This playbook cleans a bootcamper's home directory by removing it entirely, recreating it, and then filling it with the expected bash dot files from /etc/skel and recreating the XDG user's home directories(.i.e folders such as Music, Videos, Pictures, e.t.c).
- Install Ansible
- Clone or download this repository to your local drive
Lets explain the important files this repo houses:
- ansible.cfg
- ansible configuration file. Tells ansible where to find the inventory file, amongst other things.
- inventory
- this is an ini-file listing all the servers we control. All the student iMacs on campus that have the ssh server installed would be listed in this file. It is possible to automate the generation of this file.
- public_keys/
- Houses all the ssh public keys we want to use to connect to the iMacs. The playbook puts all the keys in the authorized_keys file belonging to the user on the iMac(all iMacs have a user with username wtc or wethinkcode_). The public key of the machine from which we will be running ansible should be in this directory.
- playbook.yml
- This is where the ansible tasks are listed. The tasks run in order and if a task fails the next one in sequence is not ran. Each task has a description.
- create_inventory_scripts
- Scripts attempting to get all iMacs on campus that are listening for ssh connections and append them to the inventory file.
Ansible has an option to do a dry run, it will tell you what it would have done if it was actually being ran in full. Not all ansible modules support dry running but this good to test the connection to all servers in the inventory.
ansible-playbook playbook.yml --check --ask-become-pass --ask-pass --extra-vars "user=wtc"--check: This is for a dry-run, remove when ready to run--ask-become-pass: Prompts for the password used to do sudo commands on the remote machine--ask-pass: Prompts for the password to use for ssh-ing to the remote machine--extra-vars: changeuser=wtcto the user you want to run this playbook for on the remote machine
ansible-playbook playbook.yml --ask-become-pass --ask-pass --extra-vars "user=wtc"NOTE: Ansible defaults to using ssh keys for connection to the remote/target server. If you already uploaded your public key to the remote server/target you can remove --ask-pass to connect via your key.
Q: Why completely remove the bootcamper's home directory?
A: This ensures that anything left behind by the previous bootcamper is fully removed, such as browser session files.
Q: Why ansible?
A: It's very simple for non-developers to understand compared to scripting languages. This is because it uses a human-friendly syntax for playbook files called yaml. Ansible is also a very popular tool in the DevOps space so this is also a learning opportunity for anyone interested in DevOps. I also asked the question "Why ansible" to ansible users in their chat room and I got:
...auditability, logging and built in reliability and paralelization make ansible a lot more useful and scalable than just scripts (also ansible can leverage existing scripts to ease transition)