ansible-edda/README.md

2.6 KiB

The Ansible Edda

Ansible playbooks for provisioning The Nine Worlds.

Secrets vault

  • Encrypt with: ansible-vault encrypt vault.yml
  • Decrypt with: ansible-vault decrypt secrets.yml
  • Encrypt all vault.yml in a directory with: ansible-vault encrypt directory/**/vault.yml
  • Decrypt all vault.yml in a directory with: ansible-vault decrypt directory/**/vault.yml
  • Run a playbook with ansible-playbook --vault-id @prompt playbook.yml

The Nine Worlds

The main entrypoint for The Nine Worlds is main.yml.

Keyring integration

Keyring integration requires python3-keyring to be installed.

To set the keyring password run:

./vault-keyring-client.py --set [--vault-id <vault-id>]

If --vault-id is not specified, the password will be stored under ansible.

To use the password from the keyring invoke playbooks with:

ansible-playbook --vault-id @vault-keyring-client.py ...

Production and testing

The inventory files are split into production and testing.

To run the main.yml playbook on production hosts:

ansible-playbook main.yml -i production

To run the main.yml playbook on production hosts:

ansible-playbook main.yml -i testing

Testing virtual machines

Scripts for starting, stopping, and reverting the testing virtual machines are located in scripts/testing.

Playbooks

The Ansible Edda playbook is composed of smaller playbooks. To run a single playbook, invoke the relevant playbook directly from the playbook directory. For example, to run the system playbook, run:

ansible-playbook playbooks/system.yml

Alternatively you can use its tag as well:

ansible-playbook main.yml --tags "system"

Roles

Playbooks are composed of roles defined in the roles directory, playbooks/roles.

To play only a specific role, e.g. system/base in the playbook system, run:

ansible-playbook playbooks/system.yml --tags "system:base"

Or from the main playbook:

ansible-playbook main.yml --tags "system:base"

Role sub-tasks

Some roles are split into smaller groups of tasks. This can be checked by looking at the tasks/main.yml file of a role, e.g. playbooks/roles/system/base/tasks/main.yml.

To play only a particular group within a role, e.g. sshd in base of system, run:

ansible-playbook playbooks/system.yml --tags "system:base:sshd"

Or from the main playbook:

ansible-playbook main.yml --tags "system:base:sshd"