feat(integration-vm): transient inventory + real-playbook apply

scripts/integration-vm.py

@@ -225,6 +225,42 @@ def wait_for_ssh(ip, user, timeout=180):
     raise SystemExit(f"timed out waiting for SSH to {ip}")
 
 
+def _read_current():
+    txt = (RUN_DIR / "current").read_text().splitlines()
+    return txt[0], txt[1], txt[2]   # name, ip, host
+
+
+def write_run_inventory(name, ip, groups):
+    RUN_DIR.mkdir(parents=True, exist_ok=True)
+    (RUN_DIR / "hosts.yml").write_text(
+        render_run_hosts(name, ip, "ansible", groups))
+    link = RUN_DIR / "group_vars"
+    target = REPO_ROOT / "inventories" / "production" / "group_vars"
+    if link.is_symlink() or link.exists():
+        if link.is_symlink():
+            link.unlink()
+    if not link.exists():
+        link.symlink_to(target)
+
+
+def apply(host, certs):
+    name, ip, _ = _read_current()
+    prof = json.loads(profile_path(host).read_text())
+    write_run_inventory(name, ip, prof["groups"])
+    extra = []
+    for f in prof.get("extra_vars_files", []):
+        extra += ["-e", f"@{INTEG_DIR / f}"]
+    extra += ["-e", f"@{cert_file(certs)}"]
+    for step in prof["applies"]:
+        cmd = [".venv/bin/ansible-playbook", "-i", str(RUN_DIR) + "/",
+               f"playbooks/{step['playbook']}", "--limit", name]
+        if step.get("tags"):
+            cmd += ["--tags", ",".join(step["tags"])]
+        cmd += extra
+        sh(cmd, cwd=str(REPO_ROOT))
+    print(f"applied {host} profile to {name}")
+
+
 def main(argv=None):
     p = argparse.ArgumentParser(prog="integration-vm", description=__doc__)
     sub = p.add_subparsers(dest="cmd", required=True)