This directory contains the Ansible playbooks used to configure the servers managed by the Rust Infrastructure team.
Executing a playbook
To execute a playbook you'll need to have Python 3 installed on the local machine and, if the environment requires it, the 1password CLI. Then you can execute this command:
./apply <environment> <playbook>
./apply prod monitoring
The playbook is the name of a file inside the
playbooks/ directory without
Executing a playbook on a new server
By default the
./apply script uses your current username to connect to the
server, but that might not be present the first time you want to execute a
playbook on a new server. You can override the user by passing the
-u flag to
./apply script followed by the username you want to use:
./apply <environment> <playbook> -u <username>
Making changes directly on production is not a great idea: to ease local
./apply script supports "environments". An environment is a
envs/ that contains an
hosts file and optionally some
group_vars. If the
1password-subdomain file the
script will also authenticate with 1password.
At the moment the only working environment present in the repository is
which points to our production servers. To run a playbook on it you'll have to
be a member of the infrastructure team with proper access.
dev-example environment instead is a dummy one with all the hostnames and
credentials replaced with dummy data. For local development is recommended to
copy it to
envs/dev (which is properly gitignored) and replace everything
with your local development credentials. Everyone should be able to do it.
Note: environments are not an Ansible feature, they're fully implemented in the
Overview of the configuration
A playbook is a list of roles to apply to a group of servers with some configuration attached to them. If you need to tweak a setting in a server's configuration you'll probably just need to tweak the playbook.
Playbooks live in the
A role is an isolated entity that contains all the necessary resources to deploy and configure a service in a server. Roles can't be applied directly but they need to be added to a playbook.
Roles live in the
roles/ directory, and each of them has its own
Variables contain configuration values that change between environments or that are shared between multiple playbooks. Global variables are loaded from multiple files, and can be overridden by the next file loaded. The order is the following: