mig5/enroll
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

Many tweaks

Browse source
This commit is contained in:
Miguel Jacq 2025-12-15 11:04:54 +11:00
parent 5398ad123c
commit 227be6dd51
Signed by: mig5
GPG key ID: 59B3F0C24135C6A9
20 changed files with 1350 additions and 174 deletions
Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -9,6 +9,8 @@ It aims to be **optimistic and noninteractive**:
- Also captures **service-relevant custom/unowned files** under `/etc/<service>/...` (e.g. drop-in config includes).
- Defensively excludes likely secrets (path denylist + content sniff + size caps).
- Captures non-system users that exist on the system, and their SSH public keys
- Captures miscellaneous `/etc` files that it can't attribute to a package, and installs it in an `etc_custom` role
- Avoids trying to start systemd services that were detected as being Inactive during harvest
## Install (Poetry)
@ -21,22 +23,22 @@ poetry run enroll --help
On the host (root recommended):
### 1. Generate a bundle of state/information about the host
### 1. Harvest state/information about the host
```bash
sudo poetry run enroll harvest --out /tmp/enroll-bundle
sudo poetry run enroll harvest --out /tmp/enroll-harvest
```
### 2. Generate Ansible manifests (roles/playbook) from that bundle
### 2. Generate Ansible manifests (roles/playbook) from that harvest
```bash
sudo poetry run enroll manifest --bundle /tmp/enroll-bundle --out /tmp/enroll-ansible
sudo poetry run enroll manifest --harvest /tmp/enroll-harvest --out /tmp/enroll-ansible
```
### Alternatively, do both steps in one shot:
```bash
sudo poetry run enroll export --bundle /tmp/enroll-bundle --out /tmp/enroll-ansible
sudo poetry run enroll enroll --harvest /tmp/enroll-harvest --out /tmp/enroll-ansible
```
Then run: