A few days ago a cronjob did not finish. After some digging through the log files I found out it was killed by the kernel because the server ran out of memory.
I did not want to upgrade to a plan with more memory for this VPS, because the current amount of memory is more than enough for normal operation. So I decided to add a swap file for this server. I found a good explanation on how to do this in this DigitalOcean article.
However, if you are looking to quickly add a swap file yourself without reading the complete article, here are the commands I used to create a swap file of 4 gigabyte for my Ubuntu 14.04 VPS:
sudo fallocate -l 4G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile echo "/swapfile none swap sw 0 0" | sudo tee /etc/fstab -a sudo sysctl vm.swappiness=10 echo "vm.swappiness=10" | sudo tee /etc/sysctl.conf -a sudo sysctl vm.vfs_cache_pressure=50 echo "vm.vfs_cache_pressure=50" | sudo tee /etc/sysctl.conf -a
If you want to create a swap file of some other size you should change the call to
fallocate in the first line. For more details on the other commands in the example above you should read the DigitalOcean article, it explains them all quite well.
Over time the number of VPS’s I manage has increased. Until recently I logged in manually to each server to update the software. But with the increasing number of VPS’s this started to get tedious. So I decided to look into a way to automate this, and I decided to use Ansible. In this post I will share my current setup. I will assume you are somewhat familiar with Ansible, but if you are not you can take a look at this tutorial on serversforhackers.com to learn more about Ansible. If you rather have a video tutorial they also have you covered, in that case you can take a look at this free series.
Because all my servers run Ubuntu 14.04 I can update them all with the same commands, which makes things easy because I can simply use a single playbook to do just that. Because it seemed likely that somebody else had already tackled this problem before I turned to Google to look for a playbook, and I found this post by Chao Huang. In his posts he describes an Ansible playbook that updates all the software on Debian/Ubuntu based systems and also reboots the server after updating if this is necessary. So that’s what I use:
# Upgrade Debian/Ubuntu based systems and reboot if necessary. --- - hosts: remote_user: sudo: yes tasks: - name: Check if there are packages available to be installed/upgraded command: /usr/lib/update-notifier/apt-check --package-names register: packages - name: Upgrade all packages to the latest version apt: update_cache=yes upgrade=dist when: packages.stderr != "" - name: Check if a reboot is required register: file stat: path=/var/run/reboot-required get_md5=no - name: Reboot the server command: /sbin/reboot when: file.stat.exists == true
On all my servers I use the same user to login, but this user does have to use
sudo to run some of the commands in the playbook above. My servers are also configured so that a user has to provide a password to use
sudo. So I needed a way to provide this password to Ansible. However, because I am not that familiar with Ansible this turned out to be more difficult than I expected, mostly because I did not want to store the sudo passwords in cleartext. But after some experimenting I figured out an approach that works quite well. In my current setup I use host variables to specify the sudo password for each of my servers, and I use Ansible Vault to encrypt the passwords.
If you want to specify host variables for the host
example.com you can create the file
/etc/ansible/host_vars/example.com.yml and add your variables to it. These variables will then be used for that host in any playbook you run. So in my setup I create a host variables file for each of my servers and specify the sudo password in it:
To encrypt these files with Ansible Vault you have to create them with the following command:
ansible-vault create /etc/ansible/host_vars/example.com.yml
This command will ask you for a password, make sure you use the same password for all your host variables files. You need to use the same password for all host variables files, because you can specify only one Ansible Vault password when running playbooks.
With sudo passwords specified for all my servers I can now update them all with a single command:
ansible-playbook playbook.yml --ask-vault-pass
If you have any suggestions or questions just leave a comment below.