Motivation - HolgerHees/smartserver GitHub Wiki

Why the smartserver project was started

The motivation for this project comes from different experiences.

My smarthome server is based on a very complex setup which was which has developed over a long period of time. With hundred of configuration changes in a lot of different places and many different services. Currently I touched the configuration of more then 40 services or applications. To save my effort I made backups of my server ~ every 6 month. Sometime more, sometimes less frequently. So I had always a time gap where I made changes to my configuration which was not backuped. Also a backup does not help you where you want to start with a completely new installation. Maybe you want to start with a fresh (clean) installation or you want to try a different distribution.

Now I had two crucial moments or situations where I was thinking that I have to change something.

One time was a broken hard drive and my backup was 6 month old. The second one was a unknown security hole in my nextcloud installation with the result that my server was infected with a bitcoin miner malware. Everything which was available from outside was protected with https and a strong password. Except one public url from nextcoud which was necessary for other nextcloud installations for their first contact to e.g. invite users etc. Also here, my backup was almost 6 month old.

However, in the first case, after I reinstalled the backup, I had to remember on all config changes during the last 6 month and that was really a lot. After the second situation where I had to do the same procedure again I decided against it.

I installed a fresh system and documented every single line of change I made on this system in a text file. My hope was to make it easy to reapply these config changes on other installations. Every time I made a backup, I marked the position in my documentation file where I made the backup, to remember after a backup restore which config changes I had to reapply.

This documentation already helps me a lot to get an overview about my changes, but still I had to reapply them manually in the case I have to make a new installation or to restore my backup. I was looking for something easier.

At some time a friend of me, who worked in this moment on some automation processes, told me something about ansible. He installed vagrant and ansible on my laptop, checked out his example project and just called "vagrant up". Minutes later I had a virtual machine running with a lot of services installed by his example project. In this moment I realized that this was exactly I was looking for.

I got four six benefits from it.

  1. I use ansible configurations (roles) as my documentation
  2. I can apply this configurations to any system in a automated way
  3. I can apply it to a staging system, running in a virtual machine, to test any changes before I apply them to my production system
  4. I can apply it to a running system, to check the configuration after a system update
  5. I can apply it to a fresh system installation, also if it is a different distribution.
  6. No need to make backups of my installed system anymore. I must only backup my user data.

During the next weeks I translated my documentation file to individual ansible roles. At the beginning I was testing it only inside a virtual machine. But after I while, when I got the feeling that everything is working fine and stable enough, I tried it on my production system and after some minor fixes everything was working fine.

From now on, I wrote every change I made on my system as a ansible role and I never changed my system directly again. Every additional installed software or upgraded software was now tested in a virtual machine before. This helps me to feel much more relaxed now!

There was only one point left before I dusted myself off. To apply this configuration on new installed production system. I made this step 1 month ago (01.2020) with success when I was changing the system hard drive. I had two options. Either I change the disk uid's in grub and fstab or I take this as a chance to test everything. I chooses the second option.

  • Changing the hardware took ~10 minutes.
  • Installing a new system ~15 minutes.
  • Apply base configuration (network, mount points) ~5 minutes again.
  • Syncing my old data partition with rsync to the new hard drive took ~6 minutes again.
  • Cloning my git repository and installing ansible, 3 minutes.
  • Starting ansible to apply my configuration ~25 minutes.

So, after 54 minutes, I had a complete new installed and configured system and the certainty that I can always reapply it easily again.

After this successful experience I decided to make it more flexible, because in the meantime, my formally mentioned friend decided to use my ansible deployment setup too. This is also the reason why I ported everything to run on almalinux (rhel) instead of suse.