[clug] old-school remote sys configuration/management options
Bob Edwards
bob at cs.anu.edu.au
Thu May 7 05:49:14 UTC 2020
Thanks
On 7/5/20 2:30 pm, Hugh Fisher wrote:
> On Thu, May 7, 2020 at 1:07 PM Bob Edwards via linux
> <linux at lists.samba.org> wrote:
> [ munch ]
>> Wondering if anyone else has considered this and if anyone can suggest/
>> recommend any existing frameworks or similar? I am looking for something
>> that can do some/all of:
>
> I recommend Ansible.
Thanks Hugh (and Chris, and others).
I should have taken an actual look at Ansible before posting.
The reason I didn't was largely influenced by:
https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html
- tracked by AusCERT as:
"ESB-2020.1595 - [Debian] ansible: Multiple vulnerabilities"
I was actually keeping my eye out for:
"ESB-2020.1607 - [Debian] salt: Multiple vulnerabilities"
but when I saw the slightly earlier Ansible one (without actually
reading it), I became further convinced that this wasn't the solution...
my bad.
cheers,
Bob Edwards.
>
> To be clear, I'm not saying that Ansible is perfect, not saying it
> does everything,
> not saying that everyone should use it. I do think it is a good fit for what Bob
> wants to do.
>
> The only network link required between controller and managed hosts is ssh,
> which you have already.
>
> The only software that needs to be installed on the managed hosts is Python.
> Which is usually already present, and has other uses besides management,
> so again not difficult or wasteful.
>
> Config is expressed in YAML files, which not everyone likes. But they are
> plain text and stored in the file system, not some kind of database.
>
> Ansible comes with a lot of built-in config commands which work across the
> most popular distros, handling things like "on Fedora you set the timezone
> like this, on Ubuntu like that, ..." So your managed hosts don't have to be
> all the same.
>
> If you need to do something yourself, it's fairly easy to run your own custom
> Python, or custom Bash/whatever, scripts, within configuration.
>
> And you can have your progress reports from an ASCII art cow if you choose.
>
More information about the linux
mailing list