2024-09-24 10:20:42 +00:00
|
|
|
# Verdnatura Ansible playbooks
|
|
|
|
|
|
|
|
|
|
Collection of Ansible playbooks used in the Verdnatura server farm.
|
|
|
|
|
|
|
|
|
|
## Install Ansible
|
|
|
|
|
|
|
|
|
|
Instal Ansible on Debian.
|
|
|
|
|
```
|
|
|
|
|
apt install ansible
|
|
|
|
|
```
|
|
|
|
|
|
2024-09-30 12:25:35 +00:00
|
|
|
Install dependencies.
|
|
|
|
|
```
|
|
|
|
|
ansible-galaxy collection install -r collections/requirements.yml
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Create Python virtual environment.
|
|
|
|
|
```
|
2024-10-01 12:14:51 +00:00
|
|
|
python3 -m venv venv
|
|
|
|
|
source venv/bin/activate
|
|
|
|
|
pip install --upgrade pip ansible==10.1.0 ansible-builder==3.1.0
|
2024-09-30 12:25:35 +00:00
|
|
|
pip install -r requirements.txt
|
|
|
|
|
```
|
|
|
|
|
|
2024-09-24 10:20:42 +00:00
|
|
|
## Run playbook
|
|
|
|
|
|
|
|
|
|
Before merging changes into protected branches, playbooks should be tested
|
|
|
|
|
locally to ensure they work properly.
|
|
|
|
|
|
2024-09-24 11:10:26 +00:00
|
|
|
Launch playbook on the fly on a host not declared in the inventory.
|
2024-09-24 10:20:42 +00:00
|
|
|
```
|
2024-09-30 06:07:30 +00:00
|
|
|
ansible-playbook -i <ip_or_hostname>, [-t tag1,tag2] playbooks/test.yml
|
2024-09-24 10:20:42 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
*Note the comma at the end of the hostname or IP.*
|
|
|
|
|
|
2024-09-27 11:26:47 +00:00
|
|
|
## Manage vault
|
|
|
|
|
|
2024-09-27 18:40:10 +00:00
|
|
|
To manage Ansible vault place the password into *.vaultpass* file.
|
2024-09-27 11:26:47 +00:00
|
|
|
|
2024-09-27 18:40:43 +00:00
|
|
|
View or edit the vault file.
|
2024-09-27 11:26:47 +00:00
|
|
|
```
|
2024-09-27 18:40:10 +00:00
|
|
|
ansible-vault {view,edit} --vault-pass-file .vaultpass vault.yml
|
2024-09-27 11:26:47 +00:00
|
|
|
```
|
|
|
|
|
|
2024-09-27 18:40:10 +00:00
|
|
|
When running playbooks that use the vault the *vault-playbook.sh* script can
|
|
|
|
|
be used, it is ovelay over the original *ansible-playbook* command.
|
|
|
|
|
|
2024-10-01 12:14:51 +00:00
|
|
|
## Create execution environment
|
|
|
|
|
|
|
|
|
|
Create an image with *ansible-builder* and upload it to registry.
|
|
|
|
|
```
|
|
|
|
|
ansible-builder build --tag ansible-runner:vn1
|
|
|
|
|
```
|
|
|
|
|
|
2024-09-24 10:28:52 +00:00
|
|
|
## Common playbooks
|
2024-09-24 10:20:42 +00:00
|
|
|
|
2024-09-25 21:31:56 +00:00
|
|
|
* **facts.yml**: Collect and display facts from a host
|
2024-09-26 12:57:01 +00:00
|
|
|
* **ping.yml**: Check that a host is alive and reachable
|
2024-09-25 21:31:56 +00:00
|
|
|
* **awx.yml**: Create and configure AWX user
|
2024-09-24 10:20:42 +00:00
|
|
|
* **debian.yml**: Setup base Debian server
|
|
|
|
|
|
|
|
|
|
## Documentation
|
|
|
|
|
|
|
|
|
|
* https://docs.ansible.com/ansible/latest/reference_appendices/config.html
|
|
|
|
|
* https://docs.ansible.com/ansible/latest/collections/ansible/builtin/gather_facts_module.html
|
|
|
|
|
* https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_vars_facts.html
|
2024-09-30 12:25:35 +00:00
|
|
|
* https://www.passbolt.com/blog/managing-secrets-in-ansible-using-passbolt
|
|
|
|
|
* https://galaxy.ansible.com/ui/repo/published/anatomicjc/passbolt/
|
2024-10-01 12:14:51 +00:00
|
|
|
* https://www.ansible.com/blog/introduction-to-ansible-builder/
|
