Skip to content


Ansible playbooks for infrastructure.

Table of Contents

Docker Pods

These docker pods are collections of related services. The Ansible playbooks prepare remote nodes so they are ready to run these docker pods.

Pod Link


There is one playbook per docker pod, plus a base playbook and a provision playbook.

Playbook Description
provision.yml (Vagrant-only) Playbook to provision new Ubuntu machines with /usr/bin/python.
base.yml Base playbook run by all of the pod playbooks above.
podcharlesreid1.yml Playbook to install and run the docker pod (
podwebhooks.yml (TBA) Playbook to install and run the webhooks pod (
podbots.yml (TBA) Playbook to install and run the bot pod (


Base Playbook Roles

The following roles carry out groups of tasks for setting up the base machine to run infrastructure.

Role Name Description
init-root Prepare root user account
init-nonroot Prepare nonroot user account(s)
install-stuff Install stuff with aptitude
pyenv Install pyenv for nonroot user
goenv Install goenv for nonroot user
sshkeys Set up ssh keys for all users
vim Set up vim for nonroot user
dotfiles Install and configure dotfiles for nonroot user

Pod-Specific Roles

The following roles are run by playbooks specific to the respective docker pod.

Role Name Description
pod-charlesreid1 Role specific to the docker pod
pod-webhooks Role specific to {hooks,pages} docker pod
pod-bots Role specific to bots docker pod

Getting Started with Playbooks

Documentation Page Description
docs/ Documentation index
docs/ Quick start for the impatient (uses Vagrant)
docs/ Guide for running playbooks on Digital Ocean
docs/ Guide for running playbooks on Vagrant

See Ansible Playbooks for a list of all playbooks in this directory, list of all tags, and info about how to use the playbooks.

Running Playbooks

To run Ansible playbooks, use the ansible-playbook command.

You will need to specify:

  • A configuration file to set Ansible options, using the ANSIBLE_CONFIG environment variable

  • An inventory file to tell Ansible how to connect to remote machines, using the -i flag

Here is an example call to ansible-playbook to show how it should look:

ANSIBLE_CONFIG="my_config.cfg" ansible-playbook -i myhosts   main.yml
^^^^^^^^^^^^^^                                  ^^^^^^^^^^   ^^^^^^^^
specify config file                             specify the  the ansible
with this env var                               inventory    playbook

Use the Vagrant configuration file vagrant.cfg to run playbooks against local Vagrant virtual machines (local testing). Edit the vagranthosts file to match info printed by the vagrant ssh-config command.

# Run ansible playbook on vagrant machines
ANSIBLE_CONFIG="vagrant.cfg" ansible-playbook -i vagranthosts main.yml

Use the DigitalOcean configuration file do.cfg to run playbooks against DigitalOcean nodes. Edit the dohosts file to point to the correct SSH key and remote host IP address.

# Run ansible playbook on DigitalOcean machines
ANSIBLE_CONFIG="do.cfg" ansible-playbook -i dohosts main.yml

Running Select Tasks with Tags

To run a specific task, you can filter tasks using tags. Use the --tags flag with the ansible-playbook command:

ANSIBLE_CONFIG="my_config.cfg" ansible-playbook \
        -i hosts \
        --vault-password-file=.vault_secret \
        main.yml \
        --tags tag1
ANSIBLE_CONFIG="my_config.cfg" ansible-playbook \
        -i hosts \
        --vault-password-file=.vault_secret \
        main.yml \
        --tags tag1,tag2,tag3

Find a full list of tags at the Ansible Playbooks page.

Secrets and Sensitive Information

See Ansible Vault for details about how to use the Ansible vault to view/edit secrets and sensitive information.

NOTE: The vault and vault secret should be set up before running playbooks against either Vagrant or AWS machines.

Vagrant Testing

See Ansible Vagrant for instructions on how to set up a Vagrant virtual machine to run the Ansible playbook against, for testing purposes.

DigitalOcean Deployment

See Ansible Digital Ocean for instructions on how to set up an DigitalOcean node to run the Ansible playbook against.