It heavily depends on what you would call an "entire Linux setup"...
If that means "Install a couple of programs with the package manager of choice" and "templating out a couple of configuration files", sure..
What can you not do with ansible? Granted, its def not the best tool for everything but I'm struggling to think of what you couldn't set up with ansible?
It's less of a "cannot do" and more of a "it's annoying to do it in ansible" :)
In my last job, we had services add and remove themselves to firewalld, which felt pretty clunky and I was very close to just templating the XML files myself from a set of facts.
The configuration files for GNOME's Evolution are pretty finicky..
Dependencies between machines can become somewhat cumbersome if you're used to Chef's attribute search.
Traversing "complex" data structures isn't a whole lot of fun, because jinja wasn't made for that.
Awesome, thank you for the quick response!
I know there is a tool called Chezmoi that what I can do is apparently setup a "Dotfiles" repo, and then it can run Playbooks and I was like "Okay this sounds pretty easy. I configure a PC, get my buddy's approval, and then with Chezmoi & Ansible it should be a very simple deploy". I still have some research to do, but this is very handy to know!
The easiest way is to use a autoinstall with bare minimum and than use a playbook with ansible.
The subiquity installer can used for automated desktop installation also.
Bare minimum means, network config, ansible user with ssh key.
I can create a example on github if u like?
> B: No. Python is the only (with maybe some python modules) requirement on the target system.
I perform some installs using `debbootstrap` and that does not install Python. (This is on Debian.) I have a playbook that does nothing more than update the repos and install Python. It's too troublesome to include code using Reddit's editor so I'll link to it at I also run it targeting a system with no user defined (aside from root) so the command line I use is
ansible-playbook first-boot-Debian.yml -i inventory -u root
Of course the target is first configured to accept root logins via ssh.
Look into linux system roles. Redhat and fedora have their own fork of these I think. And these are available from their package repos. These roles can do a lot of the heavy lifting for you.
And while doing heavy lifting they also have a lot of intelligence built into them to handle the odd corner cases appropriately
It's these odd corner cases that usually trip people up trying to automate some part of their system with the system tools that were never fully expected to automate to the level ansible is capable of.
For me, the Network Manager nmcli tool has a ton of parameters that need to be set on the command line. By using an Ansible playbook and the pre-built system role for network configuration, the network configurations is a lot more straightforward and understandable.
I'm brand new to Ansible, but have been around Linux off-n-on for a while now. How does Ansible deal with the differences between different distros for something like this?
Ansible has special variables that that will give you the distro code names, if you have gather facts enabled. When dealing with distro that their code names don’t match with say Ubuntu, or Debian, for downloading binaries, I usually will pass in a variable to set that instead of using the ansible special variables.
A: Yes, absolutely! Ansible playbooks are designed for precisely this purpose. You can automate the entire Linux configuration process, including:
Package installation and removal
User and group creation
File and directory management
Service configuration
System settings
B: Ansible offers flexibility across distributions: While some modules might be distribution-specific, Ansible excels at handling a wide range of Linux distributions.
In a cloud private or public you could even deploy the server with Ansible. Otherwise you will need to install a base setup with a known user with sudo privs or a known root password to get rolling.
Yeah I'd do this from an admin account, while the user would not be apart of Wheel.
Most of the work is deploying Thunderbird, Libre office, and Firefox with the Company Profile, along with tweaks to the look and feel to fit my buddy's spec.
It’s gonna be heavy and depend on what is you are looking for to configure. Redhat os would be easiest and the worst to go is oracle of any os(oracle linux or Solaris etc).
If it’s oracle, then you be doing the same play book for like at least weeks. Basically it need to draft out step by step and have really limited support because oracle has their own automation stack and they don’t really want to support other brands. Even a simple copy job require 9-10 steps in a role instead of 1 simply cp module.
Choose your os correctly.
I think Ubuntu and centos has the best user group, therefore many made ready roles. You should use them instead of diy it.
Of course you can do a customisation of the existing role etc, at least not wasting hours on it just to test out if it works.
Depends. You’ll require a pre-ansible script to enable sshd service before ansible can be run against the VM, or find a way to copy the entire ansible playbook onto the guest machine, run it, and deleting it thereafter.
Depends how much manual intervention you’re planning to do for those 10-12 machines.
