This is a work in progress, as I am redoing a bit how I do configuration management.
The main source is in a private repo, but I put here as much material as I can make public.
Inventory, vaults, etc. remain in the private repo.
+
+## Ansible
+
+### Initial setup
+
+Symlink everything in this directory into your root infrastructure directory.
+
+Create an `inventory` file.
+
+Run `./setup_venv` to create a virtual environment.
+
+Create `vault_password` with a vault password.
+
+### Usage
+
+Run `. .venv/bin/activate` to activate the virtual environment.
+
+Run Ansible commands normally.
+
+## Ansible/Puppet integration
+
+I prefer using Ansible for orchestration, and Puppet for configuration management.
+
+`playbooks/apply_puppet.yml` runs Puppet using Ansible.
+The `puppet` directory contains Puppet manifests.
+
+The playbook adds the Ansible inventory to Puppet using Hiera.
unarchive:
src: "{{ local_temp.path }}/puppet.tar.gz"
dest: "{{ remote_temp.path }}"
+ - name: dump variables
+ copy:
+ dest: "{{ remote_temp.path }}/vars.json"
+ content: "{{ hostvars }}"
+ - name: create hiera.yaml
+ copy:
+ dest: "{{ remote_temp.path }}/hiera.yaml"
+ content: |
+ version: 5
+ hierarchy:
+ - name: ansible
+ datadir: {{ remote_temp.path }}
+ path: vars.json
+ data_hash: json_data
- name: run puppet
- command: puppet apply {{ remote_temp.path }}
+ command: puppet apply {{ remote_temp.path }} --modulepath={{ remote_temp.path }}/puppet/modules --hiera_config={{ remote_temp.path }}/hiera.yaml
+ environment:
+ FACTER_ansible_inventory_hostname: "{{ inventory_hostname }}"
- name: clean up local temporary directory
file:
state: absent
--- /dev/null
+class proxmox {
+ file {'/etc/network/interfaces':
+ content => epp('proxmox/interfaces', {
+ "network" => lookup("'$ansible_inventory_hostname'.network"),
+ }),
+ }
+ ~>
+ exec {'/usr/sbin/ifreload -a':
+ refreshonly => true
+ }
+}
--- /dev/null
+auto lo
+iface lo inet loopback
+
+auto eno1
+iface eno1 inet static
+ address <%= $network['ip'] %>
+ netmask <%= $network['netmask'] %>
+ gateway <%= $network['gateway'] %>
+
+auto vmbr0
+iface vmbr0 inet static
+ address <%= $network['proxmox']['ip'] %>
+ netmask <%= $network['proxmox']['netmask'] %>
+ bridge_ports none
+ bridge_stp off
+ bridge_fd 0
+ post-up echo 1 > /proc/sys/net/ipv4/ip_forward
+ post-up iptables -t nat -A POSTROUTING -s '<%= $network['proxmox']['network'] %>' -o eno1 -j MASQUERADE
node 'h1.pdp7.net' {
+ class {'proxmox':}
}
projects / alex.git / commitdiff