Ansible on Panic! At The Terminal

Docker Instance Upgrades with Ansible

Wed, 16 Jul 2025 18:23:20 +0200

Docker Instance Upgrades with Ansible #

This guide shows how to automate Docker container upgrades using Ansible playbooks instead of manual updates. By automating this process, you ensure consistency, reduce errors, and save time when updating multiple Docker instances across your infrastructure.

Infrastructure Overview #

My homelab includes these Docker-based services:

Nginx Proxy Manager (proxy.home.arpa) - Reverse proxy with SSL
Healthchecks (health.home.arpa) - Monitoring service
Home Assistant (hass.home.arpa) - Home automation platform
Bitwarden (bit.home.arpa) - Password manager

Ansible Playbook Structure #

Host Configuration #

The playbook targets specific hosts with Docker services:

Infrastructure as Code with Ansible Automation Platform

Sun, 13 Jul 2025 15:00:00 +0300

Infrastructure as Code for Ansible Automation Platform Setup #

Introduction #

Setting up Ansible Automation Platform (AAP) manually through the web interface is tedious and highly prone to errors.

I’ve written an Ansible playbook that completely automates the setup of my AAP environment, from credentials and projects to job templates and workflow orchestration. So in case I ever need to rebuild the environment from scratch, all I would need to do is just add the project where that playbook is stored, and add a single template by hand and run it. I’d do it that way because I don’t like running ansible playbooks from the CLI, I always, always use AAP!

SSH Hardening and Automation User Setup with Ansible

Sat, 12 Jul 2025 12:00:00 +0300

SSH Hardening and Automation User Setup with Ansible #

Here’s a little post about how I do SSH hardening for my RHEL9 homelab and how I ensure that the Ansible automation user is properly set. The playbook stems from an incident I had in Red Hat Insights where it was reported that I had an SSH configuration that allowed legacy ciphers. It was also adviced to create a crypto policy that disables weak algorithms.

Automating KVM Backups with Ansible

Sat, 12 Jul 2025 10:00:00 +0300

Automating KVM Homelab Backups with Ansible #

When you’re running a dozen virtual machines in your homelab, manual backups quickly become a nightmare.

In this post, I’ll walk you through my Ansible-based backup strategy for my KVM homelab. It automatically backs up all VMs by shutting them down gracefully, copying their disk images and configurations to a NAS, and bringing them back online.

Backup Strategy #

My backup strategy uses Ansible to orchestrate the entire process:

Automated Network Monitoring: Adding Servers to LibreNMS with Ansible

Mon, 07 Jul 2025 14:00:00 +0300

Automated Network Monitoring: Adding Servers to LibreNMS with Ansible #

Adding servers to LibreNMS by hand is tedious, and should be done by automation. In this post, I’ll show you how I’ve automated the entire process of configuring SNMP and adding servers to LibreNMS using Ansible.

The Workflow #

Basically what the playbook does is:

Install and configure SNMP
Set up necessary firewall rules
Add the server to LibreNMS
Add it to the correct device group.

The Playbook #

Step 1: Installing SNMP Components #

- name: Ensure snmp is installed
  ansible.builtin.dnf:
    name:
      - net-snmp
      - net-snmp-utils
    state: present

The net-snmp package is needed for the SNMP daemon.

Optimizing KVM Virtual Machines with Tuned Profiles

Mon, 07 Jul 2025 12:00:00 +0300

Optimizing KVM Virtual Machines with Tuned Profiles #

The tuned service on Red Hat-based systems provides pre-configured performance profiles that can significantly improve your VM performance with minimal effort.

In this post, I’ll show you how to optimize your KVM VMs using tuned profiles and automate the entire process with Ansible.

The Playbook #

Since I manage dozens of VMs in my homelab, doing this manually would be tedious. Instead, I use this Ansible playbook to apply tuned optimization to all my VMs:

Automating RHEL Server Updates with Ansible

Sat, 05 Jul 2025 16:00:00 +0300

Automating RHEL Server Updates with Ansible #

Introduction #

I hate updating my servers manually so I’ve set up this playbook to run updates. This was probably the first playbook I ever wrote for my home lab, and it’s been running automatically for years now on a weekly schedule every Friday night through AAP (Ansible Automation Platform).

This guide shows you how to automate RHEL (and other yum/dnf based distros like Fedora, CentOS etc.) server updates using Ansible, including proper reboot handling.

Automated KVM VM Provisioning with Ansible and OSBuild on RHEL9

Thu, 03 Jul 2025 14:00:00 +0300

Automated KVM VM Provisioning with Ansible and OSBuild on RHEL9 #

Introduction #

When I started looking into automating my homelab VM provisioning, I was surprised by the lack of examples combining Ansible with OSBuild for KVM environments. Not many tutorials focus on KVM, so I wanted something that used Red Hat’s tooling - as I run a RHEL homelab.

I used to provision my homelab virtual machines by hand and eventually I got tired of doing it since I like to tinker around a lot and constantly add new VMs. So, I decided to automate the process using the combination of Ansible and OSBuild.

How to setup Ansible Vault

Thu, 03 Jul 2025 10:00:00 +0300

How to setup Ansible Vault #

Here’s a little guide on how I setup Ansible Vault for my Ansible playbook repository. It’s surprisingly simple and now all of my secrets are encrypted.

Setting Up Ansible Vault #

1. Create the Directory Structure #

First, create the standard Ansible directory structure for group variables:

mkdir -p group_vars/all

2. Create Your Vault File #

Create a vault file to store your encrypted credentials:

Use ansible-lint with Vault Files

Mon, 30 Jun 2025 18:46:13 +0300

Use ansible-lint with Vault Files #

Why I wrote this post #

I decided to write this post because I struggled to find clear, practical examples of how to make ansible-lint work with Ansible Vault files in CI/CD environments. While searching for solutions, I found a GitHub discussion where someone was asking the exact same question I had.

The official ansible-lint documentation mentions that decrypting Ansible Vault in CI is possible, but frustratingly, it doesn’t provide any actual examples of how to implement it. After some trial and error, I figured out a working solution that I want to share.