On Sun, Nov 21, 2021 at 10:09:32PM +1300, Ross Younger via users wrote:
> I always meant to get my head around Ansible (or Chef, or Puppet) for my VPS
> based on recommendations on this very list. Sadly I have not yet got round
> to it, and I suddenly find I have a need for something of this ilk at work.
Ansible user here, SSH+Python is all that is required for it work.
> My use case is a single Linux instance, on-prem. (No fleet, no cloud, no VMs
> or containers planned.) It's to provide internal services for an office
> network: DHCP, DDNS, maybe NAS, maybe print accounting, maybe
> firewall/router/IDS, maybe apt cache or other proxies.
>
> I think what I want is infrastructure-as-code:
You are thinking absolutely right. I used to do old-school hand editing config
files directly on boxes myself. That all changed 10 years ago when I finally got
a chance to use an internally developed tool very similar to ansible. All
configuration changes was committed to a repo before being pushed out.
>
> * Config files (/etc) under revision control with convenient automated
> backup
> * All superuser actions are fully logged and replayable (fire drill:
> complete reimage from scratch)
> * Nobody gets direct sudo access, but I can give out admin access via the
> config management tool.
>
> I've had root shells for about 25 years now but I'm new to thinking deeply
> about IaC. I would be grateful for feedback:
>
> - is what I think I want reasonable and achievable? (what are the gotchas?)
> - am I on the right track by looking at Ansible/Chef/Puppet and do any of
> them particularly suit my use case? Are the paid-for versions worth paying
> for?
> - is there a useful noobs guide?
You should be fine using one of Ansible/Chef/Puppet, no need to blow up money
for commercial tools.
Even though you are managing just a single machine, believe me using a config
management tool will save you a lot of hassles. I have had to do your "fire
drill" quiet a few times and config management saved me all those times. I use
subversion (SVN) since I am the only one managing the stuff. I would use Git if
I was part of a team.
HTH.
Kind regards,
Didar
>
> Thanks
>
> Ross
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
--
All constants are variables.
