Skip to content

Ansible Provisioning

Ansible is the shared provisioning layer for the range track. Ludus and raw Proxmox should both converge on the same roles so the services behave the same way regardless of infrastructure.

Scaffold

The R2 scaffold lives under lab/range/ansible/.

lab/range/ansible/
  inventory.example.ini
  inventory.compact.ini
  inventory.standard.ini
  inventory.full-split.ini
  site.yml
  group_vars/all.yml
  roles/
    ait_operator/
    seam/
    lab_services/
    schemas/
    rules/
    artifacts/

Role Responsibilities

Role Responsibility
ait_operator install Python deps, root CLI entrypoint, docs helpers
seam install/build Seam, configure profiles, rules, schemas
lab_services install deterministic support/planner/memory/MCP/billing services
schemas place shared schema files used by Seam, Assay, and meshmapper
rules install offensive rule packs and negative controls
artifacts create output directories and fetch transcripts/reports after runs

Profile Checks

Use the R2 helper first. It validates the profile assets and runs Ansible syntax checks when ansible-playbook is installed.

lab/range/scripts/check_range.sh --profile standard

Then use Ansible directly when you want to inspect a profile:

ansible-playbook -i lab/range/ansible/inventory.standard.ini \
  lab/range/ansible/site.yml \
  --syntax-check

Use standard first, compact for small hosts, and full-split for maximum service isolation.