Ansible playbook for making your Ubuntu server practically maintain itself ๐
Use server to get these lovely features:
- โฑ unattended package upgrades โ relax, we got your security patches
- ๐ one-command OS distribution upgrades - 16.04 โ 18.04 โ โฆ
- ๐ Jupyter notebook (optional) โ analyse all the things
- ๐ enable swap (optional) โ for when something obvious just isn't there
The playbook should generally work on Debian / Ubuntu servers, but it is mainly used with the latest Ubuntu LTS server release.
To run the playbook, install Ansible locally. An easy way to install it if you have Python locally is to run:
pip3 install ansible
Prepare your hosts file by adding your servers and prepare the config.yml file where you can optionally change the global defaults:
cp hosts.example hosts
cp config.yml.example config.yml
Make sure:
-
you can ssh into the added servers using only your ssh public key (no password) first. You can push your public key to the server using:
ssh-copy-id user@host
-
the user you ssh as into the servers is on the sudoers list
There are additional settings in group_vars/servers which can be overriden for all the servers. Also, you can override settings for individual servers if you create a file in the host_vars folder (filename must match the server alias from the hosts file).
Test that you can access the servers:
ansible -m ping all
Finally to run the playbooks execute:
ansible-playbook server.yml
Or if you can't remember the command, run:
./server.sh
There are a number of playbook components that are not deployed or run by default.
Since upgrading your OS distribution task can take quite some time, it is available as a separate playbook that you run as:
ansible-playbook upgrade.yml
Note that depending on what packages you have installed, you might have to ssh to the server once the process completes to finish some manual steps (mostly choosing what to do with config files that were edited).
To install the optional Jupyter notebook either enable it in group_vars/servers or create an individual server's config file in host_vars/server-alias ( matching a server alias from your hosts file). Example config:
---
install_notebook: True
notebook_password: 'sha1:d88452b18fd9:735e6a786d17709a131198f0c0edf217eadc55bf'
If you don't set the password (you should!) the default is donthackme. Once you run the server.yml playbook, Jupyter notebook should be running on port 8888.
You can use the default password to connect to the notebook and generate a new password hash from within a notebook if you haven't already:
In [1]: from notebook.auth import passwd
In [2]: passwd()
Enter password:
Verify password:
Out[2]: 'sha1:d88452b18fd9:735e6a786d17709a131198f0c0edf217eadc55bf'
You then set this hash in your host file and rerun the playbook. More info on generating the password and optionally setting up a TLS certificate in the documentation.
Similar to the notebook, override the enable_swap
setting in the server's
config file.