Tricks of the Trades

Ansible - Playbook Concepts (4)

Ansible Logo

Preamble

Playbooks are written in YAML like the configuration files and are the basis for Ansible’s configuration management and en-masse multi-machine deployment.

These are very powerful not only for declaring server configurations but also to orchestrate steps of any manual ordered process, even when the different steps must bounce back and forth between sets of machines in any order, as playbooks can launch tasks synchronously or asynchronously as required.

While it’s suitable to use the /usr/bin/ansible program for ad-hoc commands and tasks. Playbooks are better kept in source control and used to push out larger configurations, or assure the configurations of your remote systems are still in check.

Ansible - Ad Hoc Commands and Modules (3)

Ansible Logo

Preamble

Several ad hoc commands were shown in the previous post but no real detail was given as to what they can fully offer. These ad hoc commands are often cited as being a good starter point for learning what’s possible with Ansible; without having to dive straight into writing a playbook. Most of them incorporate the use of a module into their structure, so this post introduces modules too. Both from the point of view of an ad hoc command, and within the context of a task. Towards the end, the “special” Ansible module types are shown.

Installing and Using UFW (Uncomplicated Firewall)

Firewall Image

Preamble

UFW is a popular and convenient firewall configuration tool originating from Ubuntu distributions. It’s a more accessible way of using the iptables program. Which with some of its complexities can be more cumbersome or confusing for newcomers to learn. In reality UFW works as a wrapper for iptables, so is not a firewall in its own right but the iptables firewall in a simpler form. It serves both IPv4 and IPv6 host-based traffic.

In this post are commands containing options/arguments that contain two words and look like this: comment ssh. These extra parts add a comment to the firewall rules generated. If you are using a version of UFW priot to 0.35 you may have to remove these two extra pieces to avoid errors. Please bear this in mind when you come to using these types of commands later on should you receive errors.

Ansible - Inventory Concepts (2)

Ansible Logo

Preamble

After outlining the initial installation and setup process in Ansible - Installing and Running (1) I’m continuing in this post with a more precise look at how to handle the main hosts file. Specifically how to lay it out and add host variables or group variables to the mix. Dynamic inventory assets and development/production inventory layouts are not covered here and only alluded to or linked to.

Lastly splitting up the variable types and their definitions into their own YAML files is briefly introduced in the final step, and works best for more complex network hierarchies.

Debian 8 (Jessie) VPS Basic Checklist

VPS Image

Preamble

Here are some base guidelines I follow when setting up a new VPS manually without configuration management. These steps if anything make the system more secure overall and provide a good starting point from which you can setup the services/software’s required for the purpose of the VPS.

All of these steps in this post are from the context of a droplet (VPS) hosted by Digital Ocean using the Debian 8.5 x64 kernel images they use as of the above date.