Isolate playbooks

This commit is contained in:
Wojciech Kozlowski 2022-12-07 21:36:08 +01:00
parent e23a226e3d
commit c59c3a0ea8
68 changed files with 124 additions and 113 deletions

View File

@ -9,7 +9,7 @@ Ansible playbooks for provisioning The Nine Worlds.
- Print secrets to STDOUT: ```ansible-vault decrypt --output - secrets.yml``` - Print secrets to STDOUT: ```ansible-vault decrypt --output - secrets.yml```
- Run a playbook with ```ansible-playbook --vault-id @prompt playbook.yml``` - Run a playbook with ```ansible-playbook --vault-id @prompt playbook.yml```
## Main ## The Nine Worlds
The main entrypoint for The Nine Worlds is [`main.yml`](main.yml). The main entrypoint for The Nine Worlds is [`main.yml`](main.yml).
@ -17,34 +17,45 @@ The main entrypoint for The Nine Worlds is [`main.yml`](main.yml).
The inventory files are split into [`production`](production) and [`testing`](testing). The inventory files are split into [`production`](production) and [`testing`](testing).
To run the `main.yml` play on production hosts: To run the `main.yml` playbook on production hosts:
``` sh ``` sh
ansible-playbook main.yml -i production ansible-playbook main.yml -i production
``` ```
To run the `main.yml` play on production hosts: To run the `main.yml` playbook on production hosts:
``` sh ``` sh
ansible-playbook main.yml -i testing ansible-playbook main.yml -i testing
``` ```
### Roles ### Playbooks
The plays are composed of roles defined in [`plays/roles`](plays/roles). The Nine Worlds playbook is composed of smaller [`playbooks`](plays). To run a single playbook,
invoke the `main.yml` playbook directly from the desired playbook's directory. For example, to run
To play only a specific role, e.g. `system_base`, run: the [`system`](system) playbook, run:
``` sh ``` sh
ansible-playbook --tags "role:system_base" ansible-playbook plays/system/main.yml
```
### Roles
Playbooks are composed of roles defined in the playbook's `roles` directory, e.g.
[`plays/system/roles`](plays/system/roles) for `system`.
To play only a specific role in a playbook, e.g. `base` in the playbook `system`, run:
``` sh
ansible-playbook plays/system/main.yml --tags "system:base"
``` ```
### Role sub-tasks ### Role sub-tasks
Some roles are split into smaller groups of tasks. This can be checked by looking at the Some roles are split into smaller groups of tasks. This can be checked by looking at the
`tasks/main.yml` file of a role, e.g. `tasks/main.yml` file of a role, e.g.
[`plays/roles/system_base/tasks/main.yml`](plays/roles/system_base/tasks/main.yml). [`plays/system/roles/base/tasks/main.yml`](plays/system/roles/base/tasks/main.yml).
To play only a particular group within a role, e.g. `sshd` in `system_base`, run: To play only a particular group within a role, e.g. `sshd` in `base` of `system`, run:
``` sh ``` sh
ansible-playbook --tags "role:system_base:sshd" ansible-playbook plays/system/main.yml --tags "system:base:sshd"
``` ```

View File

@ -1,2 +1,2 @@
--- ---
- ansible.builtin.import_playbook: "plays/system.yml" - ansible.builtin.import_playbook: "plays/system/main.yml"

View File

@ -1,47 +0,0 @@
- name: "role:system_base:sshd"
import_tasks: "include/sshd.yml"
tags: "role:system_base:sshd"
- name: "role:system_base:nftables"
import_tasks: "include/nftables.yml"
tags: "role:system_base:nftables"
- name: "role:system_base:ntp"
import_tasks: "include/ntp.yml"
tags: "role:system_base:ntp"
- name: "role:system_base:fail2ban"
import_tasks: "include/fail2ban.yml"
tags: "role:system_base:fail2ban"
- name: "role:system_base:fstrim"
import_tasks: "include/fstrim.yml"
tags: "role:system_base:fstrim"
- name: "role:system_base:unattended_upgrades"
import_tasks: "include/unattended_upgrades.yml"
tags: "role:system_base:unattended_upgrades"
- name: "role:system_base:logs"
import_tasks: "include/logs.yml"
tags: "role:system_base:logs"
- name: "role:system_base:systemd_mail"
import_tasks: "include/systemd_mail.yml"
tags: "role:system_base:systemd_mail"
- name: "role:system_base:utils"
import_tasks: "include/utils.yml"
tags: "role:system_base:utils"
- name: "role:system_base:motd"
import_tasks: "include/motd.yml"
tags: "role:system_base:motd"
- name: "role:system_base:root"
import_tasks: "include/root.yml"
tags: "role:system_base:root"
- name: "role:system_base:user"
import_tasks: "include/user.yml"
tags: "role:system_base:user"

