Salt
79220bef76
From now on, nightly plays triggered by GitLab will be standard. Desktops will still use an ansible-pull configuration as there is no guarantee that they will be available at 1AM. |
||
---|---|---|
.templates | ||
contrib | ||
handlers | ||
inventory | ||
playbooks | ||
roles | ||
.ansible-lint | ||
.gitignore | ||
.gitlab-ci.yml | ||
.gitmodules | ||
ansible.cfg | ||
README.md | ||
reboot-home.yml | ||
reboot-prod.yml | ||
site.yml |
Salt's Ansible Repository
Useful for management across all of 9iron, thefuck, and desu.
TODO
-
Figure out a good monitoring solution that doesn't suck ass
-
Port over configs for Nextcloud on web1.9iron.club
Initialization
Clone the repo, cd
in. Done.
Deployment
Adding a new server will require the following be fulfilled:
-
The server is accessible from the Ansible host;
-
The server has a user named
ansible
which:-
Accepts the public key located in
contrib/desu.pub
; and -
Has passwordless sudo capabilities as root
-
-
The server is added to
inventory/hosts.yml
in an appropriate place; -
DNS records for the machine are set; and
-
The server is running Ubuntu 20.04 or greater
From there, running the playbook site.yml
should get the machine up to snuff. To automate the host-local steps, use the script file contrib/bootstrap.sh
.
Zerotier
A lot of my home-network side of things is connected together via ZeroTier; initial deployment/repairs may require specifying an ansible_host
for the inventory item in question to connect to it locally. Subsequent plays will require connectivity to my home ZeroTier network.
Cloud-managed devices require no such workarounds.
Ad-Hoc Commands
The inventory is configured to allow for ad-hoc commands with very little fuss. For example:
ansible -m shell -a 'systemctl is-failed ansible-pull.service' all
These commands must be run from the root of the repo.
Ansible Galaxy
Several of the roles in this repository are sourced from Ansible Galaxy. They're mirrored here for both easy compatibility with ansible-pull
and in case the sources go down. Despite this, they're still managed in roles/requirements.yml
for ease of management, source tracking, and updating. Any forks or deviations from these sources should be thoroughly documented.
Should you need to reinitialize them, the following command (run from the root of the repo) will initialize all Galaxy assets:
ansible-galaxy install -r roles/requirements.yml