Using Ansible to Bootstrap My Work Environment Part 3

Datetime:2016-08-22 22:23:32          Topic: Git  Bootstrap           Share

In myprevious post I dove into crouton specific role items. These were just little bits unique to a Chromebook chroot environment. The bulk of items I can automate with ansible are common to any linux install I might do. I’m focused on Ubuntu for desktop work but given the way ansible works, I can customize this to use with any distribution perhaps segregating an OS-distribution specific role down the road. For now, the vast majority of items are wrapped up in ~/source/ansible-mystuff/roles/common/tasks/main.yml

This is a larger file so let me break it down a bit

- name: install git
  become: yes
  apt:
    name: git
    state: present

- name: send ssh id
  copy:
    src: /home/sharney/.ssh/id_rsa
    dest: /home/sharney/.ssh/id_rsa
    mode: 0600

- name: git configfiles
  become: no
  copy: src= dest=
  with_items:
     - { src: 'dot_gitignore', dest: '/home/sharney/.gitignore' }
     - { src: 'dot_gitignore', dest: '/home/sharney/.gitignore' }
     - { src: 'dot_git', dest: '/home/sharney/.git' }

- name: bitbucket  key to known_hosts
  known_hosts:
    key: "{{ lookup('pipe', 'ssh-keyscan -t rsa bitbucket.org')}}" 
    name: bitbucket.org
    state: present

This is the sequential start of everything. git drives so much of this so it’s installed before any other packages. I also have ssh keys which here are just copied but they in fact reside in a private git repository.

The next item uses Ansible’s with_items looping capability to copy some additional git configuration files which will become relevant momentarily. The last item grabs bitbucket.org’s public ssh key piping the STDOUT from ssh-keyscan so I can hit my bitbucket private ‘configfiles’ repo over ssh using the previously imported ssh keys and ssh configuration files:

- name: do configfiles repo
  become: no
  script: /home/sharney/source/ansible-mystuff/configfiles_setup.sh  creates=/home/sharney/configfiles/.configfiles_done

- name: ssh id permissions fix 
  become: no
  file: path=/home/sharney/.ssh/id_rsa mode=0600

Setting up the private configuration files is a bit more involved than a typical git clone so I have a script that I can use to take care of it:

#!/bin/sh

# do the bits to setup configflies repo
if [ ! -d $HOME/configfiles ]; then
    mkdir $HOME/configfiles 
    cd $HOME
    git clone --no-checkout git@bitbucket.org:scott_harney/configfiles.git
    git reset --hard origin/master
fi


if [ ! -e $HOME/Dropbox/.tmux.conf ]; then 
    ln -s $HOME/Dropbox/.tmux.conf
fi
if [ ! -e $HOME/Dropbox/.dir_colors ]; then
    ln -s $HOME/Dropbox/.dir_colors
fi

touch $HOME/configfiles/.configfiles_done

This is straight from the digital ocean article describing how to create and use a git repo for private configuration files. I’ve used this for a while to selectively manage my $HOME dot config files. The .git , .gitconfig , and .gitignore files copied in the earlier Ansible play are set up per that article for managing the configfiles repo. I selectively add files to the repo in my $HOME .

The two Dropbox links are files that I originally managed via symlinks from dropbox but ultimately found it was better to manage with git. I just left the links in place so this is a vestige of an earlier approach I tried for managing configuration file data. I could probably fix it with a git mv to put the files in their right place but this is fine. Even if I’m not using Dropbox on a utility host I deploy, it’s not hurting anything.

The next items grab a github ssh key as well, which will be handy for some public repos I clone and then loop over a list of the apt dpkg items I like to have installed.

- name: github key to known_hosts
  known_hosts:
    key: "{{ lookup('pipe', 'ssh-keyscan -t rsa github.com') }}"
    name: github.com
    state: present
    
- name: install packages for emacs and more
  action: apt pkg={{ item }} state=installed install_recommends=yes
  become: yes
  with_items:
    - emacs24
    - emacs24-el
    - pandoc
    - tmux
    - zsh
    - ispell
    - vpnc
    - fonts-hack-ttf
    - ruby
    - ruby-aws-sdk
    - python-pip
    - python-pip-whl
    - virtualenv
    - curl
    - openjdk-8-jre
    - fonts-crosextra-caladea
    - fonts-crosextra-carlito # substituion fonts for ms office. probably need a GUI role

One thing I note here is that there are some packages that are really only relevant in a GUI context. On on an EC2 instance they don’t take up much space and I typically will have the x11 libraries present so I don’t really have that much GUI dependency driven bloat.

