The ansible files for the pains-perdus infra.
Find a file
2021-01-27 01:27:04 +01:00
group_vars/all setup 'prod' variables 2021-01-27 01:27:04 +01:00
roles try and fail to reduce acces to the private key 2021-01-27 01:23:23 +01:00
.gitignore add certbot, wip 2020-10-13 01:25:02 +02:00
ansible.cfg add certbot, wip 2020-10-13 01:25:02 +02:00
base.yml add basic tools 2020-10-12 09:59:51 +02:00
dns.yml free the port 53 for nginx 2021-01-23 13:45:25 +01:00
gitea.yml use https 2021-01-27 00:26:09 +01:00
hosts setup 'prod' variables 2021-01-27 01:27:04 +01:00
keycloak.yml generate self signed certificate 2021-01-26 19:36:59 +01:00
LICENSE Initial commit 2020-10-05 09:38:11 +02:00
README.md add some note about the ssh-agent 2021-01-22 23:11:38 +01:00
web_services.yml split the reverse_proxy role to implement a separate reverse proxy for stream 2021-01-23 01:19:21 +01:00

ansible

The ansible files for the pains-perdus infra.

Deploy a playbook

ansible-playbook playbook.yml

Add --check to do a dry run

Edit the vault

ansible-vault edit group_vars/all/vault

with the edditor defined in the env varible $EDITOR and the password of the vault in the file .vault_password (Carefull not to commit it!!!)

SSH key whith passphrase

To avoid entering the passphrase of the ssh key for each host, we have to use an ssh-agent. The ssh-agent with xonsh does not really works, so in my case I have to use ansible and the agent inside a sh process:

sh
eval `ssh-agent -s`
ssh-add
ansible all -m ping # or whatever you want to do with ansible
exit