Production runs of Ansible take place on the host or jail to be configured, as the {{service_user}}
, with a command line such as
ansible-playbook local.yml --vault-password=~/.vault-password
This playbook automatically determines which host it's runnning on based on the hostname and configures it accordingly.
Supply host-specific variables in group_vars/$hostname
.
To bootstrap a newly-installed system, use ./bootstrap HOSTNAME
.
Default is to log in to the remote system using your current username.
To change the remote login, use ./bootstrap HOSTNAME USERNAME
.
Before running the script, ensure:
- The basic system is installed (FreeBSD 10.0+) on the host
- Networking for the host is fully configured
- The hostname (uname -n) of the host is set correctly
- Sudo configured for a non-root user to become root
- You know the vault password
Secrets are stored in secrets.yml
in the top-level directory, which is encrypted with ansible-vault.
To run Ansible with these production secrets, you will need to supply a shared vault password.
All secrets are loaded into Ansible variables.
By convention, these variables should be named with the prefix secret_
.
You can edit the secrets with ansible-vault --vault-password=~/.vault-password edit secrets.yml
.
This repository contains a few files unrelated to Ansible:
buildbot.asc
- Buildbot Release Team Keyringscripts/
- some scripts not under configuration management yet