rhizogenes/configs
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
configs/README.md
onalyrg 1c55a9baed
Merge branch 'infra_first_commit'
2025-05-09 23:25:40 +02:00

7.7 KiB
Raw Permalink Blame History

configs

Ansible playbooks and roles used to deploy configurations for the Rhizogenes infrastructure.

Prerequisites

  • ssh client with ssh-agent
  • git client -- necessary
  • bash -- needed only for shell scripts
  • ansible (>= 2.7) -- necessary
  • rsync -- needed only for the script sync-test.sh
  • ansible-lint (>= 2.7) -- non-necessary, recommended
  • sshpass -- non-necessary (used to type ssh password only once when using postinstall.sh)
  • gnupg + pass + pass-ansible repo -- non-necessary, needed for pass-client.sh, recommended for postinstall.sh

If you decide to clone the repo elsewhere than ~/git/configs :

$ echo "CONFIGS_DIR=path_of_your_clone" >> .bashrc

Simple usage

~/git$ export u=ansible; g=gitolite3
~/git$ git clone --recursive ${g}@ov2.rhizogen.es.eu.org/onalyrg-public/configs.git && cd configs
# make your changes
# **TEST** your changes
~/git/configs$ ansible-playbook -v -D -i inventory/hosts --vault-id other/ansible-vault/default@pass-client.sh g02.rhizogen.es.eu.org.yaml
# push :
~/git/configs$ git add -A
~/git/configs$ git commit -p -m "commit message"
~/git/configs$ git push
~/git/configs$ ssh -A ${u}@ov2.rhizogen.es.eu.org 'cd ~/git/configs/ && git pull'
~/git/configs$ ssh -t -A ${u}@ov2.rhizogen.es.eu.org 'ansible-playbook -D -i ~/git/configs/inventory/hosts --ask-vault-pass ~/git/configs/g02.rhizogen.es.eu.org.yaml'

Recommended usage, automated

~/git$ export u=ansible; g=gitolite3
~/git$ git clone --recursive ${g}@ov2.rhizogen.es.eu.org/onalyrg-public/configs.git && cd configs
# make your changes, in a branch :
~/git/configs$ ./gitwrap.sh newfeature myproject
~/git/configs$ [...] #changes
# **TEST** your changes :
~/git/configs$ ./gitwrap.sh add -A
~/git/configs$ ./gitwrap.sh commit -m "commit message"
~/git/configs$ ./sync-test.sh g02.rhizogen.es.eu.org
# you can also use these tools :
~/git/configs$ ansible-playbook -i ~/git/configs/inventory/hosts --syntax-check ~/git/configs/g02.rhizogen.es.eu.org.yaml
~/git/configs$ ansible-lint g02.rhizogen.es.eu.org.yaml
# if everything's OK, push to prod :
~/git/configs$ ./gitwrap.sh checkout master
~/git/configs$ ./gitwrap.sh fusion myproject
~/git/configs$ ./push-prod.sh g02.rhizogen.es.eu.org
# if you are sure of yourself, delete your branch and cleanup :
~/git/configs$ ./gitwrap.sh branch -D myproject
~/git/configs$ ssh -A ${u}@ov2.rhizogen.es.eu.org "rm -rf /tmp/git/configs-myproject-g02.rhizogen.es.eu.org"

