Skip to content

Files

Latest commit

f1ba0ce · Jan 15, 2020

History

History
103 lines (66 loc) · 2.86 KB

README.rst

File metadata and controls

103 lines (66 loc) · 2.86 KB

Ouranos-ansible

Configuration management for Ouranos servers.

  • You have ssh login as root on all the hosts you need to manage.
  • Ssh login without password using ssh keys is a must since during one single play, Ansible will make many ssh connections, you do not want to have to re-type your password manually each and every time.

Use the wrapper script ansible/run-ansible-playbook to avoid having to type several ansible-play options over and over again. All valid ansible-play options can be given to the wrapper script, it will forward those options to ansible-play.

Example:

cd ansible

# dry-run (no "force"), all hosts, all roles
./run-ansible-playbook /path/to/inventory_file

# for real, all hosts, all roles
./run-ansible-playbook /path/to/inventory_file force

# for real, only gitlab-ci and docker tags for all hosts
./run-ansible-playbook /path/to/inventory_file force -t gitlab-ci,docker

# for real, only gitlab-ci and docker tags, only for hosts gitlab and jenkins
./run-ansible-playbook /path/to/inventory_file force -t gitlab-ci,docker -l gitlab,jenkins

Try to re-use exiting roles from Ansible Galaxy instead of writing our own. But to ensure reproducibility, we need to pin the exact version we use in ansible-requirements.yml (used by download-ansible-galaxy-roles.sh).

The directory layout is following Ansible suggested best practices.

ansible/site.yml provides a very good overview of what are being done on each hosts (roles used), the list of hosts on the current site and list of tags available to filter which roles to run.

All private secrets and exact hostnames are in the inventory file. The hostnames in ansible/site.yml are pseudo hostnames. See ansible/sample-inventory.

Roles should try to be as generic/re-usable as much as possible, as the other roles we re-use from Ansible Galaxy.