.. _chapter_playbooks:

Executing Playbooks
===================

Playbooks are the 'executables' for Ansible.
They apply a set of tasks to a set of hosts.

The playbooks in this repo are prefixed with ``playbook_`` and the respective
files contain comments about their purpose and usage.

Example usage:

.. code-block:: shell

  ansible-playbook --diff --check playbook_update_user_keys.yml

Run playbooks with ``--check`` first to get an idea what might change.
Not all tasks will work (for example, commands for fetching information from
a host won't be executed and all tasks relying on the information will behave
differently).
When you're happy with the changes, remove the ``--check`` option.

Some playbooks require Ansible Vault to decrypt secrets.
``--ask-vault-pass`` or ``--vault-password-file .vault-pass`` can be used to
supply the vault password. The password can be obtained from the secrets for
'internal-it' in EMA.

Limiting playbook execution to certain hosts
--------------------------------------------

Examples:

.. code-block:: shell

  # limit by group or host:
  --limit project_realization,pffile
  # singular hosts:
  --limit ''
  # excluding a group (creating a subset from the hosts defined in the
  # playbook):
  --limit '!peterlackegroup'
  # host name or group pattern:
  --limit 'sick*'