group_vars | ||
host_vars | ||
playbooks | ||
.ansible-lint | ||
.gitignore | ||
ansible.cfg | ||
main.yml | ||
makefile | ||
production | ||
README.md | ||
testing |
The Ansible Edda
Ansible playbooks for provisioning The Nine Worlds.
Secrets vault
- Encrypt with:
ansible-vault encrypt vault.yml
- Decrypt with:
ansible-vault decrypt secrets.yml
- Encrypt all
vault.yml
in a directory with:ansible-vault encrypt directory/**/vault.yml
- Decrypt all
vault.yml
in a directory with:ansible-vault decrypt directory/**/vault.yml
- Run a playbook with
ansible-playbook --vault-id @prompt playbook.yml
The Nine Worlds
The main entrypoint for The Nine Worlds is main.yml
.
Production and testing
The inventory files are split into production
and testing
.
To run the main.yml
playbook on production hosts:
ansible-playbook main.yml -i production
To run the main.yml
playbook on production hosts:
ansible-playbook main.yml -i testing
Playbooks
The Ansible Edda playbook is composed of smaller playbooks
. To run a single playbook,
invoke the relevant playbook directly from the playbook directory. For example, to run the
system
playbook, run:
ansible-playbook playbooks/system.yml
Alternatively you can use its tag as well:
ansible-playbook main.yml --tags "system"
Roles
Playbooks are composed of roles defined in the roles
directory,
playbooks/roles
.
To play only a specific role, e.g. system/base
in the playbook system
, run:
ansible-playbook playbooks/system.yml --tags "system:base"
Or from the main playbook:
ansible-playbook main.yml --tags "system:base"
Role sub-tasks
Some roles are split into smaller groups of tasks. This can be checked by looking at the
tasks/main.yml
file of a role, e.g.
playbooks/roles/system/base/tasks/main.yml
.
To play only a particular group within a role, e.g. sshd
in base
of system
, run:
ansible-playbook playbooks/system.yml --tags "system:base:sshd"
Or from the main playbook:
ansible-playbook main.yml --tags "system:base:sshd"