Skip to content

Ansible Playbook Reference

Master catalogue of all playbook directories in ansible-playbooks/ with their purpose, primary playbooks, and deployment targets.

Core Platform

Directory Purpose Primary Playbook Target
orchestrator/ Main orchestrator platform (server, UI, agent, workers) playbooks/deploy-full.yml DEV: CI/CD; Others: Ansible
orchestrator-executor/ Executor CLI binary — sandbox agent execution setup.yml All environments via Ansible

Observability

Directory Purpose Primary Playbook Host
alloy/ Grafana Alloy log and metric collection agent deploy-alloy.yml All servers (22 hosts)
loki/ Grafana Loki log aggregation service deploy-loki.yml loki-shared-cwiq-io
prometheus/ Prometheus metrics + Alertmanager deploy-prometheus.yml prometheus-shared-cwiq-io
grafana/ Grafana dashboards and visualization deploy-grafana.yml grafana-shared-cwiq-io
icinga/ Icinga2 health checks (master + satellite) setup.yml, deploy-config.yml icinga-shared-cwiq-io, icinga-dev-cwiq-io

Security & Secrets

Directory Purpose Primary Playbook Host
vault-server/ HashiCorp Vault secrets management setup.yml vault-shared-cwiq-io
cert-server/ Let's Encrypt SSL certificate management (22+ hosts) ssl-deploy-all.yml cert-server-shared-cwiq-io

Identity & Authentication

Directory Purpose Primary Playbook Host
authentik/ Authentik SSO — OIDC/SAML identity provider (HA) setup.yml authentik-shared-cwiq-io-{1,2}
openldap/ OpenLDAP directory service setup.yml openldap-shared-cwiq-io
identity-db/ PostgreSQL-backed POSIX identity database (sssd-db-identity server) setup.yml identity-db-dev-cwiq-io
identity-client/ sssd-db-identity client binaries deployment deploy-identity-client.yml Target RHEL hosts
gam/ Google Workspace admin automation (GAM) setup.yml ansible-shared-cwiq-io

CI/CD

Directory Purpose Primary Playbook Host
gitlab/ GitLab CE instance setup.yml gitlab-shared-cwiq-io
gitlab-runner/ Legacy Fleeting GitLab runners (paused) setup.yml Runner Manager EC2 (stopped)
gitlab-runner-k8s/ EKS Kubernetes GitLab runners setup.yml EKS cluster
semaphore/ Semaphore CI/CD automation setup.yml semaphore-shared-cwiq-io

Application Services

Directory Purpose Primary Playbook Host
nexus/ Nexus repository (Docker, RPM, PyPI, npm) setup.yml nexus-shared-cwiq-io
defectdojo/ DefectDojo security findings tracker setup.yml defectdojo-shared-cwiq-io
sonarqube/ SonarQube code quality analysis setup.yml sonarqube-shared-cwiq-io
langfuse/ LangFuse LLM observability platform setup.yml langfuse-dev-cwiq-io
reportportal/ ReportPortal test reporting setup.yml reportportal-shared-cwiq-io
zammad/ Zammad helpdesk setup.yml Shared env
open-project/ OpenProject project management setup.yml Shared env
taiga/ Taiga project management setup.yml Shared env
notifications/ Notification service setup.yml Orchestrator hosts

Infrastructure & Networking

Directory Purpose Primary Playbook Notes
agent-sandbox/ 6-layer agent execution sandbox (DEPRECATED) setup.yml Superseded by orchestrator-executor/
ansible-server/ Ansible server baseline configuration setup.yml ansible-shared-cwiq-io
bench/ Benchmarking tools and scripts Various DEV testing
datastore/ Datastore servers (datastorea, datastoreb) setup.yml datastorea-dev, datastoreb-dev
mongodb/ MongoDB database setup.yml Shared env
sync/ Sync service setup.yml sync-service-dev-cwiq-io
fsdb/ Filesystem database setup.yml Various
shell-config/ Shell configuration and dotfiles setup.yml Ansible server
workstream/ Workstream service setup.yml Various
aws/ AWS resource configuration via Ansible Various Uses boto3

Running Playbooks

All playbooks are run from the ansible server using ansible-helper first:

ssh ansible@ansible-shared-cwiq-io
ansible-helper
# Now in /data/ansible/cwiq-ansible-playbooks with venv + Vault active

cd prometheus
ansible-playbook -i inventory/shared.yml deploy-prometheus.yml

cd ../alloy
ansible-playbook -i inventory/dev.yml deploy-alloy.yml --limit orchestrator-dev-cwiq-io

cd ../icinga
ansible-playbook -i inventory/shared.yml deploy-config.yml --tags dev

See Ansible Conventions for the full ansible-helper workflow.