Frickel Config Management via Ansible
Ask high-level questions in the forums or in #infrastruktur.
For specific problems or enhancements, please open an issue.
This manages metrics services living at https://metrics.kalk.space. See the role readme for details.
The config management is based on Ansible. To be able to test and apply changes to this repo you need to install it.
Configuration is split into roles:
roles/metrics- Configures metrics gathering & display services
Use this command to test changes before rolling them to a live node (requires Docker):
ansible-playbook test.yml --diffThis will not attempt to bring up any containers. It only tests config generation.
To check the config files, look at the diff output or run docker exec -ti <container_id> bash.
If you want to start a subsequent run with a fresh test environment, run:
ansible-playbook test.yml --diff -e recreate_test_env=trueSecrets are encrypted via Ansible vault. This allows us to not commit them in plaintext and still enjoy all benefits of git.
All secrets should be stored in vault/secrets.yml to collect them in a single place. vault/test-dummies.yml is used for setting mock values for testing.
The vault needs a password to decrypt secrets for production runs. Members of the admin team can find this in our password manager. Place it in ~/.kalkspace_ansible_vault_pass.
Use the site.yml playbook to apply changes to a production node. You need to have your SSH key in allowed_hosts of the root user on the host.
ansible-playbook site.yml --diff