Linux Administration for Nerds
Copyright 2018 Brian Davis - CC-BY-NC-SA
Configuration
There are many configuration management tools for Linux. Puppet and chef are two big ones. I've settled on learning ansible. Ansible is python/yaml based, which are technologies I use in programming all the time. And it's fairly easy to use on an adhoc basis, which is important when managing a handful of machines as opposed to a big server farm.
Requirements
Before you can configure a computer with ansible it must have the following requirements met.
- The client must be running SSH.
That's it!
The host machine (the machine you are running ansible scripts from) must satisfy the requirements.
- sshpass
- python
- yaml
Install
I keep my ansible scripts in a mercurial repository so to setup a new machine I do this:
$ git clone git://github.com/ansible/ansible.git --recursive
$ hg clone [link to my repo]
Running Ansible
$ cd ansible
$ source ./hacking/env-setup
$ cd ../confs
$ echo "127.0.0.1:22000" > ~/ansible_hosts
$ export ANSIBLE_INVENTORY=~/ansible_hosts
$ ansible all -m ping --ask-pass
$ ansible all -a "su; echo hello" --ask-pass --ask-become-pass
$ ansible all -a "echo hello" --ask-pass -u brian --become-method=su
--ask-become-pass
$ ansible-playbook -i "localhost," -c local configure.yaml $@
First Run
Initially debian does not install sudo which is preferred for running ansible.
The follow command and recipe will install it.
$ ansible-playbook -i "127.0.0.1:22000," runfirst.yaml --ask-pass --ask-become-pass
---
- hosts: all
become: yes
become_method: su
tasks:
- name: install missing base packages
apt: name={{ item }} state=present update_cache=yes
with_items:
- sudo
- name: password-less sudo
lineinfile:
path: /etc/sudoers
state: present
line: 'brian ALL=NOPASSWD:ALL'
validate: 'visudo -cf %s'
Next Steps
My other recipes can be run in any order. --ask-pass is still required, until you setup passwordless access, but --ask-become-pass is not.
- configure.yaml: basic terminal environment.
- conf_vm.yaml: configuration specific to virtual machines
- conf_gui.yaml: installs i3 with minimal GUI apps
- conf_heavy.yaml: installs kde, libreoffice and other large GUI apps
Here is a snippet of configure.yaml to give you a taste:
---
- hosts: all
become: yes
become_user: root
become_method: sudo
tasks:
- name: install missing base packages
apt: name={{ item }} state=present update_cache=no
with_items:
- vim-nox
- sudo
- aptitude
- zip
- build-essential
- module-assistant
- python-dev
- mercurial
- git
- mp3blaster
- cmake
- python-serial
- python-pip
- name: create .vim
file: path=/home/brian/.vim state=directory owner=brian group=brian
- name: setup vim
copy:
dest: /home/brian/.vim/
src: _vim/
owner: brian
group: brian
- name: vimrc
copy: dest=/home/brian/.vimrc src=_vimrc owner=brian group=brian
- name: change dir colors
copy: dest=/home/brian/.dircolors src=_dircolors owner=brian group=brian
- name: configure fonts
copy: dest=/home/brian/.fonts.conf src=_fonts.conf owner=brian group=brian
- name: configure hg
copy: dest=/home/brian/.hgrc src=_hgrc owner=brian group=brian
- name: create bin
copy: dest=/home/brian src=bin owner=brian group=brian mode=0755
- name: .bashrc EDITOR
lineinfile: dest=/home/brian/.bashrc line='export EDITOR=vim' regexp='export EDITOR'
- name: .bashrc PATH
lineinfile: dest=/home/brian/.bashrc regexp='export PATH' line='export PATH=$PATH:/home/brian/bin'
WARNINGS
Watch out for the synchronize module. Sometimes it decides you meant to do an rsync on the localhost only.