Automation, Orchestration & Scripting

Script Basics

First line (shebang): #!/bin/bash
Make executable: chmod +x script.sh
Run: ./script.sh or bash script.sh
Exit codes: 0=success, non-zero=failure
$? = last command exit code
exit 0 (success), exit 1 (error)
set -e (exit on any error), set -x (debug/trace mode)

Variables

Declare: NAME="Alice" (no spaces around =)
Use: echo $NAME or echo ${NAME}
Command substitution: DATE=$(date +%Y%m%d)
Read-only: readonly VAR=value
Unset: unset VAR
Special: $0=script name, $1 $2=positional args, $#=arg count, $@=all args, $$=script PID, $!=last background PID

if / elif / else

if [ condition ]; then ... elif [ condition ]; then ... else ... fi

Test operators:

• -f file — file exists
• -d dir — directory exists
• -z "$VAR" — string empty
• -n "$VAR" — string not empty
• "$A" == "$B" — string equal
• $A -eq $B — numeric equal
• $A -gt $B — greater than
• $A -lt $B — less than

Use [[ ]] for enhanced tests (regex, no word splitting)

case Statement

case $VAR in pattern1) ... ;; pattern2) ... ;; *) ... ;; esac

Good for multiple choices:

case $OS in
  "ubuntu") apt install nginx ;;
  "rhel")   dnf install nginx ;;
  *)        echo "Unknown"   ;;
esac

Cleaner than multiple if/elif for string matching.

for Loop

for i in 1 2 3; do echo $i; done
Range: for i in {1..10}; do ...; done
C-style: for ((i=0; i<10; i++)); do ...; done
Over files: for f in /var/log/*.log; do tail -n 5 "$f"; done
Over array: for item in "${ARRAY[@]}"; do ...; done

while Loop

while [ condition ]; do ... done
Read file line by line:

while IFS= read -r line; do
  echo "$line"
done < file.txt

Infinite loop: while true; do ... sleep 60; done
break (exit loop), continue (skip to next iteration)

Functions

function backup() { ... } or backup() { ... }
Call: backup
Args: $1, $2 inside function
Return value: return 0 (exit code only)
Pass strings via echo: result=$(get_value)
Local vars: local var=value

grep / egrep

grep "pattern" file — search
-i case-insensitive, -r recursive, -v invert/exclude
-c count matches, -l files with matches, -n line numbers
egrep or grep -E for extended regex
grep -P for Perl regex

grep "^Error" /var/log/app.log

sed (stream editor)

sed 's/old/new/g' file — substitute globally
sed -i 's/old/new/g' file — in-place edit
sed -n '5,10p' file — print lines 5–10
sed '/pattern/d' file — delete matching lines
sed '3a\new line' file — insert after line 3

sed 's/[0-9]\+/NUM/g'

awk

awk '{print $1}' file — print field 1
awk -F: '{print $1}' /etc/passwd — delimiter :
awk '/pattern/ {print}' file — filter lines
awk '{sum+=$3} END {print sum}' file — sum column
awk 'NR==5' file — print line 5
awk 'NF>0' file — skip blank lines

Python Virtual Environments

python3 -m venv myenv — create virtual environment
source myenv/bin/activate — activate (Linux/Mac)
deactivate — exit
pip install requests — install package in venv
pip freeze > requirements.txt — export deps
pip install -r requirements.txt — install from file
Isolates project dependencies from system Python.

Python Data Types

str ("hello"), int (42), float (3.14), bool (True/False)

Collections:

• list — ordered, mutable: [1,2,3]
• tuple — ordered, immutable: (1,2,3)
• dict — key-value: {"key": "val"}
• set — unique, unordered: {1,2,3}

Type check: type(var)
Convert: int("42"), str(42), list(range(5))

Python os and sys Modules

import os:

• os.listdir('/path')
• os.path.exists('/file')
• os.path.join('dir', 'file')
• os.getcwd()
• os.environ['HOME']
• os.makedirs('/new/dir', exist_ok=True)
• os.rename('old', 'new')

import sys: sys.argv (args), sys.exit(1), sys.platform

Python File I/O

with open('file.txt', 'r') as f:
    content = f.read()

for line in f:
    print(line.strip())

with open('out.txt', 'w') as f:
    f.write("data\n")

# Append: open('log.txt', 'a')
# JSON:
import json
data = json.load(f)
json.dump(data, f)

with statement ensures file is closed even on error.

