X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;f=ansible%2FREADME.md;h=a0806f3f98cf9b6d1cbafd106fe08ffa95089a1c;hb=484391a9077870ac362fc15f95e0e824e2c0fd1d;hp=cb0104bd8e52ea46bce969d9d807feecd76d859b;hpb=73014f720150e96632d7524e77b0aa3abb05278e;p=noc.git diff --git a/ansible/README.md b/ansible/README.md index cb0104b..a0806f3 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -40,6 +40,25 @@ ansible-playbook foo.yml ./apply-role.sh servers base -C -D ``` +ansible-lint +------------ + +We use ansible-lint to check all roles when changes are pushed to Github. +Some rules have been globally disabled. See [.ansible-lint](/ansible/.ansible-lint) +for a list of all disabled rules. If ansible-lint produces a false positive for +a specific task you can disable it by adding the following to the task: + +``` + tags: + - skip_ansible_lint +``` + +For now only roles and now playbooks are checked. Every role must be manually added +to the generic playbook [_lint_roles.yml](/ansible/_lint_roles.yml) in order to be +checked. +If an entire role should be skipped please add it to the playbook commented out +and supply a reason why this role must be skipped. + Local ssh config ---------------- @@ -85,7 +104,7 @@ Of course the latter file needs to be created using `ansible-vault`. If you want to store secrets that by default shouldn't be automatically exposed to hosts and groups as variables please put the vault files into -`secrets` directory and should be name .vault.yml. +`secrets` directory and name them .vault.yml. r3 NOC uses [ansible-vault-tools](https://github.com/building5/ansible-vault-tools) to manage/diff/merge changes in vaults.