Brew Ansible

Ansible Role: Homebrew. Installs Homebrew on MacOS, and configures packages, taps, and cask apps according to supplied variables. If you prefer to manually update packages via brew commands, leave this set to false. Ansible is a universal language, unraveling the mystery of how work gets done. Turn tough tasks into repeatable playbooks. Roll out enterprise-wide protocols with the push of a button. How Ansible works. Crush complexity. Generate an Ansible Vault Password. On my mac I run: 1. Brew install pwgen. Brew install gpg. Brew install gpg-agent. This gets me my tools! Ok, so now I need to generate my pgp key. Doing this I just accepted all the defaults. Now I generate a password for the vault. Generate an Ansible Vault Password. On my mac I run: 1. Brew install pwgen. Brew install gpg. Brew install gpg-agent. This gets me my tools! Ok, so now I need. Linuxbrew ansible lint. Language English. Linuxbrew ansible lint Addeddate 2021-04-07 15:38:52 Identifier linuxbrew-ansible-lint Scanner Internet Archive Python library 1.9.4. Plus-circle Add Review. Uploaded by Brew.sh on April 7, 2021. SIMILAR ITEMS (based on metadata).

I was blown away last night at our Ansible PDX meetup by a great presentation by Andrew Lorente about how to track secrets with your applications. Andrew gave a method of how to do this that I wanted to write down so I know how to do it. Andrew has his own blog here where he wrote about the solution. I wanted to go over it a little more in details cause I want to make sure it sticks in my head! (bonus: I also learned about the pbcopy command on Mac last night!) The other thing is since I didn’t have any of this on my machine it helps someone get started who hasn’t done anything with GPG yet.

His technique involves some pretty simple tools:

GPG / GPG-Agent

1. Generate an Ansible Vault Password

On my mac I run:

</div><table><tbody><tr><td><div><div>2</div><div>4</div><div>6</div><div>8</div><div>10</div></div></td><td><div><div><span>You </span><span>did </span><span>not</span><span>specify</span><span>a</span><span>user </span><span>ID</span><span>.</span><span>(</span><span>you </span><span>may </span><span>use</span><span>'-r'</span><span>)</span></div><div><span>Current </span><span>recipients</span><span>:</span></div><div><span>Enter </span><span>the </span><span>user </span><span>ID</span><span>.</span><span>End</span><span>with </span><span>an </span><span>empty </span><span>line</span><span>:</span><span>vallard</span></div><div><span>Current </span><span>recipients</span><span>:</span></div><div><span>2048R</span><span>/</span><span>BDF6142D</span><span>2015</span><span>-</span><span>02</span><span>-</span><span>27</span><span>'Vallard Benincosa <vallard@benincosa.com>'</span></div><div><span>Enter </span><span>the </span><span>user </span><span>ID</span><span>.</span><span>End</span><span>with </span><span>an </span><span>empty </span><span>line</span><span>:</span></div></div></td></tr></tbody></table><p>Now that I have that I follow Andrew’s instructions and create a file called open_the_vault.sh with the contents being:</p><div><textarea wrap='soft' readonly='>#!/bin/sh gpg --batch --use-agent --decrypt vault_passphrase.gpg

2	gpg--batch--use-agent--decrypt vault_passphrase.gpg

Then make sure I can run this file as an executable

Add this to my ansible.cfg file

</div><table><tbody><tr><td><div><div>2</div><div>4</div><div>6</div><div>8</div></div></td><td><div><div><span>if</span><span>test</span><span>-</span><span>f</span><span>'$envfile'</span><span>&&</span><span>kill</span><span>-</span><span>0</span><span>$</span><span>(</span><span>grep </span><span>GPG_AGENT</span><span>_</span>INFO<span>'$envfile'</span><span>|</span><span>cut</span><span>-</span><span>d</span><span>:</span><span>-</span><span>f</span><span>2</span><span>)</span><span>2</span><span>></span><span>/</span><span>dev</span><span>/</span><span>null</span><span>;</span><span>then</span></div><div><span>else</span></div><div><span>eval</span><span>'$(gpg-agent --daemon --log-file=~/.gpg/gpg.log --write-env-file '</span><span>$</span><span>envfile</span><span>')'</span></div><div><span>export </span><span>GPG_AGENT_INFO</span><span># the env file does not contain the export statement</span></div></div></td></tr></tbody></table><p>Append to ~/.bashrc</p><div><textarea wrap='soft' readonly='>GPG_AGENT=$(which gpg-agent) GPG_TTY=`tty` export GPG_TTY if [ -f ${GPG_AGENT} ]; then . ~/.bash_gpg fi

