This repo is a boilerplate for getting started for repos containing Ansible
playbooks. git clone
this project and be on your merry way.
Forked from the Ansible Boilerplate of Mike Chau under MIT Licence.
pip3 install pipenv
(may need to run this assudo
)
# Clone the latest copy of the repo
git clone --depth=1 --branch=master https://github.com/lucasmaurice/ansible-boilerplate.git
# Rename to the infrastructure name
mv ansible-boilerplate ansible-homelab-infrastructure
# Remove the origin
cd ansible-homelab-infrastructure && git remote rm origin
# Add your own infrastructure origin
git remote add origin git@github.com:lucasmaurice/ansible-homelab-infrastructure.git
# Push the repository to your own git
git push -u origin master
Command | What does it do? |
---|---|
make venv |
Create a virtual environement with all the dependency to run ansible |
make test |
Run all roles molecule tests. |
make ping |
Test access to all hosts. |
make galaxy-install |
Install missing galaxy roles. |
make galaxy-force-update |
Reinstall all galaxy roles. |
.
├── galaxy_roles
├── inventories
│ ├── group_vars
│ └── host_vars
├── notes
├── playbooks
├── roles
│ └── requirements.yml
├── tmp
├── .gitignore
├── .travis.yml
├── ansible.cfg
├── env-requirements.txt
├── LICENSE
├── log -> /tmp/ansible.log
├── Makefile
└── README.md
env-requirements.txt is the python dependancies needed for the make deploiement script.
This is a project specific configuration file to configure Ansible. View to see a more detailed explanation of the default settings provided by this project.
This is where you should install your third-party roles from Ansible Galaxy.
Recommended to configure galaxy-requirements.yml with the third party roles you are using.
This is where you should put the list of hosts for Ansible to connect to. It also contains directories for group_vars and host_vars.
Example:
.
├── group_vars
├── host_vars
└── production
We have a file called production
, but if you have a lot of environments,
instead of production
, you might call it production_app_name
or
app_name_production
, etc.
In it you might define it like so:
# inventories/production
[application]
app01.server.com
app02.server.com
app03.server.com
[database]
db01.server.com
[production:children]
application
database
production:children
, indicates to Ansible this is a group of made of all the
things in the groups listed below.
So its equivalent to manually writing:
# inventories/production
[production]
app01.server.com
app02.server.com
app03.server.com
db01.server.com
This directory contains yaml files which correspond to a group name, and tells Ansible to load the variables for the hosts in that group.
Example structure:
.
└── group_vars
├── all
│ └── ubuntu.yml
├── application
│ ├── rails.yml
│ └── secret
│ └── rails.yml
└── database
├── mysql.yml
├── postgresql.yml
└── secret
├── mysql.yml
└── postgresql.yml
all
- is a Ansible group, where it will be loaded for all hosts.application
- is a user defined group of hosts, we defined this in ourproduction
hosts file in the previous example.database
- is a user defined group of hosts, we defined this in ourproduction
hosts file in the previous example.
A group variable file looks like this:
# inventories/group_vars/application/rails.yml
---
rails_version: 5.0.0
So the rails_version
variable will be available for all hosts listed under application
(app[0-3].server.com).
NOTE: You might have noticed the secret
directory, this is where you can
take advantage of ansible-vault. For secret specific variables such as api keys and etc,
I like to put them inside a secret
folder, and encrypt the folder with ansible-vault
.
Secrets are prefixed with the key secret_
.
Example:
# Encrypted secrets for rails
# inventories/group_vars/application/secret/rails.yml
---
secret_rails_secret_token: 1db372dbc0a8200da1d7f9c51384fe0094c940628c497e7e519eb4977aba244cdad0ab9c4965383d2dc9244296ea6b889fe711d40dc590a4455d17e1a012db58
# Unencrypted secrets for rails
# inventories/group_vars/application/rails.yml
---
rails_version: 5.0.0
rails_secret_token: "{{ secret_rails_secret_token }}"
You can see our unencrypted variable file reference the encrypted variable file's variable in secret
.
host_vars
work just like group_vars
, but instead of naming it after a
group name, you use the hostname
. The variables only be loaded for that specific host.
Example:
.
└── host_vars
└── app01.server.com
└── rails.yml
- Inventory - http://docs.ansible.com/ansible/intro_inventory.html
- Variables - http://docs.ansible.com/ansible/playbooks_variables.html
By default this is just a symlink to tmp/ansible.log
.
This is where you can add your notes for things like manual configuration.
This is where playbooks should be placed.
Edit this yml file to add your third-party roles from Github or Ansible Galaxy.
Then install your roles with this command:
ansible-galaxy install -r requirements.yml
This is where you can add your custom Ansible roles for usage by your playbooks.
Roles - http://docs.ansible.com/ansible/playbooks_roles.html#roles
A tmp directory for convenience. For example, you may prefer to write logs here.
MIT