Linux Administration for Nerds

Copyright 2018 Brian Davis - CC-BY-NC-SA


There are many configuration management tools for Linux. Puppet and chef are two big ones. I've settled on learning ansible. Ansible is python/yaml based, which are technologies I use in programming all the time. And it's fairly easy to use on an adhoc basis, which is important when managing a handful of machines as opposed to a big server farm.


Before you can configure a computer with ansible it must have the following requirements met.

That's it!

The host machine (the machine you are running ansible scripts from) must satisfy the requirements.


I keep my ansible scripts in a mercurial repository so to setup a new machine I do this:

$ git clone git:// --recursive
$ hg clone [link to my repo]

Running Ansible

$ cd ansible
$ source ./hacking/env-setup

$ cd ../confs
$ echo "" > ~/ansible_hosts
$ export ANSIBLE_INVENTORY=~/ansible_hosts

$ ansible all -m ping --ask-pass

$ ansible all -a "su; echo hello" --ask-pass --ask-become-pass

$ ansible all -a "echo hello" --ask-pass -u brian --become-method=su 

$ ansible-playbook -i "localhost," -c local configure.yaml $@

First Run

Initially debian does not install sudo which is preferred for running ansible.
The follow command and recipe will install it.

$ ansible-playbook -i "," runfirst.yaml --ask-pass --ask-become-pass

- hosts: all
  become: yes
  become_method: su

      - name: install missing base packages
        apt: name={{ item }} state=present update_cache=yes
          - sudo

      - name: password-less sudo
          path: /etc/sudoers
          state: present
          line: 'brian  ALL=NOPASSWD:ALL'
          validate: 'visudo -cf %s'

Next Steps

My other recipes can be run in any order. --ask-pass is still required, until you setup passwordless access, but --ask-become-pass is not.

Here is a snippet of configure.yaml to give you a taste:

- hosts: all
  become: yes
  become_user: root
  become_method: sudo
      - name: install missing base packages
        apt: name={{ item }} state=present update_cache=no
          - vim-nox
          - sudo
          - aptitude
          - zip
          - build-essential
          - module-assistant
          - python-dev
          - mercurial
          - git
          - mp3blaster
          - cmake
          - python-serial
          - python-pip

      - name: create .vim
        file: path=/home/brian/.vim state=directory owner=brian group=brian

      - name: setup vim
          dest: /home/brian/.vim/
          src:  _vim/
          owner: brian
          group: brian

      - name: vimrc
        copy: dest=/home/brian/.vimrc src=_vimrc owner=brian group=brian

      - name: change dir colors
        copy: dest=/home/brian/.dircolors src=_dircolors owner=brian group=brian

      - name: configure fonts
        copy: dest=/home/brian/.fonts.conf src=_fonts.conf owner=brian group=brian

      - name: configure hg
        copy: dest=/home/brian/.hgrc src=_hgrc owner=brian group=brian

      - name: create bin
        copy: dest=/home/brian src=bin owner=brian group=brian mode=0755

      - name: .bashrc EDITOR
        lineinfile: dest=/home/brian/.bashrc line='export EDITOR=vim' regexp='export EDITOR'

      - name: .bashrc PATH
        lineinfile: dest=/home/brian/.bashrc regexp='export PATH' line='export PATH=$PATH:/home/brian/bin'


Watch out for the synchronize module. Sometimes it decides you meant to do an rsync on the localhost only.