GPG_TTY=`tty`

.~/.bash_gpg

Create ~/.gnupg/gpg-agent.conf

<p>Now obviously, if you look at the history of this project I’m working on, you’ll see the old unencrypted file, but that’s ok, I’ve changed the passwords now so its super secure! From now on though, no more simple passwords and I’ll be using these methods to encrypt.</p><h3>4. Sharing Keys</h3><p>Obviously this solution works great for one developer, but what if we have more developers? They will also need to be able to run the key. To do this, we just need to encrypt the file with all of our users. We now decrypt the vault_passphrase.gpg with our open_the_vault.sh command. We then get the output of our passphrase.</p><p>Now, we encrypt it again with all of our users. The new user will need to share his key with you so that you can encrypt it.</p><div><textarea wrap='soft' readonly='>cat unencypted_passphrase | gpg -e -o vault_passphrase.gpg

cat unencypted_passphrase|gpg-e-ovault_passphrase.gpg

Test that it works by trying to edit the file

Homebrew Cask Install

<h2>Brew Ansible Configuration File</h2><p>I was a little shocked, but once I thought about it for a few minutes, I realized that their choice was perfectly sane and rational given what they knew about CM tools.</p><h5>Example:</h5><p>Aaron Patterson (a top Ruby on Rails contributor) demonstrated this problem perfectly:</p><p>He's a top programmer in the community and even he struggles with this.</p><h4>Complexity & Cost</h4><p>For them, using a CM tool meant weeks of effort learning complex concepts, struggling with a complex installation process, and maintaining that complex system over time. They were somewhat aware of the benefits, but the costs of using a CM tool just seemed too high to make it worth the effort.</p><p>MichaelBooth captures the sentiment well in his Hacker News comment:</p><p>As a veteran user of Puppet I'm a firm believer in using a tool like Puppet, but Puppet-and-Chef are overdesigned for small jobs (and, arguably, for most other jobs as well) so actually recommending them to a beginner has always felt like this:</p><p><strong>A:</strong> 'I just set up a cloud instance by running some shell commands by hand.'</p><p><strong>B:</strong> 'You shouldn't do that, because of X and Y and Z. You should learn Puppet or Chef.'</p><p><strong>A:</strong> 'Wait... did you just tell me to go spend thirty hours banging my head against solid objects, in exchange for nebulous benefits that I can't even perceive yet?'</p><p><strong>B:</strong> 'Why, yes, I believe I did!'</p><p>Fortunately, there are new CM tools on the scene that are keenly focused on simplicity and a smooth user experience. One of the simplest and most powerful is Ansible.</p><h4>Why it Matters</h4><p>Most engineers would laugh at a company that had zero tests and didn't version control or even backup their code. But that's exactly what many companies do with their systems.</p><p>And these businesses often don't realize the astronomical risks and costs of this neglect.</p><p>Your server systems are the underlying foundation of your application. They are basically the 'app' that your app code runs on. As such, your systems should be version controlled and tested. There are many other benefits of course like speed, scalability, lower costs, etc, but I won't go into them all here.</p><p>At a recent client job, the former system administrator set up all of their servers manually and left ZERO documentation. I had to spend a few weeks divining what he did and try to capture everything into a CM tool (Chef in this case). Not one week after I finished doing that, one of their key servers inexplicably failed. Fortunately, I had done the work needed and they were able to bring up a replacement within minutes. Had that work not been done, the company would have been severly crippled and might have even died due to the days of downtime that would have been inevitable.</p><p>That's just a tiny example. The cost savings for a business are huge when the team uses a CM tool. When it takes a couple minutes to bring up a new server instead of hours/days/weeks, that's a huge savings (assuming your engineers cost greater than $0/hour).</p><h4>Fight!</h4><p>Ansible has brought the learning curve down so far that it can actually be EASIER to use Ansible than to do a manual install or a shell script.</p><p>The high cost of using a CM tool is now gone and you also get all the benefits of configuration management and remote execution.</p><p>Hopefully this will convince folks who are still on the fence to start using a CM tool like Ansible for more awesome systems.</p><h4>Scenario</h4><p>The great guys over at Phusion recently released an APT repository for their Passenger web/application server.</p><p>I've been looking for a good real-world example in order to compare Manual Installs vs Shell Scripts vs Ansible and this scenario seemed ideal.</p><h4>Demonstration</h4><p>I'm going to briefly show you setting up Phusion Passenger with a Manual Install, then create a Shell Script, then show how to do it in Ansible. The server I'm using is Ubuntu 13.04 (Raring Ringtail) with the <code>software-properties-common</code> package installed for some supporting utilities.