View File

@ -1,23 +0,0 @@
- name: "role:system_zfs:conf"
import_tasks: "include/conf.yml"
tags: "role:system_zfs:conf"
- name: "role:system_zfs:cron"
import_tasks: "include/cron.yml"
tags: "role:system_zfs:cron"
- name: "role:system_zfs:trim"
import_tasks: "include/trim.yml"
tags: "role:system_zfs:trim"
- name: "role:system_zfs:scrub"
import_tasks: "include/scrub.yml"
tags: "role:system_zfs:scrub"
- name: "role:system_zfs:load_key"
import_tasks: "include/load_key.yml"
tags: "role:system_zfs:load_key"
- name: "role:system_zfs:fstrim"
import_tasks: "include/fstrim.yml"
tags: "role:system_zfs:fstrim"

View File

@ -1,31 +0,0 @@
---
- name: "play : system : ups"
hosts: "ups"
roles:
- role: "system_ups"
tags: "role:system_ups"
- name: "play : system : smart"
hosts: "smart"
roles:
- role: "system_smart"
vars:
smartd_conf_file_path: "files/system_smart/smartd.conf"
tags: "role:system_smart"
- name: "play : system : zfs"
hosts: "zfs"
roles:
- role: "system_zfs"
tags: "role:system_zfs"
- name: "play : system : all"
hosts: "all"
roles:
- role: "system_mail"
tags: "role:system_mail"
when: the_nine_worlds_production | bool
- role: "system_base"
tags: "role:system_base"
vars:
motd_dir_path: "files/system_base/motd"

31
plays/system/main.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: "system : group:ups"
hosts: "ups"
roles:
- role: "ups"
tags: "system:ups"
- name: "system : group:smart"
hosts: "smart"
roles:
- role: "smart"
vars:
smartd_conf_file_path: "files/smart/smartd.conf"
tags: "system:smart"
- name: "system : group:zfs"
hosts: "zfs"
roles:
- role: "zfs"
tags: "system:zfs"
- name: "system : group:all"
hosts: "all"
roles:
- role: "mail"
tags: "system:mail"
when: the_nine_worlds_production | bool
- role: "base"
tags: "system:base"
vars:
motd_dir_path: "files/base/motd"

View File

@ -0,0 +1,47 @@
- name: "play:system : role:base : tasks:sshd"
import_tasks: "include/sshd.yml"
tags: "system:base:sshd"
- name: "play:system : role:base : tasks:nftables"
import_tasks: "include/nftables.yml"
tags: "system:base:nftables"
- name: "play:system : role:base : tasks:ntp"
import_tasks: "include/ntp.yml"
tags: "system:base:ntp"
- name: "play:system : role:base : tasks:fail2ban"
import_tasks: "include/fail2ban.yml"
tags: "system:base:fail2ban"
- name: "play:system : role:base : tasks:fstrim"
import_tasks: "include/fstrim.yml"
tags: "system:base:fstrim"
- name: "play:system : role:base : tasks:unattended_upgrades"
import_tasks: "include/unattended_upgrades.yml"
tags: "system:base:unattended_upgrades"
- name: "play:system : role:base : tasks:logs"
import_tasks: "include/logs.yml"
tags: "system:base:logs"
- name: "play:system : role:base : tasks:systemd_mail"
import_tasks: "include/systemd_mail.yml"
tags: "system:base:systemd_mail"
- name: "play:system : role:base : tasks:utils"
import_tasks: "include/utils.yml"
tags: "system:base:utils"
- name: "play:system : role:base : tasks:motd"
import_tasks: "include/motd.yml"
tags: "system:base:motd"
- name: "play:system : role:base : tasks:root"
import_tasks: "include/root.yml"
tags: "system:base:root"
- name: "play:system : role:base : tasks:user"
import_tasks: "include/user.yml"
tags: "system:base:user"

View File

@ -0,0 +1,23 @@
- name: "play:system : role:zfs : tasks:conf"
import_tasks: "include/conf.yml"
tags: "system:zfs:conf"
- name: "play:system : role:zfs : tasks:cron"
import_tasks: "include/cron.yml"
tags: "system:zfs:cron"
- name: "play:system : role:zfs : tasks:trim"
import_tasks: "include/trim.yml"
tags: "system:zfs:trim"
- name: "play:system : role:zfs : tasks:scrub"
import_tasks: "include/scrub.yml"
tags: "system:zfs:scrub"
- name: "play:system : role:zfs : tasks:load_key"
import_tasks: "include/load_key.yml"
tags: "system:zfs:load_key"
- name: "play:system : role:zfs : tasks:fstrim"
import_tasks: "include/fstrim.yml"
tags: "system:zfs:fstrim"