Automatically provision a local machine running macOS Monterey 12.4 or higher with Ansible.
- macOS Monterey 12.4 or higher
Clone or download this repository to a local machine:
git clone https://github.com/cbracco/provision-macos.git
Create the Ansible Vault passphrase file in the proper location and make sure it contains the correct Ansible Vault passphrase:
mkdir /path/to/this/repository/.ansible
touch /path/to/this/repository/.ansible/vault_password
echo '[REPLACE WITH ANSIBLE VAULT PASSPHRASE]' > /path/to/this/repository/.ansible/vault_password
NOTE: The ssh role copies a private SSH key file that has been previously encrypted using Ansible Vault. The command above must be run before the provision script in order for Ansible to complete this particular task successfully. An annoying but necessary evil until a better solution comes along.
Finally, execute the included shell script by running the following command(s):
cd /path/to/this/repository
./bin/provision
It does the following:
- Installs XCode CLI tools
- Installs homebrew via ruby/curl (more info)
- Installs Python via homebrew (more info)
- Installs and upgrades pip
- Installs Ansible via pip (more info)
- Runs the Ansible playbook included in this repository
This project is continuously tested by Travis-CI, which runs a “test” version of the included provision script. It is triggered by passing the -t
flag:
./bin/provision -t
This runs a syntax check on the included Ansible playbook, and a slightly modified “test” version of the included Ansible playbook which installs only the packages necessary in order for tests to pass (this speeds up test builds a bit).
In addition, you can check the syntax of the included Ansible playbook by running the following command(s):
cd /path/to/directory
ansible-playbook playbook.yml --syntax-check
You can also perform a “dry run” of the included Ansible playbook by running the following command(s):
cd /path/to/directory
ansible-playbook playbook.yml --check
Learn more about “Check Mode” in Ansible.
You can also perform a “dry run” of specific roles in the included Ansible playbook by running the following command(s):
cd /path/to/directory
ansible-playbook playbook.yml --check --tags=homebrew,pip
This can be useful when working on tasks in a particular role and you only want to check those tasks. Learn more about Tags in Ansible.
If you are writing a new task that you do not want to run in “test mode”, you can exclude it using when
so the task will only run if test_mode
variable is defined:
- name: task that should not run during tests
shell: echo 'do not run me during tests'
when: not test_mode
This is a technique borrowed from Jeff Geerling. Thanks Jeff!
“If I have seen further it is by standing on ye sholders of Giants.” — Issac Newton
provision-macos is a project by @cbracco and its contributors. It is influenced by the following organizations, projects, articles, and individuals: