Difference between revisions of "DebOps"
(Created page with "The [https://docs.debops.org/en/master/ DebOps] project is installed ([https://github.com/debops/debops/ src on GitHub]) on greg-desk as a controller using Ansible from source...") |
(add byline) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | == Intro == | ||
+ | <blockquote> | ||
+ | Hello, DebOps author here. I thought that I'd write an overview of the project here for new or interested users. | ||
+ | |||
+ | On a basic level, DebOps is a set of Ansible roles and playbooks that manage different services and applications on Debian / Ubuntu hosts. The project was originally designed to manage a data center, but it works fine with a single host as well. | ||
+ | |||
+ | I'm using and have been actively developing it for the last 6 years at a medical university where I'm a full time sysadmin, managing 135 virtual machines spread across 17 on-premise servers. But others who are using DebOps are using it on the cloud while hosting it on Digital Ocean, Hetzner, AWS and other cloud hosting providers. Supported operating systems include Debian, Ubuntu, Raspbian or Devuan. | ||
+ | |||
+ | DebOps has over 160+ Ansible roles and playbooks to set everything you need from the ground up. This ranges from lower level services such as your host's firewall to fully fledged applications like GitLab and Nextcloud. | ||
+ | |||
+ | You'll have all the tools you need to set up common web applications written in various runtimes such as Python, Ruby, Node, PHP, Go and many others. But DebOps isn't limited to just web applications running on a single server. You can set up an entire cluster of servers running any workload you want and it's all secured over TLS. Or if you prefer a Docker / LXC environment, there are feature-rich Docker and LXC roles to set up a server to run your containerized applications. | ||
+ | |||
+ | All of the above services are defined as self-contained Ansible roles that can be used as is or you can mix and match any of DebOps' roles with your own custom roles and playbooks. To help get you started in a new server environment, DebOps comes equipped with a common playbook that has a set of roles that are commonly used on all hosts managed by the project, including user management, basic services like NTP, OpenSSH, locale configuration, firewall, and so on. | ||
+ | |||
+ | If you want to start using it, check out the quick start[1] and getting started guides[2]. The quick start has instructions for getting up and running quickly with Docker[3] or Vagrant. The getting started guide gives you step by step instructions on how to configure your DebOps managed environment. | ||
+ | |||
+ | If you have any questions, write a comment here or drop by IRC on Freenode in the #debops channel. | ||
+ | |||
+ | [1]: https://docs.debops.org/en/master/introduction/quick-start.html <br /> | ||
+ | [2]: https://docs.debops.org/en/master/introduction/getting-started.html <br /> | ||
+ | [3]: docker run -it --rm debops/debops | ||
+ | </blockquote> | ||
+ | <div style="float:right;">From Hacker News https://news.ycombinator.com/item?id=20821039 ~drybjed</div> | ||
+ | |||
+ | == Local == | ||
The [https://docs.debops.org/en/master/ DebOps] project is installed ([https://github.com/debops/debops/ src on GitHub]) on greg-desk as a controller using Ansible from source in ~/bin/ansible | The [https://docs.debops.org/en/master/ DebOps] project is installed ([https://github.com/debops/debops/ src on GitHub]) on greg-desk as a controller using Ansible from source in ~/bin/ansible | ||
− | We're developing a DebOps for MediaWiki like the [https://github.com/carlalexander/debops-wordpress DebOps for WordPress project] | + | We're developing a DebOps for MediaWiki like the [https://github.com/carlalexander/debops-wordpress DebOps for WordPress project] There are a lot of [https://docs.debops.org/en/latest/ansible/roles/index.html roles included] in the DebOps project. My project is to compose a solution similar to Meza, but using MediaWikiFarm as the farm system. |
+ | |||
+ | == Notes == | ||
+ | I created inventories in <tt>biz/ops/prod</tt> for creating a GitLab environment. Meanwhile, the 'monorepo' (the DebOps code itself) is stored in <tt>~/.local/share/debops/debops/</tt> You'll want to run <tt>debops-update</tt> on a (daily) regular basis. | ||
− | I created | + | I created a [https://docs.debops.org/en/latest/user-guide/project-directories.html project directory] ~/src/qb3 where I also installed DebOps. The monorepo installed in the debops/ subdirectory of a given DebOps project directory will take precedence over the one installed globally in ~/.local/share/debops/debops/ or included in the Python package. <ref>https://docs.debops.org/en/latest/user-guide/install.html</ref> |
