This project configures my instances in the ovh-cloud thanks to these ansible playbooks.
updated bastion role
Updated gitmodules


browse  log 



You can also use your local clone with git send-email.


This project configures my instances in the ovh-cloud thanks to these ansible playbooks.

The inventory is generated dynamically thanks to a python script (see my terraform project).


All the best practices that I've tried to apply for ansible, anti pattern to avoid, other tips and such are documented in the notes.org file.


ansible-galaxy install -r requirements.yml


#Roles variables

Look into each role in the repository to know which variables to set.

You can pass variables through the playbook or in the command-line or a var file (create one in the /vars/main.yml and encrypt it with ansible-vault if it contains secret) or an encrypted file in the roles//vars, the choice is yours.

Some variables(not exhaustive) that needs to be passed/set:



If you want to use this project with the terraform one that I've done.


python3 create_ansible_inventory.py

This is going to create a file named inventory in the current dir and from there you can copy it to the ansible directory.

Get an inventory and put it in the inventory directory.

The hosts groups expected are:

- bastion
- git
- filegator
- blog
- drone
ansible-playbook -i inventory/inventory site.yml

#Run the command below once to get the hosts added to your known hosts files

See https://gist.github.com/cbrunnkvist/2a6090b35a9de7e8bac7c2f49ddb7409

ansible-playbook -i inventory/inventory site.yml --ask-vault-password --ssh-extra-args="-o UpdateHostKeys=yes -o StrictHostKeyChecking=accept-new" 

Once this is done, prefer the use of the command below for future runs

ansible-playbook -i inventory/inventory site.yml --ask-vault-password

To apply only the configuration to a bastion host or a group of hosts do:

ansible-playbook -i inventory/inventory site.yml --limit bastion
ansible-playbook -i inventory/inventory site.yml --limit bastion,blog

The bastion role needs to be run before any other role, because at the moment the iptables rules to setup the nat are done at the ansible level not the terraform one.

#Group Variables

In the groups vars you can set these, adjust to your config:

ansible_connection: ssh
ansible_ssh_user: debian
ansible_ssh_private_key_file: <path to key file>


To test a role go into their directories and do:

molecule test