Executing Playbooks

Playbooks are the ‘executables’ for Ansible. They apply a set of tasks to a set of hosts.

The playbooks in this repo are prefixed with playbook_ and the respective files contain comments about their purpose and usage.

Example usage:

ansible-playbook --diff --check playbook_update_user_keys.yml

Run playbooks with --check first to get an idea what might change. Not all tasks will work (for example, commands for fetching information from a host won’t be executed and all tasks relying on the information will behave differently). When you’re happy with the changes, remove the --check option.

Some playbooks require Ansible Vault to decrypt secrets. --ask-vault-pass or --vault-password-file .vault-pass can be used to supply the vault password. The password can be obtained from the secrets for ‘internal-it’ in EMA.

Limiting playbook execution to certain hosts

Examples:

# limit by group or host:
--limit project_realization,pffile
# singular hosts:
--limit ''
# excluding a group (creating a subset from the hosts defined in the
# playbook):
--limit '!peterlackegroup'
# host name or group pattern:
--limit 'sick*'