2022-08-18 10:48:41 +02:00
|
|
|
# The Ansible Edda
|
|
|
|
|
|
2022-10-01 17:46:29 +02:00
|
|
|
Ansible playbooks for provisioning The Nine Worlds.
|
2022-08-18 10:48:41 +02:00
|
|
|
|
|
|
|
|
## Secrets vault
|
|
|
|
|
|
2022-12-18 21:14:04 +01:00
|
|
|
- Encrypt with: ```ansible-vault encrypt vault.yml```
|
2022-09-21 23:57:15 +02:00
|
|
|
- Decrypt with: ```ansible-vault decrypt secrets.yml```
|
2022-12-18 21:14:04 +01:00
|
|
|
- Encrypt all `vault.yml` in a directory with: ```ansible-vault encrypt directory/**/vault.yml```
|
|
|
|
|
- Decrypt all `vault.yml` in a directory with: ```ansible-vault decrypt directory/**/vault.yml```
|
2022-08-18 10:48:41 +02:00
|
|
|
- Run a playbook with ```ansible-playbook --vault-id @prompt playbook.yml```
|
2022-12-04 15:43:10 +01:00
|
|
|
|
2022-12-07 21:36:08 +01:00
|
|
|
## The Nine Worlds
|
2022-12-04 15:43:10 +01:00
|
|
|
|
|
|
|
|
The main entrypoint for The Nine Worlds is [`main.yml`](main.yml).
|
|
|
|
|
|
|
|
|
|
### Production and testing
|
|
|
|
|
|
|
|
|
|
The inventory files are split into [`production`](production) and [`testing`](testing).
|
|
|
|
|
|
2022-12-07 21:36:08 +01:00
|
|
|
To run the `main.yml` playbook on production hosts:
|
2022-12-04 15:43:10 +01:00
|
|
|
``` sh
|
|
|
|
|
ansible-playbook main.yml -i production
|
|
|
|
|
```
|
|
|
|
|
|
2022-12-07 21:36:08 +01:00
|
|
|
To run the `main.yml` playbook on production hosts:
|
2022-12-04 15:43:10 +01:00
|
|
|
``` sh
|
|
|
|
|
ansible-playbook main.yml -i testing
|
|
|
|
|
```
|
|
|
|
|
|
2022-12-07 21:36:08 +01:00
|
|
|
### Playbooks
|
|
|
|
|
|
2022-12-18 21:14:04 +01:00
|
|
|
The Ansible Edda playbook is composed of smaller [`playbooks`](playbooks). To run a single playbook,
|
|
|
|
|
invoke the relevant playbook directly from the playbook directory. For example, to run the
|
|
|
|
|
[`system`](system) playbook, run:
|
2022-12-07 21:36:08 +01:00
|
|
|
|
|
|
|
|
``` sh
|
2022-12-18 21:14:04 +01:00
|
|
|
ansible-playbook playbooks/system.yml
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Alternatively you can use its tag as well:
|
|
|
|
|
|
|
|
|
|
``` sh
|
|
|
|
|
ansible-playbook main.yml --tags "system"
|
2022-12-07 21:36:08 +01:00
|
|
|
```
|
|
|
|
|
|
2022-12-04 15:43:10 +01:00
|
|
|
### Roles
|
|
|
|
|
|
2022-12-18 21:14:04 +01:00
|
|
|
Playbooks are composed of roles defined in the `roles` directory,
|
|
|
|
|
[`playbooks/roles`](playbooks/roles).
|
|
|
|
|
|
|
|
|
|
To play only a specific role, e.g. `system/base` in the playbook `system`, run:
|
|
|
|
|
|
|
|
|
|
``` sh
|
|
|
|
|
ansible-playbook playbooks/system.yml --tags "system:base"
|
|
|
|
|
```
|
2022-12-04 15:43:10 +01:00
|
|
|
|
2022-12-18 21:14:04 +01:00
|
|
|
Or from the main playbook:
|
2022-12-04 15:43:10 +01:00
|
|
|
|
|
|
|
|
``` sh
|
2022-12-18 21:14:04 +01:00
|
|
|
ansible-playbook main.yml --tags "system:base"
|
2022-12-04 15:43:10 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
### Role sub-tasks
|
|
|
|
|
|
|
|
|
|
Some roles are split into smaller groups of tasks. This can be checked by looking at the
|
|
|
|
|
`tasks/main.yml` file of a role, e.g.
|
2022-12-18 21:14:04 +01:00
|
|
|
[`playbooks/roles/system/base/tasks/main.yml`](playbooks/roles/system/base/tasks/main.yml).
|
2022-12-04 15:43:10 +01:00
|
|
|
|
2022-12-07 21:36:08 +01:00
|
|
|
To play only a particular group within a role, e.g. `sshd` in `base` of `system`, run:
|
2022-12-04 15:43:10 +01:00
|
|
|
|
|
|
|
|
``` sh
|
2022-12-18 21:14:04 +01:00
|
|
|
ansible-playbook playbooks/system.yml --tags "system:base:sshd"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Or from the main playbook:
|
|
|
|
|
|
|
|
|
|
``` sh
|
|
|
|
|
ansible-playbook main.yml --tags "system:base:sshd"
|
2022-12-04 15:43:10 +01:00
|
|
|
```
|
