DebOps delivers easy Ansible automation for Debian-based systems


Secure Repository

The developers maintain the DebOps tools, as well as the corresponding playbooks, on GitHub [8]. The DebOps team initially consisted of just a handful of people, and because they all had some kind of relation to Debian, they were quite open to collaboration with other developers.

The developers were well aware of the need for security: If you want to check your own code into the GitHub directories, you first need to sign it using GPG. Only appropriately signed code can move into the GitHub directory. The project developers closely monitor the GPG keyring in which the keys are listed.

Basically, the creators have copied the workflow that Debian uses for its own packages: With Debian, only developers whose GPG key is included in the Debian keyring are allowed to upload new packages to the official Debian archive. To join up as a Debian developer or as a package maintainer, you need to add your own GPG key to the corresponding keyring.

The reliability of DebOps is thus similar to that of Debian: An attacker who gains access to the GPG key of an approved developer could theoretically cause a large amount of damage on the target systems, but if you rely on Debian or Ubuntu anyway, DebOps does not increase the risk.


DebOps takes a clever approach: After you install a system with the DebOps tools, you can quickly configure it to host a database, web server, or monitoring server. The prefabricated Ansible roles are extremely useful because they save you from the need to invest a large amount of time in writing your own roles.

The fact that DebOps is not totally intuitive spoils some of the fun. Another issue is, if you have never dealt with Ansible, you will need to plow through many pages of documentation to understand DebOps. DebOps provides good start-up support, but it ultimately does not avoid the need for administrators to establish their own Ansible expertise.

If you are looking for fast automation for Debian or Ubuntu, give the DebOps automation system a try.

The Author

Martin Gerhard Loschwitz is a Telekom Public Cloud Architect for T-Systems and primarily works on topics such as OpenStack, Ceph, and Kubernetes.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus