We had an another great meeting with a packed conference room at Taos! Long time member Jim Millard was our featured presenter and took us on a tour of Ansible, a IT management tool which can be used in a number of ways including configurations and applications.
Before we got started, Bryce Meyet of Taos, announced that they are looking for a Linux Engineer with AWS experience, a very high paying position to the right candidate. You can contact Bryce by email at firstname.lastname@example.org or by phone at 208.472.0464
Jim led off his presentation by describing his home environment consisting of 3 servers, couple of laptops (identical), and a handful of Rasberry Pi's, 8 computers in all which he is managing using Ansible. Jim had prepared a slide presentation highlighting the many facets of Ansible starting with its use of an easy one line command structure for tasks, its very secure in that it uses SSH for authentication (OpenSSH), over 90 Command modules. Everything you need to know to configure and use can be found at docs.ansible.com (Documentation) and at the main website: www.ansible.com.
He then went into the openssh-client openssh-server packages used including support for public/private keys (ssh-keygen) which allows you to configure hosts for key based authentication eliminating the need for having passwords for authentication. In the simplest of Ansible deployments, only two configuration files are needed:
Tasks (playbooks) are also defined in a simple file format which Jim showed us a part of his presentation and he showed us his myapt upgrade playbook which ensures that all systems are fully updated. He also showed us another which demonstrated his playbook "checktime" all have the same time. The basic format of the commands are in the form: ansible [group] -m(odule) module_name
As part of the conversation, he also talked about the use of rsa keys of 2048 in length and the difficulty in hackers cracking these keys, almost impossible in the time it would take. Other precautions one can take is by restricting login attempts and the use of fail-to-ban for authentication failure attempts (ssh attacks) which actually creates an iptables rule blocking the source IP address of the attacker. Other tricks that be used include using a non-standard port for ssh as additional security.
Following Jim's presentation, Ed Works talked about the Robotics programs being held on the 3rd Saturday of each month at the Ada County Library. This is a program for 10 and older young people. Ed had brought one of the Ardino based robots "line follower" that the kids actually build at the meetings. Ed is looking for others that might help out with the program at the Ada County Library. More details can be found at boiserobot.tumbler.com. The Ada County Library is located at 5 mile and Victory at they start 11 AM. The kits are sold by Sparkfun and cost about $85. The capability of these inexpensive robots can be extended with add-ons.
Several side conversations concluded the meeting and our next meeting is on August 18th at Taos.