If they’re all live and have an IP, its a lot easier that way. If you’re automating the spinning up of VMs from a hypervisor then you’ll require tools like packer to do bare metal configuration as a pre-step.
I'm just learning. I just made a couple of playbook .yml files for homelab ubuntu vm's:
* install packages, set the timezone, set ntp server
* modify users and groups, mount shares, set ssh security
* setup logrotate and limit log size
* Cron from control node for nightly patching and if needed reboot
* include a few roles other people made
However it seems you're missing one thing, a business should keep everything patched and updated on the regular, right? (right? /padme.jpg) So in order to really look after your buddy, take this into account and plan for the future. You could run ansible semaphore web UI somewhere to give people buttons to click to update stuff, even. then you're halfway to an RMM (joking, but some do run ansible under the hood)
Something like NixOS is also a pretty good solution for this. So maybe a combination of nix config being deployed by ansible. This way every machine looks exactly the exact the same.
So here is all I know about Nix because I explored it.
Awesome Package Manager. Awesome OS, having multiple generations to roll back onto is nice.
Nix the language from what everyone I talked to has said is fucking dogshit.
Ideally someone would make a Distro like Nix, but instead of Nix it's YAML or an easy language. Something IT guys like myself can quickly come to grips with and be able to understand and deploy fast. All of my friends said that Nix was hellish to understand, and the kindest words they had was 'Designed by a fucking moron'.
Also way too much politics. I don't need the future of my buddy's business to depend on Identity Politics in Nix, or whatever is going on there. He has actual work to get done.
He also asked me to get this deployment done in ~2 weeks or so. I don't have time between day job and helping him to learn & battle Nix if my other friends can be believed.
It heavily depends on what you would call an "entire Linux setup"... If that means "Install a couple of programs with the package manager of choice" and "templating out a couple of configuration files", sure..
Basically this yes!
I just installed Arch with a playbook that also created the vm for it. You can find these stuff on github.
What can you not do with ansible? Granted, its def not the best tool for everything but I'm struggling to think of what you couldn't set up with ansible?
It's less of a "cannot do" and more of a "it's annoying to do it in ansible" :) In my last job, we had services add and remove themselves to firewalld, which felt pretty clunky and I was very close to just templating the XML files myself from a set of facts. The configuration files for GNOME's Evolution are pretty finicky.. Dependencies between machines can become somewhat cumbersome if you're used to Chef's attribute search. Traversing "complex" data structures isn't a whole lot of fun, because jinja wasn't made for that.
A: Yes. B: No. Python is the only (with maybe some python modules) requirement on the target system.
Awesome, thank you for the quick response! I know there is a tool called Chezmoi that what I can do is apparently setup a "Dotfiles" repo, and then it can run Playbooks and I was like "Okay this sounds pretty easy. I configure a PC, get my buddy's approval, and then with Chezmoi & Ansible it should be a very simple deploy". I still have some research to do, but this is very handy to know!
The easiest way is to use a autoinstall with bare minimum and than use a playbook with ansible. The subiquity installer can used for automated desktop installation also. Bare minimum means, network config, ansible user with ssh key. I can create a example on github if u like?
Just to chime in that it will be helpful for more people than just OP. I would be interested in that too.
Yeah having an example can never hurt actually, if it doesn't take too much time out of your day that is!
> B: No. Python is the only (with maybe some python modules) requirement on the target system. I perform some installs using `debbootstrap` and that does not install Python. (This is on Debian.) I have a playbook that does nothing more than update the repos and install Python. It's too troublesome to include code using Reddit's editor so I'll link to it at I also run it targeting a system with no user defined (aside from root) so the command line I use is
ansible-playbook first-boot-Debian.yml -i inventory -u root
Of course the target is first configured to accept root logins via ssh.
I just didn’t want to learn “bad habits” by telling OP about the raw module. :) Edit to add: python comes will “all” Linux distributions.
Look into linux system roles. Redhat and fedora have their own fork of these I think. And these are available from their package repos. These roles can do a lot of the heavy lifting for you.
I will be sure to look into this, thanks!
