-
Notifications
You must be signed in to change notification settings - Fork 2k
Allow customizing Streisand services at install time. #936
Conversation
This commit updates Streisand to allow enabling/disabling the core services at install time, or by customizing a site specific config file before running Streisand. Ansible's prompt functionality is unfortunately crippled with respect to templating and `when` conditions. This makes it tricky to accomplish the customization we want where you are only prompted for each service if you want to customize the overall installation. To allowing changing services on a per-site basis & remembering the decision the wrapper script now creates a `$HOME/.streisand` directory with a `$HOME/.streisand/site.yml` site specific config file. By default it is populated with the `global_vars/default-site.yml` file from the Streisand repository. The `streisand` wrapper conditionally invokes a separate playbook (`playbooks/customize.yml`) for customization that rewrites the `$HOME/.streisand/site.yml` vars file based on what the user specifies. It's a little bit ugly but It Works(!). Further refinement welcome! This methodology also supports customizing the installed services non-interactively by editing `$HOME/.streisand/site.yml` ahead of running `./streisand` and skipping the customization step. This is useful if (for example) you only ever want to install Wireguard on your Streisand instances. You can create a `$HOME/.streisand/site.yml` that only enables Wireguard and all of your Streisand instances will be provisioned accordingly. The validation role is run after customization to ensure that the choices are valid and don't result in (for e.g.) no services enabled. Presently both Travis and the Vagrant `streisand-host` ignore the `$HOME/.streisand.yml` and use the `global_vars/default-site.yml` vars resulting in a provision with all services enabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks really great! I found one tiny edge case and a couple of typos, but we're on the verge of a really cool milestone.
playbooks/customize.yml
Outdated
default: "yes" | ||
private: no | ||
- name: streisand_wireguard_enabled | ||
prompt: "Enable Wireguard? Press enter for default " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/Wireguard/WireGuard/
streisand
Outdated
# runs the validation role to validate global_vars/vars.yml | ||
function validate() { | ||
echo; echo; ansible-playbook playbooks/validate.yml | ||
run_genesis existing-server.yml inventories/intenvory-existing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
intenvory -> inventory
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After fixing the inventory filename, I'm also seeing the following error when choosing Option 8 and running against an existing server:
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "AnsibleUndefinedVariable: 'streisand_genesis_role' is undefined"}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That second error was unrelated to this commit and is also happening on master. I just submitted PR #955 as a proposed fix.
streisand
Outdated
} | ||
|
||
# customize prompts the user to decide if they want to customize the Streisand | ||
# installation. If the user chooses to the playbooks/customize.yml role is used to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there should be a comma after "If the user chooses to".
@jlund Feedback addressed. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work!
How does one customize the streisand services? For example I only want to install OpenVPN + stunnel... does this commit make it possible? |
@describe19, you can do this now; before running the streisand script you can edit this file, and set the services you don’t want to ‘no’ |
A feature for different PR: |
This commit updates Streisand to allow enabling/disabling the core
services at install time, or by customizing a site specific config file
before running Streisand.
Ansible's prompt functionality is unfortunately crippled with respect to
templating and
when
conditions. This makes it tricky to accomplish thecustomization we want where you are only prompted for each service if
you want to customize the overall installation.
To allowing changing services on a per-site basis & remembering the
decision the wrapper script now creates a
$HOME/.streisand
directorywith a
$HOME/.streisand/site.yml
site specific config file. Bydefault it is populated with the
global_vars/default-site.yml
filefrom the Streisand repository.
The
streisand
wrapper conditionally invokes a separate playbook(
playbooks/customize.yml
) for customization that rewrites the$HOME/.streisand/site.yml
vars file based on what the user specifies.It's a little bit ugly but It Works(!). Further refinement welcome!
This methodology also supports customizing the installed services
non-interactively by editing
$HOME/.streisand/site.yml
ahead ofrunning
./streisand
and skipping the customization step. This isuseful if (for example) you only ever want to install Wireguard on your
Streisand instances. You can create a
$HOME/.streisand/site.yml
thatonly enables Wireguard and all of your Streisand instances will be
provisioned accordingly.
The validation role is run after customization to ensure that the
choices are valid and don't result in (for e.g.) no services enabled.
Presently both Travis and the Vagrant
streisand-host
ignore the$HOME/.streisand.yml
and use theglobal_vars/default-site.yml
varsresulting in a provision with all services enabled.
Updates #746