We want to share our recipes ansible playbooks, but not our sensitive data.
This repository main branch comes from the cleanup branch of our private and archived repository.
The configuration part (inventory, users, passwords, files, keys, sensitive data) have been moved into private repository.
- Install
ansible(tested with v2.20) - clone the repository
- copy setup.cfg.sample into setup.cfg
- CONF_REPO_URL <- URL to be cloned for the configuration
- VAULT_PASSWORD_FILE <- PATH to a file containing the vault password
- configure setup.cfg
- run ./_setup_playbooks.sh
- add ssh host keys, after each inventory change:
ansible-playbook add_ssh_host_keys.yml
conf is documented in ansible-playbooks-sim.
-
When not specified, the playbooks are run against all host from the inventory. This can be changed using the extra variable
h.ansible-playbooks -e 'h=VALUE_OF_HOSTS_VARIABLE, see the ansible doc. -
When not specified, the configuration directory is
./conf. This can be changed using the extra variableconf_dir.ansible-playbooks -e 'conf_dir=/somewhere/else -
Playbooks:
full.yml: Do all standard configurationadd_ssh_host_keys.yml: Add ssh hosts keys to known hosts, should be run when a machine is added to the inventory.check_inventory_and_users.yml: run a sanity check on$conf_dir/usersand$conf_dir/inventorymotd.ymlsetup motd.test_today.ymlthe WIP playbook.