Overview

Directory Structure

  • data - see next topic “Dynamic Data Structure”

  • doc - sphinx documentation

  • inventory/dyn - python code to generate inventory from data

  • filter_plugins - filter to modify content (python)

  • roles - roles used by playbooks including templates and files to be copied to systems and additional .yml and .py code

  • playbooks - older playbooks not migrated to dynamic datadir

On the top level, there are playbooks (prefixed with playbook_). See Executing Playbooks.

Dynamic Data Structure

The data directory contains a hierarchies (“users” and “hosts”) of YAML dictionaries. They control which hosts are deployed and how.

A __defaults file can contain a set of values that are applied to all dictionaries in or below the current directory. A __transforms file can contain hooks used during the loading process. Currently, there’s only a on_load transform.

Hosts

Host are stored in folders below ./data/hosts/. Sub-folders are used for departments and customers.

Users

Users are stored in separate files in ./data/users/. These contain the ssh-keys for accessing the systems, the department for which the user is working.

Targeting Systems

You can target systems by name, and by ansible_groups. You can use wildcards like hlc*.

Following ansible_groups are actually defined: project_realization, peterlackegroup, internal, internal_prod, internalit

How SSH-Keys are deployed

General permission are granted by giving a user access for a departement. Example: data/users/mmustermann

departments:
  - project_realization
  - internal
  - internalit
  - internal-prod
  - key_account

We also manage the ssh-keys for froneri-customers. They get the department via the default file in data/users/froneri/__defaults

Additional permissions can be granted for each single system. This is normally only the case on internal perfact systems. Example: data/hosts/internalit/tyke

ssh_allow_user_access:
  - lars
  - fscheja
  - draeder
  - rstock
  - maren
  - holger

Finally ssh-keys can be added that don’t belong to any user. Example: data/hosts/internal/perfact-ema-2020-devel

extra_ssh_keys:
  # Allow source-system access
  - 'from="192.168.51.20" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCwGpxuNam0l4l28mICDt016obYDrU4sfwbjq/t7SAfxHGzrwX2UkkMqynz3pIh2+M5ME2hozLYaYnBbiWueMn60R+ihwic8E1miDjEoY5WYpo5rrHvZuCISHPkP7SnSilMVSNrpYX+Nefvc85t6wpKYHMNrCU6JEU+qaYzosonwtM/8tQlozbmgd4wk1yihbGm7GAhlnAufRg77gje2vf71QiGT9TreWWQhmS8KKkWhqFzHsbHWQzTGhbjFciGW93RH9+zx66XTW+tlfFF65Rd21BQGuN+Q9rvoJFW7aBauEpHLDaKAaPrdHPjk8rrwWe1qQce7/vnESwmok9JeuOFumJSVL8k5Kumd8rgtFfT8r5Tq1Rh7C4K7/E1nNNI1Jz1ppDohjo5xgjotaR8FjpeAV4jne1oSn/7rUZ8iPV3bYenN1AizY2qt+XunzkUWhp0rQb3RDYn3qCxWO/knClO5Q1cqiww4at13NKTUnmrOudrc49BuOSSrMcXgYehnCs= perfact@perfact-ema-2020-devel'