X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;f=ansible%2FREADME.md;h=a8b88a4b186e032db5e507f1c6272fba7788caa2;hb=HEAD;hp=683d951bf073937d2c58f7204da951be02678a68;hpb=50b1d1ce7adce9041b305072f966a8231da407f0;p=noc.git diff --git a/ansible/README.md b/ansible/README.md index 683d951..a8b88a4 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -40,6 +40,25 @@ ansible-playbook foo.yml ./apply-role.sh servers base -C -D ``` +ansible-lint +------------ + +We use ansible-lint to check all roles when changes are pushed to Github. +Some rules have been globally disabled. See [.ansible-lint](/ansible/.ansible-lint) +for a list of all disabled rules. If ansible-lint produces a false positive for +a specific task you can disable it by adding the following to the task: + +``` + tags: + - skip_ansible_lint +``` + +For now only roles and no playbooks are checked. Every role must be manually added +to the generic playbook [_lint_roles.yml](/ansible/_lint_roles.yml) in order to be +included. +If an entire role should be skipped please add it to the playbook commented out +and supply a reason why this role must be skipped. + Local ssh config ---------------- @@ -83,9 +102,9 @@ be two files: Of course the latter file needs to be created using `ansible-vault`. -If you wan't to store secrets that by default shouldn't be automatically +If you want to store secrets that by default shouldn't be automatically exposed to hosts and groups as variables please put the vault files into -`secrets` directory and should be name .vault.yml. +`secrets` directory and name them .vault.yml. r3 NOC uses [ansible-vault-tools](https://github.com/building5/ansible-vault-tools) to manage/diff/merge changes in vaults.