Configuration management for Ouranos servers.
Contents
- Install Ansible version 2.6 or newer on your machine. Ansible do not need to be installed on any of the hosts you need to manage.
- Run download-ansible-galaxy-roles.sh to download the other roles this playbook needs.
- You have ssh login as root on all the hosts you need to manage.
- Ssh login without password using ssh keys is a must since during one single play, Ansible will make many ssh connections, you do not want to have to re-type your password manually each and every time.
Use the wrapper script ansible/run-ansible-playbook to avoid having to type several
ansible-play options over and over again. All valid ansible-play
options can be given to the wrapper script, it will forward those options to
ansible-play.
Example:
cd ansible # dry-run (no "force"), all hosts, all roles ./run-ansible-playbook /path/to/inventory_file # for real, all hosts, all roles ./run-ansible-playbook /path/to/inventory_file force # for real, only gitlab-ci and docker tags for all hosts ./run-ansible-playbook /path/to/inventory_file force -t gitlab-ci,docker # for real, only gitlab-ci and docker tags, only for hosts gitlab and jenkins ./run-ansible-playbook /path/to/inventory_file force -t gitlab-ci,docker -l gitlab,jenkins
Try to re-use exiting roles from Ansible Galaxy instead of writing our own. But to ensure reproducibility, we need to pin the exact version we use in ansible-requirements.yml (used by download-ansible-galaxy-roles.sh).
The directory layout is following Ansible suggested best practices.
ansible/site.yml provides a very good overview of what are being done on each hosts (roles used), the list of hosts on the current site and list of tags available to filter which roles to run.
All private secrets and exact hostnames are in the inventory file. The hostnames in ansible/site.yml are pseudo hostnames. See ansible/sample-inventory.
Roles should try to be as generic/re-usable as much as possible, as the other roles we re-use from Ansible Galaxy.