@AwesomeOpenSource Ай бұрын

Yay!

@mehdighazanfari5871 Ай бұрын

puppet is agent base . there are benefit to that .

@AwesomeOpenSource Ай бұрын

Haven't had a chance to dig into puppet yet, but it's on my list.

@jaqrab Ай бұрын

An idea for a future video, are there any open source business rule engines that might be added to your MSP series.

@AwesomeOpenSource Ай бұрын

Can you tell me what you mean by "business rules" in this case?

@jaqrab Ай бұрын

@@AwesomeOpenSource A thought I had was imagine integrating for example Zammad, with a Business Rules Engine (BRE) like OpenL Tablets that can streamline and automate various aspects of your service management processes. You'd need a python script to interact between the two systems API's and then create easy to maintain rules around ticket prioritization, assignment and escalations. Other applications could be dynamic pricing of your items for sale, calculating shipping depending on location etc.

@AwesomeOpenSource Ай бұрын

@@jaqrab I’ve never seen anything like that, but I’ll keep my eyes open.

@moumnalmunawy1806 Ай бұрын

It it a good option to clone the system to another machine or should I use clonezilla?

@AwesomeOpenSource Ай бұрын

I would use Clonezilla or Rescuezilla for that.

@noelkelly4354 Ай бұрын

Please, this is 'Part 5' of what serial?

@cephas2009 Ай бұрын

Setting up an MSP

@noelkelly4354 Ай бұрын

@@cephas2009 Thanks. Silly me, looking at playlists with 5 or 4 things in them ;)

@AwesomeOpenSource Ай бұрын

This is part of my Build an MSP on Open Source series.

@CC-rk4zx Ай бұрын

Thanks for the Video. One question: Public SSH key wasn‘t Set up with passphrase. So if a Client got hacked and the Hacker has the public key they could login to the server without anything else, right?

@UliGuenter Ай бұрын

no, the "hacker" needs the private key to establish a key-based ssh-connection. The public key can only validate packets signed with the private-key.

@AwesomeOpenSource Ай бұрын

@UliGuenter has it right. You need the private key in order to connect. The public key is publicly shareable.

@CC-rk4zx Ай бұрын

Got it. Thx

@bugdozer314 Ай бұрын

Public keys "never" have a passphrase, it's the private key that would/should be protected by the passphrase. The public key is not a security concern in any dimension, it's "public". :)