Git Basics

git init — init repo
git clone URL — clone
git add file or git add . — stage
git commit -m "message" — commit
git status — what's staged/modified
git log --oneline — history
git diff — unstaged changes
git diff --staged — staged changes

Git Branches and Merging

git branch feature-x — create branch
git checkout feature-x or git switch feature-x — switch
git checkout -b feature-x — create + switch
git merge feature-x — merge into current branch
git rebase main — reapply commits on top of main
git branch -d feature-x — delete merged branch

Git Remote and Tags

git remote add origin URL
git push origin main
git pull origin main
git fetch — download without merge
git tag v1.0.0 — lightweight tag
git tag -a v1.0.0 -m "Release" — annotated tag
git push origin --tags — push all tags
Tags mark releases for CI/CD pipelines.

Ansible Architecture

• Agentless — uses SSH
• Control node runs Ansible
• Managed nodes need only SSH + Python
• Push model (control node pushes config)
• Written in Python, Playbooks in YAML
• Idempotent — running again = same result
• No daemon required

Ansible Inventory

Default: /etc/ansible/hosts (or custom file)

[webservers]
192.168.1.10
192.168.1.11

[webservers:vars]
http_port=80

Test: ansible all -i inventory -m ping

Ansible Playbook Structure

- name: play_name
  hosts: webservers
  become: yes
  tasks:
    - name: Install nginx
      ansible.builtin.package:
        name: nginx
        state: present
    - name: Start nginx
      ansible.builtin.service:
        name: nginx
        state: started
        enabled: yes

Run: ansible-playbook playbook.yml -i inventory

Ansible Key Modules

• package/apt/dnf — install packages
• service — manage services
• copy — copy files
• template — Jinja2 templates
• file — manage files/dirs/permissions
• user — manage users
• command/shell — run commands
• lineinfile — edit lines in files
• debug — print variables for troubleshooting

Puppet Architecture

• Agent-based — Puppet agent installed on managed nodes
• Puppet server (master) holds manifests
• Pull model — agents check in every 30 min by default
• Manifests written in Puppet DSL (domain-specific language)
• Resources describe desired state (declarative)

Puppet Manifest Basics

class nginx {
  package { 'nginx':
    ensure => installed,
  }
  service { 'nginx':
    ensure  => running,
    enable  => true,
    require => Package['nginx'],
  }
}

Apply: puppet apply manifest.pp
Node checks in: puppet agent --test

CI/CD in Linux Context

CI (Continuous Integration): automatically test code on each commit.
CD (Continuous Delivery/Deployment): automatically deploy tested code.

Tools: GitLab CI (.gitlab-ci.yml), GitHub Actions (.github/workflows/), Jenkins. Linux admins configure CI/CD pipelines that run shell scripts/Ansible playbooks.

Basic Pipeline Example

Trigger: push to main branch

Stages: build → test → deploy

Each stage runs shell commands or scripts. Artifacts passed between stages. On success: deploy to production. On failure: notify team, stop pipeline.

Responsible AI Code Generation

AI tools (GitHub Copilot, ChatGPT, etc.) can generate shell scripts and Python code.

ALWAYS:

• Review generated code line by line before running
• Test in a non-production environment first
• Verify permissions and security implications
• Understand what the code does — never run code you don't understand

Prompt Engineering for Sysadmin Tasks

Be specific in prompts:

GOOD: "Write a bash script that backs up /etc daily to /backup with date-stamped filenames and removes backups older than 30 days"

TOO VAGUE: "write a backup script"

Include: target OS, constraints, error handling requirements, output format. Iterate and refine.

AI Limitations in Linux Administration

• AI may suggest outdated commands (deprecated tools, old syntax)
• AI may not know your specific distro version or config
• AI may generate code with security vulnerabilities (hardcoded credentials, insecure permissions, injection risks)
• Always validate against official documentation
• AI is a tool to assist — not replace — understanding