the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
440 Commits 1 Branch 0 Tags 1.7 MiB
Python 88.4%
Shell 10.9%
Makefile 0.7%
main
Go to file
Wojciech Kozlowski 758128a436 Remove backup testing how-to (moved to notes)
2024-12-30 18:56:09 +01:00
inventory Latest updates for backup testing 2024-12-30 17:47:46 +01:00
playbooks Update nextcloud version 2024-10-06 09:46:59 +02:00
roles@7d1b975af6 Roles update 2024-02-04 10:16:49 +01:00
scripts Update README 2023-11-04 22:44:07 +01:00
.ansible-lint Fix lints 2023-11-04 21:19:09 +01:00
.gitignore Add script to manage instance for backup testing 2023-01-02 23:39:04 +01:00
.gitmodules Fix README 2023-11-04 22:56:33 +01:00
.yamllint Add gitea runner 2024-01-06 12:21:34 +01:00
ansible.cfg Move roles to shared repo 2022-12-20 19:56:45 +01:00
main.yml Add music service 2023-02-21 00:06:29 +01:00
makefile Fix lints 2023-11-04 21:19:09 +01:00
README.md Remove backup testing how-to (moved to notes) 2024-12-30 18:56:09 +01:00
requirements.txt Fix lints 2023-11-04 21:19:09 +01:00
vault-keyring-client.py Move to using virtualenv 2023-02-11 10:30:32 +01:00

README.md

The Ansible Edda

Ansible playbooks for provisioning The Nine Worlds.

Running the playbooks

The main entrypoint for The Nine Worlds is main.yml.

Keyring integration

Keyring integration requires python3-keyring to be installed.

To set the keyring password run:

./vault-keyring-client.py --set [--vault-id <vault-id>]

If --vault-id is not specified, the password will be stored under ansible.

To use the password from the keyring invoke playbooks with:

ansible-playbook --vault-id @vault-keyring-client.py ...

Production and testing

The inventory files are split into inventory/production and inventory/testing.

To run the main.yml playbook on production hosts:

ansible-playbook -i inventory/production main.yml

To run the main.yml playbook on testing hosts:

ansible-playbook -i inventory/testing main.yml

Playbooks

The Ansible Edda playbook is composed of smaller playbooks. To run a single playbook, invoke the relevant playbook directly from the playbook directory. For example, to run the playbooks/system.yml playbook, run:

ansible-playbook playbooks/system.yml

Alternatively you can use its tag as well:

ansible-playbook main.yml --tags "system"

Roles

Playbooks are composed of roles defined in the roles submodule and playbooks/roles.

To play a specific role, e.g., system/base/sshd in the playbook system, run:

ansible-playbook playbooks/system.yml --tags "system:base:sshd"

To play all roles from a specific group, e.g., system/base in the playbook system, run:

ansible-playbook playbooks/system.yml --tags "system:base"

Some roles, e.g., services/setup/user, have sub-tasks which can also be invoked individually. To find the relevant tag, see the role's tasks/main.yml.

In all cases, the roles can be also invoked from the main playbook:

ansible-playbook main.yml --tags "system:base:sshd"
ansible-playbook main.yml --tags "system:base"

Testing virtual machines

The scripts for starting, stopping, and reverting the testing virtual machines is located in scripts/testing/vmgr.py.

Managing backup buckets

The scripts/restic/restic.py script provides a wrapper around restic to manage the backup buckets. The script collects the credentials from the OS keyring and constructs the restic command with the correct endpoint. It allows the user to focus on the actual command to be executed rather than authentication and bucket URLs.

The scripts/restic/restic.py requires the following entries in the keyring:

  • scaleway: access_key (Scaleway project ID),
  • scaleway: secret_key (Scaleway secret key),
  • restic: password.

The easiest way to set these values is with Python's keyring.set_password.