/sf-infra/directory-tree.dhall
Copy path to clipboardSource
let Prelude = ../Infra/Prelude.dhall
let Infra = ../Infra/package.dhall
let vars = ../vars/package.dhall
let sshconfig =
let mkConn =
\(instance : Infra.Instance.Type) ->
let optional-proxy =
merge
{ None = ""
, Some =
\(command : Text) -> " ProxyCommand " ++ command
}
instance.connection.proxy_command
in ''
Host ${instance.name}
User ${instance.connection.ansible_user}
Port ${Natural/show instance.connection.ansible_port}
${optional-proxy}
''
in ''
Host *
ControlMaster auto
ControlPath /run/user/1000/%r@%h:%p
''
++ Prelude.Text.concat
( Prelude.List.map
Infra.Instance.Type
Text
mkConn
vars.instances
)
let header =
''
# This file is managed by the ./vars/directory-tree.dhall file.
''
let Inventory =
Prelude.Text.concatSep
"\n"
( Prelude.List.map
Infra.Instance.Type
Text
(\(instance : Infra.Instance.Type) -> "* ${instance.name}")
vars.instances
)
let README =
''
Operational Playbook for softwarefactory-project.io
===================================================
# Inventory
This project manages:
${Inventory}
# Jobs
There are a few jobs:
* sf-infra-create-bridge creates the bridge, and it is the only one running inside a container
* sf-infra-configure-tenants setup openstack tenant (running from the bridge)
* sf-infra-create-hosts creates new host and display their IP
* sf-infra-configure-hosts run the site.yaml playbook
The idea is to have openstacksdk tasks in jobs that are running only when needed.
Then most of the work is done with the configure-hosts job that use a static inventory.
# To modify the openstack resources managed by sf-infra:
Edit the files in the top-level vars directory, for example:
* Modifies instances to vars/infra-rdo/instances.dhall
* Update network configuration in vars/*/networking.dhall
Then run `make` to update the yaml files.
To manage the configuration, use an existing group such as `monitoring` and/or add an entry in the `playbooks/site.yaml`
Use git-review to submit the change and let the CI create and run the playbook.
# To add a vault secret
From the bridge, fedora account:
```
ansible-vault encrypt_string --stdin-name var-name < file-var-value >> var-file.yaml
```
# To update playbook vars
The variable are now declared using dhall. Run `make` to update the yaml files.
Have a look to doc/dhall-onboarding/README.md to get started with dhall
''
in { `README.md` = README
, roles.generate-etc-hosts.files.sshconfig = header ++ sshconfig
}
