playbooks | ||
plays | ||
plugins | ||
.flake8 | ||
.gitignore | ||
ansible.cfg | ||
ci-requirements.txt | ||
main.yml | ||
makefile | ||
production | ||
README.md | ||
testing |
The Ansible Edda
Ansible playbooks for provisioning The Nine Worlds.
Secrets vault
- Encrypt with:
ansible-vault encrypt secrets.yml
- Decrypt with:
ansible-vault decrypt secrets.yml
- Print secrets to STDOUT:
ansible-vault decrypt --output - secrets.yml
- Run a playbook with
ansible-playbook --vault-id @prompt playbook.yml
The Nine Worlds
The main entrypoint for The Nine Worlds is main.yml
.
Production and testing
The inventory files are split into production
and testing
.
To run the main.yml
playbook on production hosts:
ansible-playbook main.yml -i production
To run the main.yml
playbook on production hosts:
ansible-playbook main.yml -i testing
Playbooks
The Nine Worlds playbook is composed of smaller playbooks
. To run a single playbook,
invoke the main.yml
playbook directly from the desired playbook's directory. For example, to run
the system
playbook, run:
ansible-playbook plays/system/main.yml
Roles
Playbooks are composed of roles defined in the playbook's roles
directory, e.g.
plays/system/roles
for system
.
To play only a specific role in a playbook, e.g. base
in the playbook system
, run:
ansible-playbook plays/system/main.yml --tags "system:base"
Role sub-tasks
Some roles are split into smaller groups of tasks. This can be checked by looking at the
tasks/main.yml
file of a role, e.g.
plays/system/roles/base/tasks/main.yml
.
To play only a particular group within a role, e.g. sshd
in base
of system
, run:
ansible-playbook plays/system/main.yml --tags "system:base:sshd"