/play_core

The core/base of my ansible playbook structure

Primary LanguageShellApache License 2.0Apache-2.0

Core module of my ansible playbook structure

A set of playbooks to maintain our servers.

How to run a play

Usage:
  ./tools/run_playbook.sh <-p path/to/playbook> [-l <limit>] [--install-requirements] [-b]

	-p,	--playbook
			Path to playbook directory, relative to repo root
	-l,	--limit
			Limit playboot to specific hosts or groups
			e.g.: "-l host0,host1,group0,group1"
	-b,	--bootstrap
			Bootstrap Server. This is for Server where the base role was never executed on.
		--install-requirements
			Install ansible-galaxy requirements

Plabook structure

plabook structure and dependencies

#titel: nomnoml

#direction: right
#.play: visual=note
#.dir: fill=#878787 stroke=#f2f2f2 dashed
#.roleapp: fill=#eb4034
#.rolesystem: fill=#c2c2c2

[<dir> playbook]

[<package> playbook/inventory|
  - host
]

[<play> playbook/bootstrap.yml]
[<play> playbook/upgrade.yml]
[<play> playbook/plabook.yml]

[<rolesystem> system.base]
[<rolesystem> system.base.x86_64_server]

[system.base.x86_64_server]-->[system.base]

[<roleapp> app.role]

[playbook/inventory]-[playbook]
[playbook]->[playbook/bootstrap.yml]
[playbook]->[playbook/upgrade.yml]
[playbook/bootstrap.yml]->[playbook/plabook.yml]
[playbook/upgrade.yml]->[playbook/plabook.yml]
[playbook/plabook.yml]->[system.base.x86_64_server]
[playbook/plabook.yml]->[app.role]

Role naming scheme

          Role which will install/configure a/n program/app.
          |
username.<app|system>.role_name
              |
              Role which will configure the system.

Useful commands

Encrypt variables with Ansible Vault

ansible-vault encrypt_string --vault-id @prompt 'string_to_encrypt' --name 'the_secret'

Encrypt files with Ansible Vault

ansible-vault encrypt <file>

Debug a variable

- name: debug
  ansible.builtin.debug:
    var: variable_to_debug

End playbook here

- name: End playbook here
  ansible.builtin.meta: end_play

pre requiements

Install requirements from ansible galaxy:

ansible-galaxy install -r "./requirements.yml"

Run a playbook with ansible vault

ansible-playbook --vault-id @prompt -i ./inventory ./[bootstrap|site].yml

Run a playbook with ansible vault but limit a specific host

ansible-playbook --vault-id @prompt -i ./inventory --limit <inventory_name_of_host_or_name_of_group> ./[bootstrap|site].yml

Upload folder via rsync to server

rsync -avzh ../playbooks user@host.tld:~/

Known issues

python fork bug

Bug

objc[53614]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called.
objc[53614]: +[__NSCFConstantString initialize] may have been in progress in another thread when fork() was called. We cannot safely call it or ignore it in the fork() child process. Crashing instead. Set a breakpoint on objc_initializeAfterForkError to debug.

Fix

export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES