:: Re: [DNG] Ansible on Devuan
Page principale
Supprimer ce message
Répondre à ce message
Auteur: wirelessduck
Date:  
À: Andreas Messer
CC: Dng
Sujet: Re: [DNG] Ansible on Devuan


> On 17 Aug 2023, at 02:58, Andreas Messer <andi@???> wrote:
>
> Hi Tom,
>
> Am Wed, Aug 16, 2023 at 05:54:10PM +1000 schrieb wirelessduck--- via Dng:
>> I would like to know if other people here have any experience running ansible on Devuan?
>>
>> Are there any issues with compatibility?
>
> Using devuan provided ansible packages since a while now to configure some basic
> stuff here: Kerberos, automounts, network config, passdb stuff for some
> hosts. Currently still on chimaera. No issues so far :-) A bit outdated,
> but doesn't matter for my tasks. Daedalus update will bring in newer stuff
> of course.


That’s good to hear. Sounds like it will be a reasonable choice to go with then.

>> Would you suggest using an alternative to ansible instead, eg. puppet/bolt/Chef?
>
> I once played with puppet (+10 years ago) Not much leftovers of it in my brain
> since then. The main difference is: Puppet needs a server which by itself
> needs java. On each machine a client software needs to be run as daemon. In contrast
> to that ansible is run like a oneshot tool using a configuration folder.
> It terminates when done. The tool can either run only locally, thus perform
> changes on the current host or execute the commands on remote hosts via various
> methods (SSH only beeing one of them) If you need periodic updates for ansible
> you will have to explicitly setup a cron job or something like that. In
> principle you can use ansible to configure a host even if it has no
> network, just bring the configuration folder and required packages with
> USB and run from stick. This is not possible with puppet.
>
> ansible is much simpler and less resource consuming. A short try to read
> current puppet documentation left me with more question marks than before
> - could be related to my age anyways.
>
> I love the template system with ansible. Its based on jjina2,
> well documented & flexible.


That is a good thing I guess. Bolt is a newer puppet tool that is also agentless over ssh, but probably best to go with ansible if it has more community support and has been around a bit longer.

> Another thing i thought about once and then was to use self made
> deb packages to configure my hosts. The post/pre install hooks
> could be miss-used to do things, could also easily install
> (config) files just by the default deb mechanism.
> One could think of providing a local repository with such deb packages
> categorized in use cases, sub use cased etc. Having apt to resolve
> dependencies, installing software packages as needed. But I'm too lazy to
> do this at the moment.


Yeah I already have some of these for icinga2-related check scripts so it should be easy to integrate into my existing setup.

>> What is the normal install method here? I can see the debian/Devuan package repository versions are a bit behind (not unexpected), but I can also install latest version from pypi directly with pip or bundle my own deb package with dh-virtualenv.
>
> Just use the apt version. Should work for most cases. You can still
> upgrade to recent pip version later but you have to keep up with
> security updates explicitly then.


I’m still tempted to build my own package as I use Renovate Bot[1] to keep my private packages up to date in a CI/CD pipeline. That takes care of security updates for me.

> cheers,
> Andreas


Thanks for the detailed information.

Tom

[1] https://www.mend.io/renovate/