Uses for ansible | Stephen Irons

Jun 14, 2023 ∞

Uses for ansible

Ansible seems like a useful tool to manage remote servers. Some things it might be useful for

regular OS updates
```
  sudo apt update
  sudo apt upgrade
  sudo apt autoremove
  sudo reboot now
```
But there are a few problems to solve
- Some packages are ‘held back’; install them anyway.
- Something pops up a warning about ‘Recommending reboot’; ignore, because we do reboot
- Something pops up a warning about ‘Restaring services’; ignore, because we do a reboot.
- Sometimes, a configuration file has changed (by hand or by a script), and needs merging with a new version from the upgrade. There is no automatic way to handle this. In future, use the common ‘conf.d’ structure to override defaults, rather than editing the main configuration file.
ssh host- and user-certificate management, including
- installing CA host-key signing certificates and CA user-key signing certificates
- installing configuration snippets to use the certificates
- regular certificate updates to ensure that they remain valid
  
  It is fairly easy to write ansible playbooks to do this. On the other hand, it is also relatively easy to write ansible playbooks that retrieve all authorized_key files from each host and scan them for keys they should be remove.