</p><h3>Manual Install</h3><h3>Shell Script</h3><p>Assuming that's in <code>passenger.sh</code>, then run:</p><h3>Ansible</h3><p>Assuming that's in <code>passenger.yml</code>, then run:</p><h4>Some Differences</h4><p>You may notice that I copied over the nginx config file for Ansible rather than just modifying the file directly on the server like I did for the manual install and shell script. Initially I looked into editing the file with Ansible's <code>lineinfile</code> module, but it just felt <em>so wrong</em>. That's another nice thing about Ansible, it encourages better practices. So, I decided to save the nginx config file locally so I could track it in version control and copy it over instead.</p><p>You'll also notice that I start the comments for Ansible with 'Ensure'. That is because Ansible will not only do the initial installation, but can also be run again and again to 'ensure' that the system is in the desired state. Ansible can perform the function of not only setting up your systems, but also testing them for correctness.</p><p>By contrast, a shell script can be very dangerous to run more than once unless you're extremely careful and know exactly what every line does. For example, what will those <code>gpg</code> commands do if I run them again? I have no idea. I could invest time to see if they are safe to run multiple times, <strong>or</strong> I could just use Ansible.</p><p><strong>Note:</strong> The Ansible script can be improved. I kept it simple so it was easy to see how it correlated to the shell script. However, there are several things I could have done to make it better.</p><p>I could have added <code>enabled=yes</code> to the nginx service. That would have set the service to start automatically if the server is rebooted.</p><p>I could have combined the installation of the <code>nginx-full</code> and <code>passenger</code> packages by using <code>with_items</code>.</p><p>I could have set a handler to <code>notify</code> nginx to restart whenever <code>nginx.conf</code>is updated.</p><h3>The Winner</h3><ul><li>Which method is most likely to end up in source control?</li><li>Which method can be run multiple times safely with confidence?</li><li>Which method can easily be run against multiple servers?</li><li>Which method actually verifies (tests) your server for correctness?</li><li>Which method can target certain servers easily (web, db, etc)?</li><li>Which method supports easily templating your configuration files?</li><li>Which method will grow to easily support your whole stack?</li></ul><p>I didn't cover some of these topics, but the answer to all of these is: <strong>Ansible</strong>.</p><p>Not only can you start using it right away for trivial scripts like this, but it also gives you a ton of power that you can use later for free.</p><h3>Getting Started</h3><p>To keep this article brief, I'm skipping over a lot of important things. However, here are some helpful tips to get started...</p><p>If you're on OSX and have Homebrew installed, then you can install Ansible like this:</p><p><strong>Note:</strong> Ansible is written in Python, but if you're not a Python programmer - don't worry! You never have to touch Python unless you really really want to. The Ansible scripts that you work with are written in the very simple YAML format. Not using Ansible because it's written in Python is like not using Linux because it's written in C.</p><p>To install Ansible on other systems, see the official Installation docs.</p><p>For setting up connectivity to your servers, see my post-install instructions.</p><p><strong>Note:</strong> Unlike other CM tools, Ansible doesn't need to have a client agent installed on your individual servers, so that's one less step you need to worry about.</p><h3>Migrating</h3><p>If you already have shell scripts for setting up your systems, you can easily start switching over by calling them via Ansible:</p><p>Then you can start extracting the shell script commands into Ansible and then remove the shell script altogether. That will give you a nice iterative path to migrating.</p><p>You can similarly do this with individual shell commands:</p><p>Then you can go back and convert them to Ansible. That previous command would turn into:</p><p>Use Ansible's modules documentation to help you through the migration process.</p><p><strong>Note:</strong> For both the <code>script</code> and <code>shell</code>modules, you can use the <code>creates</code> parameter in order to tell the script or shell command not to run if a certain file already exists on the server. That way you can set Ansible up to ensure that the script or shell command isn't run more than once if it shouldn't be.</p><h3>Excelsior!</h3><p>Hopefully this will convince you (or some friend you'll send this to), to move over to a more awesome way of managing your systems. They are the foundation of your app and should be treated with love too.</p><p>If you're now interested in Ansible, then be sure to sign up for our new Ansible Weekly newsletter (warning to cow afficianodos: there's a potentially disturbing image of a Borg Cow on that page).</p><h2>Brew Ansible Module</h2><small><i>Original: 23 Sep 2013</i></small><br><br><a href='https://netlify.mix-goapp.com/versions-for-mac-tutorial.html#zGNxCaqM=BgIUQFtSXlRbTQMEVlEFUVlQUV5PVxFdRxgFW0AIB1oHH1MDCRgHHUlKWFYUAF0dWFkFTVEZTwweAVQHAk1QGlAfB1wVYWQdCAkEAUgPVUJZUQAfTVQTSBwfEFBLFRYTUVJHAVln' target='_blank'><img src='https://cdn-ak.f.st-hatena.com/images/fotolife/r/ruriatunifoefec/20200910/20200910011337.png' style='cursor:pointer;display:block;margin-left:auto;margin-right:auto;'></a><br><br></p>
			</div>
	<footer class="entry-meta">
		