As you can see I use emacs but in reality you’ll see below I layer over that with spacemacs . I have the vpnc package I use for Cisco compatible IPSEC VPNs. I have some aws related libraries and python items for python2 support in Xenial. The last two fonts are useful on a full blown linux install where I am using LibreOffice and editing Word docs. They are google produced metric equivalents for Microsoft’s proprietary Calibri and Calisto fonts. I substitute them within LibreOffice as described in this Debian Wiki article

The Java item is kind of annoying as it’s required for s3_website which I use to push this statically generated website to s3. That’s another separate git repo and associated dependencies that I’ll probably break out into another role at some point.

- name: python pip install items
  become: yes
  pip: name={{ item }} state=present
  with_items:
    - powerline-status
    - awscli
    - saws

- name: aws sdk v1 for ruby for awscli
  become: yes
  gem: name=aws-sdk-v1 state=present

These just some python pip and ruby items related to managing AWS. I like the saws enhancement for the standard aws cli. The powerline-status item is related to tmux

- name: check for spacemacs already imported
  stat: path=/home/sharney/.emacs.d/spacemacs.mk
  register: spacemacs_import

- name: mv .emacs.d out of the way for spacemacs if spacemacs not yet deployed
  command: mv /home/sharney/.emacs.d /tmp
  when: spacemacs_import.stat.exists == False

- name: spacemacs
  git: repo=https://github.com/syl20bnr/spacemacs dest=/home/sharney/.emacs.d 
  when: spacemacs_import.stat.exists == False

- name: for spacemacs org-protocol-capture-html
  git: repo=https://github.com/alphapapa/org-protocol-capture-html.git dest=/home/sharney/source/org-protocol-capture-html

- name: fix .emacs.d/private via source copy
  copy: src=/home/sharney/.emacs.d/private/private dest=/home/sharney/.emacs.d/private
  when: spacemacs_import.stat.exists == False
  # note: relying on the fact that the host running ansible has checked out private git repo

This is for spacemacs which I really like. Spacemacs is most often picked up by vi/vim users who want to use the power and extensibility of Emacs but with the vi/vim keymap and modal method of operation they are used to.

I was a heavy user of Emacs for a number of years until I took a job as a Solaris Unix admin. You’d spend a lot of time in single user mode or on servers configured for production use so you didn’t have Emacs installed but typically always had vi. Emacs tramp mode for remote access doesn’t help when you’re on a serial console in single user mode. So I got very comfortable with vi. Eventually, though, I discovered Spacemacs which adds a vi like personality and a whole lot of other features and really like it. It allowed me to rediscover Emacs’ org-mode which I use for nearly all of my note taking and documentation.

- name: gen en_US.UTF-8 locale
  become: yes
  locale_gen: name=en_US.UTF-8 state=present

- name: set default locale to en_US.UTF-8
  become: yes
  command: /usr/sbin/update-locale LANG=en_US.UTF-8

- name: symlink for dir_colors
  file: src=/home/sharney/Dropbox/.dir_colors path=/home/sharney/.dir_colors state=link

- name: symlink for .tmux.conf
  file: src=/home/sharney/Dropbox/.tmux.conf path=/home/sharney/.tmux.conf state=link

Here I set the locale so I have a proper timezone. I also set up the symlinks for the two config files that I previously held in Dropbox. Since Ansible is idempotent , repeating this pair of plays that was called in the earlier crouton playbook (actually within a script) is fine.

- name: copy vpnc config
  become: yes
  copy:
    src: vpnc
    dest: /etc
    owner: root
    group: yes
    mode: 0700

This recursively copies from roles/common/files/vpnc to /etc/vpnc so my vpn client configurations are passed through.

- name: git clone scottharney.com
  git: repo=git@bitbucket.org:scott_harney/scottharney.com.git dest=/home/sharney/scottharney.com

This is also for this website and as I noted earlier probably needs to be split into its own role since s3_website has it’s own requirements and dependencies along with all thejekyll components. Not every host I need a utility config on would need this particular repo and set of tools

- name: install ohmyzsh via git
  git: repo=https://github.com/robbyrussell/oh-my-zsh.git  dest=/home/sharney/.oh-my-zsh depth=1 

- name: fix .zshrc
  copy: src=/home/sharney/.zshrc dest=/home/sharney/.zshrc

This is the last bit of customization for zsh. It copies oh-my-zsh and then copies over my theme. The .zshrc is in my configuration files repo but the zsh install overwrites it. This is equivalent to doing a git checkout ~/.zshrc to reset it.

So those are the common configuration bits. Bootstrapping an AWS EC2 instance and deploying it involves several more steps. That’s covered inpart 4





About List