Ansible for fun and profit!
2016-10-08 | #ansible
Let’s face it, maintaining your awesome homelab is exhausting! All those hosts, logins, configurations…blech! It’s enough to make anybody’s head spin. I fully understand why companies and people who do this because they must use configuration management…why can’t we do the same? We can! After poking around the various options (Salt, Puppet, Chef…), I settled on Ansible. Why Ansible?
- It’s pretty lightweight
- It’s open source, written in Python, and maintained by Red Hat. It’s thus pretty hackable.
- Its configurations are written in yaml, which is pretty well-known. You don’t have to learn a DSL just to use it.
- It’s agentless: you don’t have to install an agent on each computer you want to manage. It works over ssh instead. Much less overhead and easier to use (imo). To facilitate this, I wrote a “playbook” (a collection of related tasks in Ansible) to create a local user on machines I wanted to manage and set up passwordless ssh for it.
---
- hosts: all
become: yes
become_method: su
tasks:
- name: install sudo
package: name=sudo state=latest
when: "'debian' in group_names"
- name: create local ansible user for future use
user: name=ansible comment="Ansible User" generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
- name: add user@ansiblehost to ansible's authorized keys
lineinfile: dest=/home/ansible/.ssh/authorized_keys create=yes line="<your user's ssh pubkey>"
- name: give ansible passwordless sudo
lineinfile: dest=/etc/sudoers line="ansible ALL=(ALL) NOPASSWD{{ ':' }} ALL"
when: "'debian' in group_names"
- name: give ansible passwordless sudo on freebsd
lineinfile: dest=/usr/local/etc/sudoers line="ansible ALL=(ALL) NOPASSWD{{ ':' }} ALL"
when: "'freebsd' in group_names"
Then, add your hosts to /etc/ansible/hosts (btw, store this in version control and simlink it in). You can run this playbook with ansible-playbook ansible_user.yml --user=root -k and provide it your password. Substitute root with any user you have that can currently ssh in.