infra-waku/ansible/README.md

63 lines
2.3 KiB
Markdown

# Description
Herein lie all ansible related files __except__ for `ansible.cfg` at the root of the repo for easier usage without having to `cd` here.
# Usage
Simply run the play related to the specific type of configuration you want to deploy:
```sh
> ls -1 ansible/*.yml
ansible/bootstrap.yml
ansible/upgrade.yml
ansible/main.yml
```
```sh
ansible-playbook ansible/main.yml
```
# Bootstrap
All hosts are bootstraped right after provisioning using these roles:
* [status-im/infra-role-bootstrap-linux](https://github.com/status-im/infra-role-bootstrap-linux)
* [status-im/infra-role-bootstrap-macos](https://github.com/status-im/infra-role-bootstrap-macos)
* [status-im/infra-role-bootstrap-windows](https://github.com/status-im/infra-role-bootstrap-windows)
If you want to re-run any bootstrap step you can do it like so:
```sh
ansible-playbook ansible/bootstrap.yml -t role::bootstrap:hostname
```
In this case only the `hostname` set of tasks will be executed due to the `role::bootstrap:hostname` tag.
# Inventory
The inventory we use is crated by Terraform via the [`terraform-provider-ansible`](https://github.com/nbering/terraform-provider-ansible) which generates the necessary data structures in the [Consul Key/Value store](https://www.consul.io/docs/dynamic-app-config/kv) that is later used by the [`terraform.py`](./terraform.py) script to provide hosts and their variables to Ansible.
Some ways to view existing hosts:
```sh
ansible localhost -m debug -a 'var=groups'
ansible all -o -m debug -a 'var=ansible_host' | columns -t
```
# Variables
Ansible variables can be provided to Ansible using the `--extra-vars`/`-e` flag. An example of such a flag is
```yaml
compose_state: 'present'
compose_recreate: 'smart'
compose_restart: false
```
These are used in every role that starts docker containers. You can use them to change the behaviour of roles.
For example to re-create all metric related containers use:
```sh
ansible-playbook ansible/main.yml -e compose_recreate=always
```
# Secrets
Secrets are stored and provided in two ways:
* [password-store](https://www.passwordstore.org/) through the [`passwordstore` lookup plugin](https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html)
* [BitWarden](https://bitwarden.com/) through the [`./lookup_plugins/bitwarden.py`](./lookup_plugins/bitwarden.py) plugin.