Isolate playbooks
This commit is contained in:
parent
e23a226e3d
commit
c59c3a0ea8
33
README.md
33
README.md
@ -9,7 +9,7 @@ Ansible playbooks for provisioning The Nine Worlds.
|
|||||||
- Print secrets to STDOUT: ```ansible-vault decrypt --output - secrets.yml```
|
- Print secrets to STDOUT: ```ansible-vault decrypt --output - secrets.yml```
|
||||||
- Run a playbook with ```ansible-playbook --vault-id @prompt playbook.yml```
|
- Run a playbook with ```ansible-playbook --vault-id @prompt playbook.yml```
|
||||||
|
|
||||||
## Main
|
## The Nine Worlds
|
||||||
|
|
||||||
The main entrypoint for The Nine Worlds is [`main.yml`](main.yml).
|
The main entrypoint for The Nine Worlds is [`main.yml`](main.yml).
|
||||||
|
|
||||||
@ -17,34 +17,45 @@ The main entrypoint for The Nine Worlds is [`main.yml`](main.yml).
|
|||||||
|
|
||||||
The inventory files are split into [`production`](production) and [`testing`](testing).
|
The inventory files are split into [`production`](production) and [`testing`](testing).
|
||||||
|
|
||||||
To run the `main.yml` play on production hosts:
|
To run the `main.yml` playbook on production hosts:
|
||||||
``` sh
|
``` sh
|
||||||
ansible-playbook main.yml -i production
|
ansible-playbook main.yml -i production
|
||||||
```
|
```
|
||||||
|
|
||||||
To run the `main.yml` play on production hosts:
|
To run the `main.yml` playbook on production hosts:
|
||||||
``` sh
|
``` sh
|
||||||
ansible-playbook main.yml -i testing
|
ansible-playbook main.yml -i testing
|
||||||
```
|
```
|
||||||
|
|
||||||
### Roles
|
### Playbooks
|
||||||
|
|
||||||
The plays are composed of roles defined in [`plays/roles`](plays/roles).
|
The Nine Worlds playbook is composed of smaller [`playbooks`](plays). To run a single playbook,
|
||||||
|
invoke the `main.yml` playbook directly from the desired playbook's directory. For example, to run
|
||||||
To play only a specific role, e.g. `system_base`, run:
|
the [`system`](system) playbook, run:
|
||||||
|
|
||||||
``` sh
|
``` sh
|
||||||
ansible-playbook --tags "role:system_base"
|
ansible-playbook plays/system/main.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
### Roles
|
||||||
|
|
||||||
|
Playbooks are composed of roles defined in the playbook's `roles` directory, e.g.
|
||||||
|
[`plays/system/roles`](plays/system/roles) for `system`.
|
||||||
|
|
||||||
|
To play only a specific role in a playbook, e.g. `base` in the playbook `system`, run:
|
||||||
|
|
||||||
|
``` sh
|
||||||
|
ansible-playbook plays/system/main.yml --tags "system:base"
|
||||||
```
|
```
|
||||||
|
|
||||||
### Role sub-tasks
|
### Role sub-tasks
|
||||||
|
|
||||||
Some roles are split into smaller groups of tasks. This can be checked by looking at the
|
Some roles are split into smaller groups of tasks. This can be checked by looking at the
|
||||||
`tasks/main.yml` file of a role, e.g.
|
`tasks/main.yml` file of a role, e.g.
|
||||||
[`plays/roles/system_base/tasks/main.yml`](plays/roles/system_base/tasks/main.yml).
|
[`plays/system/roles/base/tasks/main.yml`](plays/system/roles/base/tasks/main.yml).
