Ansible - Powerful Open Source system management and task automation tooling!

A few considerations. One, if you're using virtualization, build the pubkey into your base image, so you can clone or deploy a new VM and you get the keys being pre-installed for "free". This is scriptable on Proxmox. Two, another benefit to having things (machine configurations, not just actions like "upgrade apt") in Ansible is they are repeatable and idempotent. If there's any question about a configuration, just run Ansible again. Three, put all this Ansible configuration into git and you have a history of your previous settings should reverting to them become interesting. Your git repo becomes your "source", and makes it easy to move between workspaces. Great content as always. Lots to encourage here, well done.

unattainable clarity in the exposition, as always, well done!

Very helpful! I've used Ansible before and it was great. I only did basic stuff with it but I'm planning to add it to my homelab to learn more. Regarding Wazuh, I've been working with it a little lately. Some things are really easy, other things not so much. The basic setup is very easy and it works very well. I'm looking forward to your video on it!

Ansible is a great tool for all you 're computers needs. Not only for the Linux/Unix world. But I use it in our Windows Environment here at work. We update 12 Linux servers, and over 300 Desktop computers and another 15 Windows ..2019 servers. Which Ansible really comes in handy when they ALL (Windows Servers/Desktop computers) need to be rebooted, after an update. Actually, they get rebooted once a month...regardless. They just turn to garbage if they are not rebooted once a month. Linux/Unix machines when a kernel update gets pushed. So once or twice a year.

Here is a tip for you that I stumbled upon, Defguard Wireguard 2fa open source project. Thanks for this video and all the other.

A couple of pointers. When you use Become at the top level, that is saying EVERY playbook task is run elevated. Typically this isnt ideal as "most" tasks do not require elevation. At the individual task level, you can add become to run that specific task elevated. If your playbook requires every task in the playbook to be run elevated, putting it at the top level is sufficient, and you dont need to redundantly add it on the individual tasks. As a best practice, it is also recommended that you use FQDN for the modules you are running for the tasks, it helps with readability and identifying if a playbook that is shared requires additional galaxy roles/collections to be added (you didnt touch on these, but its important). IE: instead of apt, it should be ansible.builtin.apt and so on. You can also set a variable in your inventory to identify either by individual groups of hosts, or the entire inventory of hosts, which SSH key to use, so that you dont need to convolute your playbook run command.

I wish more businesses would use tools like Ansible instead of Microsoft top to bottom....

Passphrases are easy and cheap. If you don't want to type the passphrase in for every use, you have two options. 1) use the ssh-agent, and typically all you really need to do in a usual Linux desktop environment is type "ssh-add" and enter the passphrase, which will add keys to the agent. It'll be available and not requested again for the duration of that logged in desktop session. Note, you can also "give up" the credential when you're done. 2) use control-master in ssh config. This will activate a persistent ssh session (definable), so you don't then need to re-establish connection details. This MAY NOT help you much at all in this ansible case (each connection to a new target host would still require establishing a connection), however, if you have a bunch of playbooks against a small number of hosts, it may be a net win in terms of not typing passwords, and it may also be a net win in terms of time by re-using established sessions were possible. I do both.

Great video! Some feedback. Because ssh keys are so ubiquitous and documentation is literally everywhere, I wish you would have spent those 5 minutes walking through your lxd install. If you are going to skip something to make a video shorter, let it be ssh key pairs. But otherwise, great. Personal preference. Thank you!

If you soend a considerable amount of time configuring your laptop or pc, especially developers that need to setup development environments, ansible is great. I use it to setup my laptop and pc. Ansible can handle differences pretty well. Its something better than a bunch of bash scripts but its also not NixOs. My understanding is that NixOs is more concerned with reproducible buils. Ansible cares more about declarative automation. So ansible is not as flexible but makes automation very easy to understand.

By the way from the man-page off ssh-keygen "The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an Ed25519 key." But I think that is a fairly recent thing. 1 or 2 versions they used the more insecure RSA.

Waiting For You, Now you are Here.

An idea for a future video, are there any open source business rule engines that might be added to your MSP series.

puppet is agent base . there are benefit to that .

It it a good option to clone the system to another machine or should I use clonezilla?

Please, this is 'Part 5' of what serial?

Thanks for the Video. One question: Public SSH key wasn‘t Set up with passphrase. So if a Client got hacked and the Hacker has the public key they could login to the server without anything else, right?