+ | To [https://docs.debops.org/en/latest/ansible/roles/debops.bootstrap/getting-started.html bootstrap] my first host, I ran <tt>debops bootstrap -u root --limit labs</tt>, but it would fail on <tt>'/usr/bin/python: not found'</tt> <ref>https://github.com/debops/debops/issues/1002</ref>. By specifying that the remote host should use python3, it succeeded. | ||
+ | |||
+ | <source lang=ini> | ||
+ | [all:vars] | ||
+ | ansible_python_interpreter='/usr/bin/env python3' | ||
+ | |||
+ | |||
+ | [debops_all_hosts] | ||
+ | # greg-desk ansible_connection=local | ||
+ | labs ansible_ssh_host=labs.qualitybox.us | ||
+ | </source> | ||
+ | |||
+ | Next, I ran the common playbook with <tt>debops common -u root --limit labs</tt>, but that failed trying to download some secrets (error message below). Re-running the command succeeded. Common includes apt_install <ref>https://docs.debops.org/en/latest/ansible/roles/debops.apt_install/getting-started.html#example-playbook</ref>, so all my packages were installed via common. | ||
+ | |||
+ | |||
+ | |||
+ | <pre> | ||
+ | TASK [debops.pki : Download private realm contents by host] ************************************************************************************************ | ||
+ | An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option | ||
+ | failed: [labs] (item={u'default_subdomains': [u'labs', u'*.labs', u'_wildcard_'], u'name': u'domain', u'acme': False}) => {"changed": false, "item": {"acme": false, "default_subdomains": ["labs", "*.labs", "_wildcard_"], "name": "domain"}, "msg": "Could not find or access '/home/greg/src/qb3/ansible/inventory/../secret/pki/realms/by-host/labs.qualitybox.us/domain/private/' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"} | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | === Included Playbooks === | ||
+ | When you initialize your DebOps project folder, you end up with debops > ansible > playbooks which contains all the DebOps playbooks. So, you can run <tt>debops service/pki -l labs</tt> from the cli to run the PKI role without even having to create your own playbook. | ||
+ | |||
+ | |||
+ | === Apache === | ||
+ | These are the modules enabled by default. Notice that there is no rewrite; so we'll have to set some variables. | ||
+ | <pre> | ||
+ | root@labs:~# apache2ctl -M | ||
+ | Loaded Modules: | ||
+ | core_module (static) | ||
+ | so_module (static) | ||
+ | watchdog_module (static) | ||
+ | http_module (static) | ||
+ | log_config_module (static) | ||
+ | logio_module (static) | ||
+ | version_module (static) | ||
+ | unixd_module (static) | ||
+ | access_compat_module (shared) | ||
+ | alias_module (shared) | ||
+ | auth_basic_module (shared) | ||
+ | authn_core_module (shared) | ||
+ | authn_file_module (shared) | ||
+ | authz_core_module (shared) | ||
+ | authz_host_module (shared) | ||
+ | authz_user_module (shared) | ||
+ | autoindex_module (shared) | ||
+ | deflate_module (shared) | ||
+ | dir_module (shared) | ||
+ | env_module (shared) | ||
+ | filter_module (shared) | ||
+ | headers_module (shared) | ||
+ | mime_module (shared) | ||
+ | mpm_event_module (shared) | ||
+ | negotiation_module (shared) | ||
+ | reqtimeout_module (shared) | ||
+ | setenvif_module (shared) | ||
+ | socache_shmcb_module (shared) | ||
+ | </pre> | ||
== Resources == | == Resources == | ||
+ | * [https://github.com/debops/debops-playbooks/blob/master/playbooks/common.yml The Common playbook] | ||
+ | * [https://lists.debops.org/pipermail/debops-users/2018-November/thread.html Mailing List] | ||
+ | * [https://github.com/debops/debops/issues issue queue] | ||
− | + | {{References}} | |
[[Category:QualityBox]] | [[Category:QualityBox]] |
Latest revision as of 20:50, 28 August 2019
Intro[edit | edit source]
Hello, DebOps author here. I thought that I'd write an overview of the project here for new or interested users.
On a basic level, DebOps is a set of Ansible roles and playbooks that manage different services and applications on Debian / Ubuntu hosts. The project was originally designed to manage a data center, but it works fine with a single host as well.
I'm using and have been actively developing it for the last 6 years at a medical university where I'm a full time sysadmin, managing 135 virtual machines spread across 17 on-premise servers. But others who are using DebOps are using it on the cloud while hosting it on Digital Ocean, Hetzner, AWS and other cloud hosting providers. Supported operating systems include Debian, Ubuntu, Raspbian or Devuan.