			</footer>
</article>
				<nav role="navigation" id="nav-below" class="site-navigation post-navigation">
		<h1 class="assistive-text">Post navigation</h1>
	
		<div class="nav-previous"><a href='/human-pulse'>Human Pulse</a></div>		<div class="nav-next"><a href='/logitech-g-hub-compatibility'>Logitech G Hub Compatibility</a></div>
	
	</nav>
	
			
		
		</div>
	</div>
<div id="secondary" class="updateable widget-area" role="complementary">
		<aside id="search-3" class="widget widget_search">	<form method="get" id="searchform" action="#" role="search">
		<label for="s" class="assistive-text">Search</label>
		<input type="text" class="field" name="s" value="" id="s" placeholder="Search …" />
		<input type="submit" class="submit" name="submit" id="searchsubmit" value="Search" />
	</form>
</aside>		<aside id="recent-posts-5" class="widget widget_recent_entries">		<h1 class="widget-title">MOST POPULAR ARTICLES</h1>		<ul>
					<li><a href='/fashion-designer-drawing-dresses'>: Fashion Designer Drawing Dresses</a></li>
<li><a href='/wooster-pro-2-inch-paint-brush'>: Wooster Pro 2 Inch Paint Brush</a></li>
<li><a href='/unhandled-exception-phpstorm'>: Unhandled Exception Phpstorm</a></li>
<li><a href='/jensen-twitter'>: Jensen Twitter</a></li>
<li><a href='/calculating-moles-with-avogadros-number'>: Calculating Moles With Avogadro's Number</a></li>
<li><a href='/avast-cleanup-app'>: Avast Cleanup App</a></li>
<li><a href='/todoist-ms-teams'>: Todoist Ms Teams</a></li>
<li><a href='/wps-pdf-to-word-converter-free-download-full-version'>: Wps Pdf To Word Converter Free Download Full Version</a></li>
<li><a href='/affinity-photo-2'>: Affinity Photo 2</a></li>
				</ul>
		</aside>		</div>

	</div>
	<footer id="colophon" class="site-footer" role="contentinfo">
		<div class="site-info">
			 
<a href="Wingblog394">Wingblog394</a>
		</div>
	</footer>
</div>
</body>
</html>