The virtual machine was created in the GRA5 region with:

$ openstack keypair create --public-key ~/.ssh/ loic
$ openstack --quiet server create --image 'Debian 9' --flavor 's1-2' \
          --key-name loic --wait ansible
$ scp
$ ssh
$ sudo apt-get update
$ sudo apt-get install tmux emacs-nox git python-openstackclient rsync virtualenv python-all-dev
$ sudo chown debian /srv
$ rsync -av enough-community/
$ ( cd /srv/enough-community && git submodule update )
$ virtualenv /srv/virtualenv
$ cat >> .bashrc <<EOF
source /srv/virtualenv/bin/activate
source $HOME/
export HISTSIZE=1000000
export PROMPT_COMMAND='history -a' # history -r

Logout and login again:

$ pip install -r /srv/enough-community/requirements.txt
$ ssh-keygen -f infrastructure_key
$ cat > /srv/enough-community/private-key.yml <<EOF
ssh_private_keyfile: "{{ lookup('pipe', 'git rev-parse --show-toplevel') }}/infrastructure_key"

Manually create /srv/enough-community/clouds.yml from ~/ and check it works:

$ molecule create -s infrastructure
$ molecule destroy -s infrastructure

Set the passwords and other secret credentialis in the file or directory matching a given host at /srv/checkout/inventory/host_vars/ (so that the default used during testing are not used in production).

$ echo with_https: true | sudo tee /srv/checkout/inventory/group_vars/all/with_https.yml
$ echo domain: | sudo tee /srv/checkout/inventory/group_vars/all/domain.yml


The ansible repository is run from the /srv/checkout directory of the virtual machine as follows:

ansible-playbook --private-key infrastructure_key \
                 -i inventory \


The ansible inventory is created by the molecule/infrastructure/create.yml playbook and stored in the inventory/01-hosts.yml file every time the molecule create -s preprod command runs. The inventory variables (such as the ssh port number) are read from the hosts-base.yml file.


The /srv/checkout directory is a clone of the ansible repository and can be updated with:

git pull --rebase