Go to file
2023-01-02 23:39:04 +01:00
group_vars Split system:base tasks into roles 2022-12-20 17:31:37 +01:00
host_vars Decouple bridge from wireguard role 2022-12-20 19:40:33 +01:00
playbooks Update joplin server 2023-01-01 10:41:48 +01:00
roles@61c63ae729 Submodule update 2022-12-28 19:35:23 +01:00
scripts Add script to manage instance for backup testing 2023-01-02 23:39:04 +01:00
.ansible-lint Introduce ansible-lint 2022-12-18 23:00:28 +01:00
.gitignore Add script to manage instance for backup testing 2023-01-02 23:39:04 +01:00
.gitmodules Move roles to shared repo 2022-12-20 19:56:45 +01:00
.yamllint Introduce yamllint 2022-12-18 23:43:40 +01:00
ansible.cfg Move roles to shared repo 2022-12-20 19:56:45 +01:00
main.yml Fix fact gathering when using tags 2022-12-19 14:45:10 +01:00
makefile Introduce yamllint 2022-12-18 23:43:40 +01:00
production Remove unused fact caching options 2022-12-20 19:36:13 +01:00
README.md Add scripts for managing testing virtual machines 2022-12-28 14:24:23 +01:00
testing Include ups and smart groups in testing inventory 2022-12-28 18:21:15 +01:00
vault-keyring-client.py Add integration with keyring 2022-12-28 14:21:33 +01:00

The Ansible Edda

Ansible playbooks for provisioning The Nine Worlds.

Secrets vault

  • Encrypt with: ansible-vault encrypt vault.yml
  • Decrypt with: ansible-vault decrypt secrets.yml
  • Encrypt all vault.yml in a directory with: ansible-vault encrypt directory/**/vault.yml
  • Decrypt all vault.yml in a directory with: ansible-vault decrypt directory/**/vault.yml
  • Run a playbook with ansible-playbook --vault-id @prompt playbook.yml

The Nine Worlds

The main entrypoint for The Nine Worlds is main.yml.

Keyring integration

Keyring integration requires python3-keyring to be installed.

To set the keyring password run:

./vault-keyring-client.py --set [--vault-id <vault-id>]

If --vault-id is not specified, the password will be stored under ansible.

To use the password from the keyring invoke playbooks with:

ansible-playbook --vault-id @vault-keyring-client.py ...

Production and testing

The inventory files are split into production and testing.

To run the main.yml playbook on production hosts:

ansible-playbook main.yml -i production

To run the main.yml playbook on production hosts:

ansible-playbook main.yml -i testing

Testing virtual machines

Scripts for starting, stopping, and reverting the testing virtual machines are located in scripts/testing.

Playbooks

The Ansible Edda playbook is composed of smaller playbooks. To run a single playbook, invoke the relevant playbook directly from the playbook directory. For example, to run the system playbook, run:

ansible-playbook playbooks/system.yml

Alternatively you can use its tag as well:

ansible-playbook main.yml --tags "system"

Roles

Playbooks are composed of roles defined in the roles directory, playbooks/roles.

To play only a specific role, e.g. system/base in the playbook system, run:

ansible-playbook playbooks/system.yml --tags "system:base"

Or from the main playbook:

ansible-playbook main.yml --tags "system:base"

Role sub-tasks

Some roles are split into smaller groups of tasks. This can be checked by looking at the tasks/main.yml file of a role, e.g. playbooks/roles/system/base/tasks/main.yml.

To play only a particular group within a role, e.g. sshd in base of system, run:

ansible-playbook playbooks/system.yml --tags "system:base:sshd"

Or from the main playbook:

ansible-playbook main.yml --tags "system:base:sshd"