Whirlwind Server Ansible
Overview
Configure the EC2 core node and services (Docker, Directus, WireGuard, Nginx, Certbot) with Ansible. This repo is optimized for SSM-based execution from CodeBuild, but can be run locally for targeted changes.
Local run workflow (SSM connection)
- •Install collections from
collections/requirements.yml. - •Ensure AWS credentials are available and
PROJECT_NAMEis set. - •Ensure the SSM transfer bucket parameter exists and is readable.
- •Run
ansible-playbook site.yml.
Pipeline run workflow (CodeBuild)
- •Ensure the CodeStar connection is authorized and the buildspec path is correct.
- •Ensure required non-secret parameters exist in SSM Parameter Store and required secrets exist in Secrets Manager.
- •Confirm the CodeBuild role has S3 access to the SSM transfer bucket.
- •Run the pipeline and inspect the SSM connection phase before role tasks.
Key files
- •
ansible.cfgdefines inventory location and default remote user. - •
inventory/hosts.iniis the default static inventory. - •
group_vars/all.ymlholds shared variables and SSM or Secrets lookups. - •
site.ymlis the entry-point playbook. - •
roles/core_node/contains the system and application configuration tasks. - •
scripts/contains pipeline helpers used by CodeBuild.
Guardrails
- •The
amazon.aws.aws_ssmconnection plugin requires an S3 transfer bucket; configureansible_aws_ssm_bucket_name. - •Inventory success does not imply SSM connection success.
- •SSM runs do not honor
remote_userthe same way SSH does; usebecomefor privilege. - •DNS-01 automation expects the shared networking assume-role profile on the instance.
References
- •
references/repo-layout.md - •
references/pipeline-ssm.md - •
references/secrets-and-params.md - •
references/dns01-runtime.md - •
references/inventory-ssm.md - •
references/group-vars.md - •
references/role-core-node.md - •
references/pipeline-scripts.md - •
references/runbook-certbot-dns01.md - •
references/runbook-wireguard.md - •
references/runbook-directus.md