New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What tools do you use to provision vps servers?
I only have about 10 servers but provisioning is already beginning to annoy me.
What started out as several commands now contains 230 lines of instructions and steps and list is growing.
What do you guys do to provision random vps servers? do I use terraform/ansible for this?
do you have examples for racknerd/greencloud?
Comments
Terraform for provisioning infrastructure, I.e the machines themselves. Ansible for provisioning the stack on top of the machines
which infrastructure? are we talking about bare kvm?
Some vps providers have things similar to Stackscripts (e.g. Linode) that can running during provision. I am not pretty sure how it works, but store you commands in a bash file, download and run it during startup might work or you can create a new image from snapshot after you run your commands maybe.
Yeah, I imagine most lowend providers don't support it. But it's common to use terraform to create the virtual machines, load balancers etc. You can view the supported providers here https://registry.terraform.io/browse/providers Maybe some lowend providers have an api but I don't know about that.
To answer your question directly. Yes provision bare kvm machines etc
Bash scripts, working amaazing.
Plus, for the mesh vpn, its roughtly 60s to fully interlink.
My process is:
(1) login and wget a brief setup script that puts my ansible .pub in root's authorized_keys. This is only necessary so ansible can run. Of course, if the provider's panel supports this, I can skip this step.
(2) ansible does everything else: installs packages, modifies /etc files, sets up things I want, vimrc and bash_profile, etc.
I wish more panels had the option to run a script after provisioning (or cloud-init).
For ansible, you can go very far with just these modules: copy, file, template, and apt/yum. Of course, lots more are useful, too.
I have a Makefile built around virsh. I have a few different VPS subnets with firewall rules for public facing, internal only, NAT to public internet, etc and just edit the Makefile to set the last octet of the IP address and if I want to change memory/disk size/CPUs (but usually every VM is 2GB RAM, 2GB disk, 2 cores). Then my command is just "make hostname.type" and it's ready in about 15s.
At one point, it did pull the IP address from the name, e.g. "make test-15.dev" but found it easier to store it in the Makefile so I didn't forget what I last used.
Thank you for sharing! Just curious -> would u be willing to share your example "wget setup script" and ansible playbook? Im really thinking I would love to follow the same strategy.
If you're using cloud-init, you can just put your ssh keys in the config file and it'll get set up for you.
if I understand the cloud-init concept correctly -> the provider has to support it or I would have to be on dedicated servers or something. which I am not.
do racknerd or greencloud support cloud-init? I've just pocked around the admin console and didn't find anything like that.
Just confirmed with racknerd that they dont currently offer cloud-init but are migrating to SolusVM V2 in several months which will have it.
Aaaah, sorry I missed that. I got confused because you mentioned having a lot of servers and then talked about provisioning vps servers, so I assumed you meant VMs you created on a dedi. Yeah, most control panels don't let you edit the cloud-init directly.
Although FWIW, I also configure my VPS nodes the same way and use nested virt so that all my nodes are configured the same, and all the wireguard and firewall stuff is outside that on the provided VPS. I prefer this as if one of my VMs got compromised, there's not much an attacker could do on it.
sounds involved. are you doing this for your homelab or this is how you are doing this for work?
At home I have several micros (because of electricity) metal servers -> I'm trying to keep it simple as this is only for my dev environment so I just provision these manually and don't bother with vms and then just run docker for everything.
and then in the cloud -> yeah it's just like a dozen of VPS'es as my demands have not grown to the point of justifying dedicated servers yet lol
If you can get your SSH key added to the VPS, you can skip the wgetting. But practically speaking, your provider has to support this through cloud-init or their panel.
Essentially my method is:
login to new server
wget (could also git, or copy/paste since it's so simple) setup script, which looks like this. This is for Debian.
And then run some ansible playbooks. I should stress that I am an Ansible neanderthal. There are wizards out there who can do amazing things with it, but for me it's just a dumb list of tasks to do. here are some relevant examples.
I'm sure pasting this will break the oh-so-sensitive yaml.
--- - name: my user account user: createhome=yes name=XXXX shell=/bin/bash state=present update_password=on_create comment="XXX" password="the hash" - name: root's .ssh file: path=/root/.ssh state=directory owner=root group=0 mode=0700 - name: root's authorized_keys copy: src=/ansible/src/common/root/.ssh/authorized_keys dest=/root/.ssh/authorized_keys owner=root group=0 mode=0600 - name: hostname hostname: name={{ ansible_host }} - name: /etc/hostname template: src=/ansible/src/debian/etc/hostname.j2 dest=/etc/hostname owner=root group=0 mode=0644 - name: /etc/mailname template: src=/ansible/src/debian/etc/mailname.j2 dest=/etc/mailname owner=root group=0 mode=0644 - name: locale generation locale_gen: name=en_US.UTF-8 state=present - name: apt-get update apt: update_cache=yes - name: upgrade apt: upgrade=dist - name: apt packages - examples apt: name=bzip2,dialog,dnsutils,gpg,git,lzop,spiped,uuid,whois state=latest - name: Set timezone to America/Los_Angeles timezone: name: America/Los_Angeles - name: cron enable service: name=cron enabled=yes state=restarted - name: ntp enable service: name=ntp enabled=yes state=restarted - name: /etc/profile mods - example blockinfile: path: /etc/profile block: | alias ll='ls -al' set -o vi - name: dist /etc/vim/vimrc.local copy: src=/ansible/src/debian/etc/vimrc.local dest=/etc/vim/vimrc.local owner=root group=root mode=0644 force=yes - name: dist /etc/issue copy: src=/ansible/src/common/etc/issue dest=/etc/issue owner=root group=0 mode=0644 - name: sshd_config copy: src=/ansible/src/debian/etc/sshd_config dest=/etc/ssh/sshd_config owner=root group=root mode=0600 force=yes - name: sshd restart service: name=sshd enabled=yes state=restarted - name: restart rsyslog service: name=rsyslog state=restarted enabled=yes - name: MAILTO in cron cron: name=MAILTO env=yes [email protected]These are just examples from my "Debian base" playbook. Other playbooks would setup nginx, postgres, mariadb, etc. as appropriate.
So really, it's running some commands and copying a bunch of files into place, including some light templating (the .j2 files). For example, hostname.j2 is just:
# cat /ansible/src/debian/etc/hostname.j2 {{ ansible_host }}And yeah, I do create directories off root, sometimes symlinked. Do it all the time. I also put my personal preferences for bash, vim, etc. in /etc instead of in root's dot files. I also login as root and do most things as root and a lot of the time I don't even install sudo much less use it. I am a bad man.
I guarantee all of this is suboptimal and could be done better but it's lowend and it works.
Somewhere in-between. For work, but it's my own company.