group_vars | ||
host_vars | ||
playbooks | ||
roles@61c63ae729 | ||
scripts | ||
.ansible-lint | ||
.gitignore | ||
.gitmodules | ||
.yamllint | ||
ansible.cfg | ||
main.yml | ||
makefile | ||
production | ||
README.md | ||
requirements.txt | ||
testing | ||
vault-keyring-client.py |
The Ansible Edda
Ansible playbooks for provisioning The Nine Worlds.
Secrets vault
- Encrypt with:
ansible-vault encrypt vault.yml
- Decrypt with:
ansible-vault decrypt secrets.yml
- Encrypt all
vault.yml
in a directory with:ansible-vault encrypt directory/**/vault.yml
- Decrypt all
vault.yml
in a directory with:ansible-vault decrypt directory/**/vault.yml
- Run a playbook with
ansible-playbook --vault-id @prompt playbook.yml
The Nine Worlds
The main entrypoint for The Nine Worlds is main.yml
.
Keyring integration
Keyring integration requires python3-keyring
to be installed.
To set the keyring password run:
./vault-keyring-client.py --set [--vault-id <vault-id>]
If --vault-id
is not specified, the password will be stored under ansible
.
To use the password from the keyring invoke playbooks with:
ansible-playbook --vault-id @vault-keyring-client.py ...
Production and testing
The inventory files are split into production
and testing
.
To run the main.yml
playbook on production hosts:
ansible-playbook main.yml -i production
To run the main.yml
playbook on production hosts:
ansible-playbook main.yml -i testing
Testing virtual machines
Scripts for starting, stopping, and reverting the testing virtual machines are located in
scripts/testing
.
Playbooks
The Ansible Edda playbook is composed of smaller playbooks
. To run a single playbook,
invoke the relevant playbook directly from the playbook directory. For example, to run the
system
playbook, run:
ansible-playbook playbooks/system.yml
Alternatively you can use its tag as well:
ansible-playbook main.yml --tags "system"
Roles
Playbooks are composed of roles defined in the roles
directory,
playbooks/roles
.
To play only a specific role, e.g. system/base
in the playbook system
, run:
ansible-playbook playbooks/system.yml --tags "system:base"
Or from the main playbook:
ansible-playbook main.yml --tags "system:base"
Role sub-tasks
Some roles are split into smaller groups of tasks. This can be checked by looking at the
tasks/main.yml
file of a role, e.g.
playbooks/roles/system/base/tasks/main.yml
.
To play only a particular group within a role, e.g. sshd
in base
of system
, run:
ansible-playbook playbooks/system.yml --tags "system:base:sshd"
Or from the main playbook:
ansible-playbook main.yml --tags "system:base:sshd"