# The Ansible Edda Ansible playbooks for provisioning The Nine Worlds. ## Secrets vault - Encrypt with: ```ansible-vault encrypt vault.yml``` - Decrypt with: ```ansible-vault decrypt secrets.yml``` - Encrypt all `vault.yml` in a directory with: ```ansible-vault encrypt directory/**/vault.yml``` - Decrypt all `vault.yml` in a directory with: ```ansible-vault decrypt directory/**/vault.yml``` - Run a playbook with ```ansible-playbook --vault-id @prompt playbook.yml``` ## The Nine Worlds The main entrypoint for The Nine Worlds is [`main.yml`](main.yml). ### Keyring integration Keyring integration requires `python3-keyring` to be installed. To set the keyring password run: ``` sh ./vault-keyring-client.py --set [--vault-id ] ``` If `--vault-id` is not specified, the password will be stored under `ansible`. To use the password from the keyring invoke playbooks with: ``` sh ansible-playbook --vault-id @vault-keyring-client.py ... ``` ### Production and testing The inventory files are split into [`production`](production) and [`testing`](testing). To run the `main.yml` playbook on production hosts: ``` sh ansible-playbook main.yml -i production ``` To run the `main.yml` playbook on production hosts: ``` sh ansible-playbook main.yml -i testing ``` ### Testing virtual machines Scripts for starting, stopping, and reverting the testing virtual machines are located in `scripts/testing`. ### Playbooks The Ansible Edda playbook is composed of smaller [`playbooks`](playbooks). To run a single playbook, invoke the relevant playbook directly from the playbook directory. For example, to run the [`system`](system) playbook, run: ``` sh ansible-playbook playbooks/system.yml ``` Alternatively you can use its tag as well: ``` sh ansible-playbook main.yml --tags "system" ``` ### Roles Playbooks are composed of roles defined in the `roles` directory, [`playbooks/roles`](playbooks/roles). To play only a specific role, e.g. `system/base` in the playbook `system`, run: ``` sh ansible-playbook playbooks/system.yml --tags "system:base" ``` Or from the main playbook: ``` sh ansible-playbook main.yml --tags "system:base" ``` ### Role sub-tasks Some roles are split into smaller groups of tasks. This can be checked by looking at the `tasks/main.yml` file of a role, e.g. [`playbooks/roles/system/base/tasks/main.yml`](playbooks/roles/system/base/tasks/main.yml). To play only a particular group within a role, e.g. `sshd` in `base` of `system`, run: ``` sh ansible-playbook playbooks/system.yml --tags "system:base:sshd" ``` Or from the main playbook: ``` sh ansible-playbook main.yml --tags "system:base:sshd" ```