Ansible Playbook - How do I reverse engineer a running system?
-
@Cyber If you have some old wiki notes on how the system was setup originallythen it night be easier to ignore the current system and translate the wiki instructions into ansible. Still manual, but easier than reverse engineering. Another thing you can look at is bash history. Apart from backing up/cloning the system before you start I would also get a copy of the bash history for the various users and add it to a wiki or issue too. It will be useful.
Yeah... notes... they started about 50% of the way through building the system.
Now, my notes are great, but some of these devices are ~10 years old.
But, yep, I totally agree, notes are a damn good thing to have.
Not thought about bash history though, interesting point, but I think that only goes back a short duration?
-
@Cyber Yeah it's gonna be pretty manual as others have mentioned. Some areas to look at:
- Filesystem provisioning, mounts, etc.
- Packages
- Users, groups
- Time zone, locale language, time format etc.
- /etc/
- /root/ and /home/
- SSH settings
- Services
- Cron jobs/systemd timersThere is a bit of overlap between some of those categories. Some bits are going to see more or less use on VMs vs physical. And remember that in ansible there are built in modules for a lot of functionality.
Hadn't thought about all the locale, etc.... good point, thanks
-
I would copy the existing system onto a new system:
- Update system to the latest packages
- Create a new base system using the same distro
- Check which packages are not on the new system, add them to your playbook
- Install packages on new system
- This will take some time. Run a find of all files and pass them to md5sum or sha512sum to get a list of files with their checksum. Compare the list from the old system to the new system.
- Update your playbook with these findings. Template is probably the way to go, Lineinfile might be good as well, use copy if nothimg else works.
- Check firewall settings and update your playbook.
Anyhow this will take some iterations, but while you have a copy of your ‘production’ system, you can test on your ‘test’ machine until you have the same functionality.
oh the find with the hash sum is good advice! I would have done this but manually, maybe with the double commander sync dirs tool.
but also, for configs this might be the best time to move your custom config to ordered dropin files for all things that support it.
-
I have a few VMs and PMs around the house that I'd setup over time and I'd now like to rebuild some, not to mention just simplify the whole lot.
How the hell do I get from a working system to an equivalent ansible playbook without many (MANY) iterations of trial & error - and potentially destroying the running system??
Ducking around didn't really show much so I'm either missing a concept / keyword, or, no-one does this.
Pointers?
TIA
I went through this about 6 months ago.
Just build playbooks from basic to specific. I did so in three parts:
- Container creation
- Basic settings common to all my hosts
- Specific service config & software
Ansible assumes you have a hierarchy of roles to apply for each service, so layering playbooks this way should help
