Agent free configuration management

Ansible is a tool that lets you do configuration management tasks. It does not require that software is installed on the machine to be configured, which makes it easy to start with.

Installation

pip install ansible

Problems, agentless you say?

fatal: [158.39.77.210]: FAILED! => {"changed": false, "module_stderr": 
"Shared connection to 158.39.77.210 closed.\r\n", "module_stdout":
 "/bin/sh: 1: /usr/bin/python: not found\r\n", "msg": "MODULE FAILURE", "rc": 127}

Well, Ansible does require Python, and in fact, since Ubuntu 18.04 does not have /usr/bin/pyhon, configuring a server, or playing a playbook failed. An easy hack that seemed to work:

sudo ln /usr/bin/python3 /usr/bin/python

Goal

For a new machine created with openstack. I want to install the following

• Update and upgrade packages
• Install git
• Install nginx
  • enable nginx server
  • put nginx configuration from a template into /etc/nginx/sites-enabled
• Clone a private github repository with the code for the website, then copy the content to the right location

Deploy keys are useful for taking less risk. It lets you have a RSA keypair for a single repository, with read-only access. Since I do not care if anyone reads from this repository, I do not need to use ansible vault to encrypt the private key.

Ansible code

The code for the server setup is here.

Private key in version control warning

Since it has been a problem that people upload their private keys to version control, Github sends me a warning that a private key has been uploaded(to a public repo) corresponding to the repository’s public key. If you really want to remove a key from the git history sometime, BFG to the rescue.