|
||||||
|
|
||||||
To play only a particular group within a role, e.g. `sshd` in `system_base`, run:
|
To play only a particular group within a role, e.g. `sshd` in `base` of `system`, run:
|
||||||
|
|
||||||
``` sh
|
``` sh
|
||||||
ansible-playbook --tags "role:system_base:sshd"
|
ansible-playbook plays/system/main.yml --tags "system:base:sshd"
|
||||||
```
|
```
|
||||||
|
2
main.yml
2
main.yml
@ -1,2 +1,2 @@
|
|||||||
---
|
---
|
||||||
- ansible.builtin.import_playbook: "plays/system.yml"
|
- ansible.builtin.import_playbook: "plays/system/main.yml"
|
||||||
|
@ -1,47 +0,0 @@
|
|||||||
- name: "role:system_base:sshd"
|
|
||||||
import_tasks: "include/sshd.yml"
|
|
||||||
tags: "role:system_base:sshd"
|
|
||||||
|
|
||||||
- name: "role:system_base:nftables"
|
|
||||||
import_tasks: "include/nftables.yml"
|
|
||||||
tags: "role:system_base:nftables"
|
|
||||||
|
|
||||||
- name: "role:system_base:ntp"
|
|
||||||
import_tasks: "include/ntp.yml"
|
|
||||||
tags: "role:system_base:ntp"
|
|
||||||
|
|
||||||
- name: "role:system_base:fail2ban"
|
|
||||||
import_tasks: "include/fail2ban.yml"
|
|
||||||
tags: "role:system_base:fail2ban"
|
|
||||||
|
|
||||||
- name: "role:system_base:fstrim"
|
|
||||||
import_tasks: "include/fstrim.yml"
|
|
||||||
tags: "role:system_base:fstrim"
|
|
||||||
|
|
||||||
- name: "role:system_base:unattended_upgrades"
|
|
||||||
import_tasks: "include/unattended_upgrades.yml"
|
|
||||||
tags: "role:system_base:unattended_upgrades"
|
|
||||||
|
|
||||||
- name: "role:system_base:logs"
|
|
||||||
import_tasks: "include/logs.yml"
|
|
||||||
tags: "role:system_base:logs"
|
|
||||||
|
|
||||||
- name: "role:system_base:systemd_mail"
|
|
||||||
import_tasks: "include/systemd_mail.yml"
|
|
||||||
tags: "role:system_base:systemd_mail"
|
|
||||||
|
|
||||||
- name: "role:system_base:utils"
|
|
||||||
import_tasks: "include/utils.yml"
|
|
||||||
tags: "role:system_base:utils"
|
|
||||||
|
|
||||||
- name: "role:system_base:motd"
|
|
||||||
import_tasks: "include/motd.yml"
|
|
||||||
tags: "role:system_base:motd"
|
|
||||||
|
|
||||||
- name: "role:system_base:root"
|
|
||||||
import_tasks: "include/root.yml"
|
|
||||||
tags: "role:system_base:root"
|
|
||||||
|
|
||||||
- name: "role:system_base:user"
|
|
||||||
import_tasks: "include/user.yml"
|
|
||||||
tags: "role:system_base:user"
|
|
@ -1,23 +0,0 @@
|
|||||||
- name: "role:system_zfs:conf"
|
|
||||||
import_tasks: "include/conf.yml"
|
|
||||||
tags: "role:system_zfs:conf"
|
|
||||||
|
|
||||||
- name: "role:system_zfs:cron"
|
|
||||||
import_tasks: "include/cron.yml"
|
|
||||||
tags: "role:system_zfs:cron"
|
|
||||||
|
|
||||||
- name: "role:system_zfs:trim"
|
|
||||||
import_tasks: "include/trim.yml"
|
|
||||||
tags: "role:system_zfs:trim"
|
|
||||||
|
|
||||||
- name: "role:system_zfs:scrub"
|
|
||||||
import_tasks: "include/scrub.yml"
|
|
||||||
tags: "role:system_zfs:scrub"
|
|
||||||
|
|
||||||
- name: "role:system_zfs:load_key"
|
|
||||||
import_tasks: "include/load_key.yml"
|
|
||||||
tags: "role:system_zfs:load_key"
|
|
||||||
|
|
||||||
- name: "role:system_zfs:fstrim"
|
|
||||||
import_tasks: "include/fstrim.yml"
|
|
||||||
tags: "role:system_zfs:fstrim"
|
|
@ -1,31 +0,0 @@
|
|||||||
---
|
|
||||||
- name: "play : system : ups"
|
|
||||||
hosts: "ups"
|
|
||||||
roles:
|
|
||||||
- role: "system_ups"
|
|
||||||
tags: "role:system_ups"
|
|
||||||
|
|
||||||
- name: "play : system : smart"
|
|
||||||
hosts: "smart"
|
|
||||||
roles:
|
|
||||||
- role: "system_smart"
|
|
||||||
vars:
|
|
||||||
smartd_conf_file_path: "files/system_smart/smartd.conf"
|
|
||||||
tags: "role:system_smart"
|
|
||||||
|
|
||||||
- name: "play : system : zfs"
|
|
||||||
hosts: "zfs"
|
|
||||||
roles:
|
|
||||||
- role: "system_zfs"
|
|
||||||
tags: "role:system_zfs"
|
|
||||||
|
|
||||||
- name: "play : system : all"
|
|
||||||
hosts: "all"
|
|
||||||
roles:
|
|
||||||
- role: "system_mail"
|
|
||||||
tags: "role:system_mail"
|
|
||||||
when: the_nine_worlds_production | bool
|
|
||||||
- role: "system_base"
|
|
||||||