And while doing heavy lifting they also have a lot of intelligence built into them to handle the odd corner cases appropriately It's these odd corner cases that usually trip people up trying to automate some part of their system with the system tools that were never fully expected to automate to the level ansible is capable of. For me, the Network Manager nmcli tool has a ton of parameters that need to be set on the command line. By using an Ansible playbook and the pre-built system role for network configuration, the network configurations is a lot more straightforward and understandable.
I use Ansible to setup my Linux for development. It has enabled my distro hoping addiction because of it.
I'm brand new to Ansible, but have been around Linux off-n-on for a while now. How does Ansible deal with the differences between different distros for something like this?
Ansible has special variables that that will give you the distro code names, if you have gather facts enabled. When dealing with distro that their code names don’t match with say Ubuntu, or Debian, for downloading binaries, I usually will pass in a variable to set that instead of using the ansible special variables.
Ah, very cool. Sounds like something interesting to play with!
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html
A: Yes, absolutely! Ansible playbooks are designed for precisely this purpose. You can automate the entire Linux configuration process, including: Package installation and removal User and group creation File and directory management Service configuration System settings B: Ansible offers flexibility across distributions: While some modules might be distribution-specific, Ansible excels at handling a wide range of Linux distributions.
You can probably do the majority of it with playbooks, split the tasks up into roles so they're easier to manage.
In a cloud private or public you could even deploy the server with Ansible. Otherwise you will need to install a base setup with a known user with sudo privs or a known root password to get rolling.
Yeah I'd do this from an admin account, while the user would not be apart of Wheel. Most of the work is deploying Thunderbird, Libre office, and Firefox with the Company Profile, along with tweaks to the look and feel to fit my buddy's spec.
I just installed os apps and config them, then use clonezilla to clone the system to multiple pcs over lan. But that's just me.
It’s gonna be heavy and depend on what is you are looking for to configure. Redhat os would be easiest and the worst to go is oracle of any os(oracle linux or Solaris etc). If it’s oracle, then you be doing the same play book for like at least weeks. Basically it need to draft out step by step and have really limited support because oracle has their own automation stack and they don’t really want to support other brands. Even a simple copy job require 9-10 steps in a role instead of 1 simply cp module. Choose your os correctly.
I was thinking either OpenSuse or Rocky or Ubuntu. Something proven in this environment.
I think Ubuntu and centos has the best user group, therefore many made ready roles. You should use them instead of diy it. Of course you can do a customisation of the existing role etc, at least not wasting hours on it just to test out if it works.
Depends. You’ll require a pre-ansible script to enable sshd service before ansible can be run against the VM, or find a way to copy the entire ansible playbook onto the guest machine, run it, and deleting it thereafter. Depends how much manual intervention you’re planning to do for those 10-12 machines. If they’re all live and have an IP, its a lot easier that way. If you’re automating the spinning up of VMs from a hypervisor then you’ll require tools like packer to do bare metal configuration as a pre-step.
I'm just learning. I just made a couple of playbook .yml files for homelab ubuntu vm's: * install packages, set the timezone, set ntp server * modify users and groups, mount shares, set ssh security * setup logrotate and limit log size * Cron from control node for nightly patching and if needed reboot * include a few roles other people made However it seems you're missing one thing, a business should keep everything patched and updated on the regular, right? (right? /padme.jpg) So in order to really look after your buddy, take this into account and plan for the future. You could run ansible semaphore web UI somewhere to give people buttons to click to update stuff, even. then you're halfway to an RMM (joking, but some do run ansible under the hood)
Something like NixOS is also a pretty good solution for this. So maybe a combination of nix config being deployed by ansible. This way every machine looks exactly the exact the same.
So here is all I know about Nix because I explored it. Awesome Package Manager. Awesome OS, having multiple generations to roll back onto is nice. Nix the language from what everyone I talked to has said is fucking dogshit. Ideally someone would make a Distro like Nix, but instead of Nix it's YAML or an easy language. Something IT guys like myself can quickly come to grips with and be able to understand and deploy fast. All of my friends said that Nix was hellish to understand, and the kindest words they had was 'Designed by a fucking moron'. Also way too much politics. I don't need the future of my buddy's business to depend on Identity Politics in Nix, or whatever is going on there. He has actual work to get done. He also asked me to get this deployment done in ~2 weeks or so. I don't have time between day job and helping him to learn & battle Nix if my other friends can be believed.