the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
205 Commits 1 Branch 0 Tags 1.7 MiB
Python 88.4%
Shell 10.9%
Makefile 0.7%
8c7972fb35
Go to file
Wojciech Kozlowski 8c7972fb35 Add integration with keyring
2022-12-28 14:21:33 +01:00
group_vars Split system:base tasks into roles 2022-12-20 17:31:37 +01:00
host_vars Decouple bridge from wireguard role 2022-12-20 19:40:33 +01:00
playbooks Update logcheck ignore for gitea 2022-12-23 17:28:41 +01:00
roles@1de4e1ddd1 Move ignore file to user repo 2022-12-21 11:37:56 +01:00
.ansible-lint Introduce ansible-lint 2022-12-18 23:00:28 +01:00
.gitignore Remove custom filter in favour of native jinja2 2022-12-14 20:51:20 +01:00
.gitmodules Move roles to shared repo 2022-12-20 19:56:45 +01:00
.yamllint Introduce yamllint 2022-12-18 23:43:40 +01:00
ansible.cfg Move roles to shared repo 2022-12-20 19:56:45 +01:00
main.yml Fix fact gathering when using tags 2022-12-19 14:45:10 +01:00
makefile Introduce yamllint 2022-12-18 23:43:40 +01:00
production Remove unused fact caching options 2022-12-20 19:36:13 +01:00
README.md Add integration with keyring 2022-12-28 14:21:33 +01:00
testing Replace 00-test-hosts play 2022-12-04 15:36:03 +01:00
vault-keyring-client.py Add integration with keyring 2022-12-28 14:21:33 +01:00

README.md

The Ansible Edda

Ansible playbooks for provisioning The Nine Worlds.

Secrets vault

  • Encrypt with: ansible-vault encrypt vault.yml
  • Decrypt with: ansible-vault decrypt secrets.yml
  • Encrypt all vault.yml in a directory with: ansible-vault encrypt directory/**/vault.yml
  • Decrypt all vault.yml in a directory with: ansible-vault decrypt directory/**/vault.yml
  • Run a playbook with ansible-playbook --vault-id @prompt playbook.yml

The Nine Worlds

The main entrypoint for The Nine Worlds is main.yml.

Keyring integration

Keyring integration requires python3-keyring to be installed.

To set the keyring password run:

./vault-keyring-client.py --set [--vault-id <vault-id>]

If --vault-id is not specified, the password will be stored under ansible.

To use the password from the keyring invoke playbooks with:

ansible-playbook --vault-id @vault-keyring-client.py ...

Production and testing

The inventory files are split into production and testing.

To run the main.yml playbook on production hosts:

ansible-playbook main.yml -i production

To run the main.yml playbook on production hosts:

ansible-playbook main.yml -i testing

Playbooks

The Ansible Edda playbook is composed of smaller playbooks. To run a single playbook, invoke the relevant playbook directly from the playbook directory. For example, to run the system playbook, run:

ansible-playbook playbooks/system.yml

Alternatively you can use its tag as well:

ansible-playbook main.yml --tags "system"

Roles

Playbooks are composed of roles defined in the roles directory, playbooks/roles.

To play only a specific role, e.g. system/base in the playbook system, run:

ansible-playbook playbooks/system.yml --tags "system:base"

Or from the main playbook:

ansible-playbook main.yml --tags "system:base"

Role sub-tasks

Some roles are split into smaller groups of tasks. This can be checked by looking at the tasks/main.yml file of a role, e.g. playbooks/roles/system/base/tasks/main.yml.

To play only a particular group within a role, e.g. sshd in base of system, run:

ansible-playbook playbooks/system.yml --tags "system:base:sshd"

Or from the main playbook:

ansible-playbook main.yml --tags "system:base:sshd"