tags: "role:system_base"
|
|
||||||
vars:
|
|
||||||
motd_dir_path: "files/system_base/motd"
|
|
31
plays/system/main.yml
Normal file
31
plays/system/main.yml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
---
|
||||||
|
- name: "system : group:ups"
|
||||||
|
hosts: "ups"
|
||||||
|
roles:
|
||||||
|
- role: "ups"
|
||||||
|
tags: "system:ups"
|
||||||
|
|
||||||
|
- name: "system : group:smart"
|
||||||
|
hosts: "smart"
|
||||||
|
roles:
|
||||||
|
- role: "smart"
|
||||||
|
vars:
|
||||||
|
smartd_conf_file_path: "files/smart/smartd.conf"
|
||||||
|
tags: "system:smart"
|
||||||
|
|
||||||
|
- name: "system : group:zfs"
|
||||||
|
hosts: "zfs"
|
||||||
|
roles:
|
||||||
|
- role: "zfs"
|
||||||
|
tags: "system:zfs"
|
||||||
|
|
||||||
|
- name: "system : group:all"
|
||||||
|
hosts: "all"
|
||||||
|
roles:
|
||||||
|
- role: "mail"
|
||||||
|
tags: "system:mail"
|
||||||
|
when: the_nine_worlds_production | bool
|
||||||
|
- role: "base"
|
||||||
|
tags: "system:base"
|
||||||
|
vars:
|
||||||
|
motd_dir_path: "files/base/motd"
|
47
plays/system/roles/base/tasks/main.yml
Normal file
47
plays/system/roles/base/tasks/main.yml
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
- name: "play:system : role:base : tasks:sshd"
|
||||||
|
import_tasks: "include/sshd.yml"
|
||||||
|
tags: "system:base:sshd"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:nftables"
|
||||||
|
import_tasks: "include/nftables.yml"
|
||||||
|
tags: "system:base:nftables"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:ntp"
|
||||||
|
import_tasks: "include/ntp.yml"
|
||||||
|
tags: "system:base:ntp"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:fail2ban"
|
||||||
|
import_tasks: "include/fail2ban.yml"
|
||||||
|
tags: "system:base:fail2ban"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:fstrim"
|
||||||
|
import_tasks: "include/fstrim.yml"
|
||||||
|
tags: "system:base:fstrim"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:unattended_upgrades"
|
||||||
|
import_tasks: "include/unattended_upgrades.yml"
|
||||||
|
tags: "system:base:unattended_upgrades"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:logs"
|
||||||
|
import_tasks: "include/logs.yml"
|
||||||
|
tags: "system:base:logs"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:systemd_mail"
|
||||||
|
import_tasks: "include/systemd_mail.yml"
|
||||||
|
tags: "system:base:systemd_mail"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:utils"
|
||||||
|
import_tasks: "include/utils.yml"
|
||||||
|
tags: "system:base:utils"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:motd"
|
||||||
|
import_tasks: "include/motd.yml"
|
||||||
|
tags: "system:base:motd"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:root"
|
||||||
|
import_tasks: "include/root.yml"
|
||||||
|
tags: "system:base:root"
|
||||||
|
|
||||||
|
- name: "play:system : role:base : tasks:user"
|
||||||
|
import_tasks: "include/user.yml"
|
||||||
|
tags: "system:base:user"
|
23
plays/system/roles/zfs/tasks/main.yml
Normal file
23
plays/system/roles/zfs/tasks/main.yml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
- name: "play:system : role:zfs : tasks:conf"
|
||||||
|
import_tasks: "include/conf.yml"
|
||||||
|
tags: "system:zfs:conf"
|
||||||
|
|
||||||
|
- name: "play:system : role:zfs : tasks:cron"
|
||||||
|
import_tasks: "include/cron.yml"
|
||||||
|
tags: "system:zfs:cron"
|
||||||
|
|
||||||
|
- name: "play:system : role:zfs : tasks:trim"
|
||||||
|
import_tasks: "include/trim.yml"
|
||||||
|
tags: "system:zfs:trim"
|
||||||
|
|
||||||
|
- name: "play:system : role:zfs : tasks:scrub"
|
||||||
|
import_tasks: "include/scrub.yml"
|
||||||
|
tags: "system:zfs:scrub"
|
||||||
|
|
||||||
|
- name: "play:system : role:zfs : tasks:load_key"
|
||||||
|
import_tasks: "include/load_key.yml"
|
||||||
|
tags: "system:zfs:load_key"
|
||||||
|
|
||||||
|
- name: "play:system : role:zfs : tasks:fstrim"
|
||||||
|
import_tasks: "include/fstrim.yml"
|
||||||
|
tags: "system:zfs:fstrim"
|
Loading…
Reference in New Issue
Block a user