ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE
commit fec515212559b8627d57d277e556d8b3ccdc90a4
parent 124be4101ea57ec92f9be90449697f68943dc5b8
Author: Florian Dold <florian@dold.me>
Date:   Mon, 24 Feb 2025 16:14:02 +0100

update paths, gitignore, readme

Diffstat:

M.gitignore | 4++++


MREADME | 25++++++++++---------------


2 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/.gitignore b/.gitignore
@@ -2,3 +2,7 @@
 ./inventories/staging/hosts
 *~
 exports
+
+tops-secrets.yml
+# Preferred name for secrets in inventories/host_vars
+prod-secrets.yml
diff --git a/README b/README
@@ -2,11 +2,8 @@
 
 ## Installing dependencies
 
-First, install the prometheus collection using:
-
-$ ansible-galaxy collection install prometheus.prometheus
-
-Depending on your local installation, you may also need:
+Depending on your local installation, you might need
+to install the following ansible collection:
 
 $ ansible-galaxy collection install community.postgresql
 
@@ -15,30 +12,28 @@ $ ansible-galaxy collection install community.postgresql
 To run the main playbook (playbooks/setup.yml):
 
 ```
-$ ansible-playbook --verbose --inventory <host> --user root playbooks/setup.yml --extra-vars "@playbooks/test-secrets.yml"
+$ ansible-playbook --verbose --inventory inventories/default --limit <host> playbooks/setup.yml
 ```
 
-Instead of specifying the host(s) as arguments (note the trailing comma!)
-you can pass an inventory file. See `inventories/`, and update accordingly.
-
-For example, if you are root@taler-ops.ch, you may be able to:
+The ./deploy.sh script is an abbreviation for the above command. For example,
+if you are root.rusty.taler-ops.ch, you may be able to:
 
 ```
-$ ./deploy.sh spec
+$ ./deploy.sh rusty
 ```
 
-For TOPS production, replace the "test" with "tops" to use the actual secrets
+For TOPS production, replace the "rusty" with "spec" to use the actual secrets
 for the deployment. For this, you first need to decrypt them:
 
-$ gpg -d playbooks/tops-secrets.yml.gpg > playbooks/tops-secrets.yml
+$ gpg -d inventories/host_vars/spec/tops-secrets.yml.gpg > inventories/host_vars/spec/tops-secrets.yml
 
 Make sure to NEVER commit the decrypted production secrets to Git.
 Instead, if you had to edit them, re-encrypt them to all admins:
 
-$ cat playbooks/tops-secrets.yml | gpg --encrypt \
+$ cat inventories/host_vars/spec/tops-secrets.yml | gpg --encrypt \
     --recipient grothoff@gnunet.org \
     --recipient devan@taler.net \
-    --recipient me@fdold.eu > playbooks/tops-secrets.yml.gpg
+    --recipient me@fdold.eu > inventories/host_vars/spec/tops-secrets.yml.gpg
 
 
 ## Checking sanction lists