yuca ansible configuration
Welcome to the early stage of the yuca ansible configuration :)
The aim here is to slowly switch all configuration over to using ansible.
- a working installation of ansible >= 2.4 such that you have
- an account on
yuca.yunity.orgwith sudo powers
- access to the vault password (ask @nicksellen or @tiltec or @NerdyProjects)
Clone this repo:
git clone email@example.com:yunity/yuca.git cd yuca
If needed, add your local configuration (e.g. your private ssh key):
cp group_vars/all.yml.example group_vars/all.yml # edit contents of group_vars/all.yml
manage the vault password
The vault stores secrets for use on the server.
I highly recommend using pass as it works very nicely with the vault mechanism.
For example, if you have the vault password store as
yuca.vault you can copy the file
- use your standard pass password to unlock any of your vault passwords
- caches unlocked passwords for a period of time so you don't need to enter it every time
Alternatively, you could write your own
now run a playbook
Setup karrot-dev (for example):
adding another site
cd playbooks cp -r karrot-dev your-new-site
roles is symlinked like so:
playbooks/your-new-site/roles -> roles.
Note copy the most simliar site to what you want to configure
editing encrypted files
If you need to edit the secrets, you can do so like this:
ansible-vault edit playbooks/karrot-dev/secrets.vars.yml
If you install ansible-lint you can run
- don't add anything to master that you are not happy for other people to run at any time
- playbook files are named
- var files are named
- playbooks are contained within a directory for that site, e.g.
- name all tasks (in lowercase)
- implement everything as a reusable
- use ansible-vault for storing sensitive data
- store secret vars in
- always use
- don't check in code that fails the
- when running a playbook it should all be green/ok if nothing has actually changed
If you are only changing part of the configuration there may be some tags configured.
karrot-dev / karrot-world
If you are only changing nginx related setup configuration you can do it very quickly using the
nginx tag, e.g.:
ansible-playbook playbooks/karrot-dev/setup.playbook.yml --tags nginx
local testing with vagrant
You can run playbooks against a local vagrant vm. This lets you check whether the playbook is actually able to setup the server from fresh and lets you try out changes before you run them in production.
First start the vagrant box, configure your ssh file and run the playbook.
vagrant up vagrant ssh-config >> ~/.ssh/config ansible-playbook -i inventory_vagrant playbooks/karrot-dev/setup.playbook.yml
After some time, see if it works:
curl -k -H 'Host: dev.karrot.world' https://localhost:8443/
It should say
curl -k -H 'Host: dev.karrot.world' https://localhost:8443/api/
It should return JSON.