Recommended usage, by hand

~/git$ export u=ansible; g=gitolite3
~/git$ git clone --recursive ${g}@ov2.rhizogen.es.eu.org/onalyrg-public/configs.git && cd configs
# make your changes, in a branch :
~/git/configs$ cd inventory && git branch myproject ; cd .. && git branch myproject
~/git/configs$ cd inventory && git checkout myproject ; cd .. && git checkout myproject
~/git/configs$ [...] #changes
# **TEST** your changes :
~/git/configs$ cd inventory && git add [...] && git commit -m "commit message"
~/git/configs/inventory$ cd .. && git add [...] && git add inventory && git commit -m "commit message"
~/git/configs$ ./sync-test.sh g02.rhizogen.es.eu.org
# you can also use these tools :
~/git/configs$ ansible-playbook -i ~/git/configs/inventory/hosts --syntax-check ~/git/configs/g02.rhizogen.es.eu.org.yaml
~/git/configs$ ansible-lint g02.rhizogen.es.eu.org.yaml
# if everything's OK, push to prod :
~/git/configs$ cd inventory && git checkout master ; cd .. && git checkout master
~/git/configs$ cd inventory && git merge --no-commit --squash myproject && git commit -m "merging myproject"
~/git/configs/inventory$ cd .. && git merge --no-commit --squash myproject && git add inventory && git commit -m "merging myproject"
~/git/configs$ ./push-prod.sh g02.rhizogen.es.eu.org
# if you are sure of yourself, delete your branch and cleanup :
~/git/configs$ cd inventory && git branch -D myproject ; cd .. && git branch -D myproject
~/git/configs$ ssh -A ${u}@ov2.rhizogen.es.eu.org "rm -rf /tmp/git/configs-myproject-g02.rhizogen.es.eu.org"

Ansible cheatsheet

Encrypt the value foo-bar-quux of variable var_name :

~/git/configs$ ansible-vault encrypt_string 'foo-bar-quux' --name 'var_name' --ask-vault-pass
# OR
~/git/configs$ ansible-vault encrypt_string 'foo-bar-quux' --name 'var_name' --vault-id other/ansible-vault/default@~/git/configs/pass-client.sh

Encrypt a file :

~/git/configs$ ansible-vault encrypt inventory/files/secret_file --ask-vault-pass
# OR
~/git/configs$ ansible-vault encrypt inventory/files/secret_file --vault-id other/ansible-vault/default@~/git/configs/pass-client.sh

Print the value of the variable var_name located in the file inventory/group_vars/all.yaml :

~/git/configs$ ansible localhost -m debug -a var=var_name -e @inventory/group_vars/all.yaml --vault-id other/ansible-vault/default@~/git/configs/pass-client.sh

Or, more simply :

~/git/configs$ ./ansible_decrypt_string.sh var_name --vault-id other/ansible-vault/default@~/git/configs/pass-client.sh

Print the content of an encrypted file :

~/git/configs$ ansible-vault view inventory/files/secret_file --vault-id other/ansible-vault/default@~/git/configs/pass-client.sh

Print the result of a template for a specific machine :

~/git/configs$ ansible-inventory -i inventory/hosts --vault-id other/ansible-vault/default@~/git/configs/pass-client.sh --host g02 | j2 -f json roles/timezone/templates/timezone.j2

Structure

.
├── gitwrap.sh                : utility to run some git commands recursively across submodules
├── pass-ansible.sh           : utility to get the vault password from a configured pass repo and pass it to ansible
├── postinstall.sh            : utility to setup dependencies needed for ansible to be able to run on the host
│                               (after a fresh install)
├── push-prod.sh              : utility to help pushing changes to prod, via a remote administration machine
├── push-test.sh              : utility to help testing changes, via a remote administration machine, using git
├── sync-test.sh              : utility to help testing changes, via a remote administration machine, using rsync
├── lib/                      : dependencies for repo's utilities
│  
├── *.rhizogen.es.eu.org.yaml : yaml of a playbook (usually a host or a group of hosts)
├── inventory/                : contains the definition of every host, their domain names, roles and specific variables
│   ├── files/                : static files containing infra-specific data, usually generated from other repos
│   ├── group_vars            : variables common to each group
│   │   └── all.yaml          : variables common to the whole inventory
│   ├── hosts                 : hierarchy of groups and hosts
│   └── host_vars/            : variables specific to hosts
│       └── *.yaml
└── roles/                    : contains the various roles and associated playbooks
    ├── skel/                 : A skeleton role containing example files to make role creation easier
    │                           Usage: $ cp -r roles/skel roles/mynewrole
    └── */
        ├── files/            : the files to copy, links to inventory/files/(...) are found there
        ├── handlers/         : the handlers necessary for tasks
        │   └── main.yaml
        ├── meta/             : the dependencies (roles to execute before running this one)
        │   └── main.yaml
        ├── tasks/            : the actual tasks for the playbooks
        │   └── main.yaml
        └── templates/        : the files whose content depends on vars and facts
            └── *.j2