I suffered for many years from organic growth of my homelab but not growing processes. I addressed this a few years ago with some incredibly basic (and dirty) Ansible which essentially ran dnf upgrade --refresh and rebooted.
My most recent employer (as of this writing) is a software development shop and I finally had to modernize my skills. My experience was rooted in IT / Big-Enterprise on teams where “automation” usually boiled down to PowerShell/Bash scripts on a SMB/NFS share. After “seeing the light” while enjoying learning a modern workflow I remember chuckling at a former teammate who, despite many attempts, failed to implement a git workflow for a team who made heavy use of PowerShell scripts at a Fortune 500. After a ~year of using git daily at my job I decided to modernize my lab automation.
The old workflow:
- 1 VM strictly running Ansible
- Playbooks residing in
/opt/(no version control) usingvimto edit over a SSH session - Running playbooks (no roles) as needed
The new, but incomplete workflow:
- GitLab as a git remote; everything version controlled
- Playbooks reworked to use roles, variables, and best practices
- “Better” secrets management (albeit manual/local)
My public repos can be found here: https://git.gnulinux.cc/dmz/ansible. The repos are updated occasionally as I make improvements.
Future iterations will include better secrets management, use of CI to automatically/remotely execute playbooks based on version pin changes, and increased use of Terraform. I may take a step back to address my overall architecture which is Proxmox running 1 Fedora minimal server per application service. It certainly makes backups easy (and I rely on this for application updates via ZFS snapshots) but I do feel bad about my use of Fedora package mirrors (~20 Fedora guests).