My eventual goal is to create ansible scripts to automatically create, run, stop, and tear down cloud machines.
However, first, I had to standardise my existing OpenBSD configurations. That standardisation will be the basis for my intended cloud machines.
Unsurprisingly, my standardisation and management scripts reflect the way I set things up. Given I work in isolation, I can’t recommend copying anything: the chances are high that I’ve missed some good tricks, and, no doubt, done some rather silly things.
The scheduled scripts are:
- daily.yml, which runs nightly, backs up machine configurations. I also run BackupPC under Centos to back the full machines up, but find independently collected and held copies of the configurations very useful.
- monthly.yml, which runs monthly maintenance tasks (mostly cycling certain SSL certificates).
The as–and–when scripts:
- common.yml, the script to run to maintain systems, doing the common stuff. I expect, at some point, I’ll produce a version of this script to run regularly.
- facts.yml, which reports ansible facts.
- passwd.yml, which updates account passwords.
- patch.yml, which applies OpenBSD patches. I plan to add this to my daily script, once I’ve gained confidence that OpenBSD patches never break things (they’ve not done so yet, but life’s a bitch, etc.).
- ping.yml, which checks that ansible can see a target machine.
- reset.yml, which replaces and redistributes all certificates, including all SSL certs.