DebOps has over 160+ Ansible roles and playbooks to set everything you need from the ground up. This ranges from lower level services such as your host's firewall to fully fledged applications like GitLab and Nextcloud.
You'll have all the tools you need to set up common web applications written in various runtimes such as Python, Ruby, Node, PHP, Go and many others. But DebOps isn't limited to just web applications running on a single server. You can set up an entire cluster of servers running any workload you want and it's all secured over TLS. Or if you prefer a Docker / LXC environment, there are feature-rich Docker and LXC roles to set up a server to run your containerized applications.
All of the above services are defined as self-contained Ansible roles that can be used as is or you can mix and match any of DebOps' roles with your own custom roles and playbooks. To help get you started in a new server environment, DebOps comes equipped with a common playbook that has a set of roles that are commonly used on all hosts managed by the project, including user management, basic services like NTP, OpenSSH, locale configuration, firewall, and so on.
If you want to start using it, check out the quick start[1] and getting started guides[2]. The quick start has instructions for getting up and running quickly with Docker[3] or Vagrant. The getting started guide gives you step by step instructions on how to configure your DebOps managed environment.
If you have any questions, write a comment here or drop by IRC on Freenode in the #debops channel.
[1]: https://docs.debops.org/en/master/introduction/quick-start.html
[2]: https://docs.debops.org/en/master/introduction/getting-started.html
[3]: docker run -it --rm debops/debops
Local[edit | edit source]
The DebOps project is installed (src on GitHub) on greg-desk as a controller using Ansible from source in ~/bin/ansible
We're developing a DebOps for MediaWiki like the DebOps for WordPress project There are a lot of roles included in the DebOps project. My project is to compose a solution similar to Meza, but using MediaWikiFarm as the farm system.
Notes[edit | edit source]
I created inventories in biz/ops/prod for creating a GitLab environment. Meanwhile, the 'monorepo' (the DebOps code itself) is stored in ~/.local/share/debops/debops/ You'll want to run debops-update on a (daily) regular basis.
I created a project directory ~/src/qb3 where I also installed DebOps. The monorepo installed in the debops/ subdirectory of a given DebOps project directory will take precedence over the one installed globally in ~/.local/share/debops/debops/ or included in the Python package. [1]
To bootstrap my first host, I ran debops bootstrap -u root --limit labs, but it would fail on '/usr/bin/python: not found' [2]. By specifying that the remote host should use python3, it succeeded.
[all:vars]
ansible_python_interpreter='/usr/bin/env python3'
[debops_all_hosts]
# greg-desk ansible_connection=local
labs ansible_ssh_host=labs.qualitybox.us
Next, I ran the common playbook with debops common -u root --limit labs, but that failed trying to download some secrets (error message below). Re-running the command succeeded. Common includes apt_install [3], so all my packages were installed via common.
TASK [debops.pki : Download private realm contents by host] ************************************************************************************************ An exception occurred during task execution. To see the full traceback, use -vvv. The error was: If you are using a module and expect the file to exist on the remote, see the remote_src option failed: [labs] (item={u'default_subdomains': [u'labs', u'*.labs', u'_wildcard_'], u'name': u'domain', u'acme': False}) => {"changed": false, "item": {"acme": false, "default_subdomains": ["labs", "*.labs", "_wildcard_"], "name": "domain"}, "msg": "Could not find or access '/home/greg/src/qb3/ansible/inventory/../secret/pki/realms/by-host/labs.qualitybox.us/domain/private/' on the Ansible Controller.\nIf you are using a module and expect the file to exist on the remote, see the remote_src option"}
Included Playbooks[edit | edit source]
When you initialize your DebOps project folder, you end up with debops > ansible > playbooks which contains all the DebOps playbooks. So, you can run debops service/pki -l labs from the cli to run the PKI role without even having to create your own playbook.
Apache[edit | edit source]
These are the modules enabled by default. Notice that there is no rewrite; so we'll have to set some variables.
root@labs:~# apache2ctl -M Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared) alias_module (shared) auth_basic_module (shared) authn_core_module (shared) authn_file_module (shared) authz_core_module (shared) authz_host_module (shared) authz_user_module (shared) autoindex_module (shared) deflate_module (shared) dir_module (shared) env_module (shared) filter_module (shared) headers_module (shared) mime_module (shared) mpm_event_module (shared) negotiation_module (shared) reqtimeout_module (shared) setenvif_module (shared) socache_shmcb_module (shared)