• [bootstrap] Add wrapper playbook playbooks/bootstrap.yml that:

  • Installs Python via raw (distro-aware) with gather_facts: false.
  • Runs roles/bootstrap_ansible_user with remote_user: root.
  • File: [scripts/init_ansible_project.sh] (adds generator) and new playbooks/bootstrap.yml.

• [vars model] Adopt managed-user pattern in group_vars/all.yml:

  • Adds managed_user, managed_user_shell, managed_user_public_key.
  • Keeps ansible_ssh_private_key_file and ansible_ssh_public_key as conveniences.
  • Do not define ansible_user globally; set it in inventory after bootstrap.
  • Files: [setup.sh] migration, README updates.

• [migration + discovery] Improve initializer/installer ergonomics:

  • [setup.sh] migration writes managed_* and preserves ansible_ssh_*.
  • Ensure inventory/group_vars -> ../group_vars symlink for variable discovery.

• [plugin] Refactor plugins/inventory/refine_inventory:

  • Playbook now uses a parameterized detector list (refine_inventory_detection) and refine_detectors selector.
  • Removed connection-var overrides (relies on inventory).
  • Added top-level tags (inventory, detect) and per-detector tags (detect_<name>).
  • [meta.yml] updated: min_ansible_version: "2.14", inputs/outputs, expanded tags.
  • README expanded with configuration, usage, and examples.

• [bootstrap playbook] Ensure playbooks/setup_ansible_user.yml explicitly sets remote_user: root.

• [docs] Update [README.md]:

  • Document wrapper-based bootstrap flow.
  • Document managed_* variables with examples.
  • Guidance to set ansible_user in inventory post-bootstrap.
  • Note symlink inventory/group_vars -> ../group_vars and --migrate-vars.

• [changelog] Add [docs/CHANGELOG.md] section v0.1.4.

Affected files (highlights)

• [scripts/init_ansible_project.sh]
• [setup.sh]
• [README.md]
• [docs/CHANGELOG.md]
• [plugins/inventory/refine_inventory/playbook.yml]
• [plugins/inventory/refine_inventory/meta.yml]
• [plugins/inventory/refine_inventory/README.md]

Why

• Prevents variable-precedence pitfalls during first-run (explicit remote_user: root and wrapper).
• Clarifies separation of connection vs. managed-account variables (no global ansible_user).
• Improves plugin maintainability and selective execution via parameterized detectors/tags.
• Better onboarding docs and consistent var discovery via symlink.

Migration notes

• Existing projects:
  • Run installer with migration to rewrite group_vars/all.yml to managed_* and create the inventory/group_vars symlink.
  • Move any global ansible_user definitions out of group_vars/all.yml into inventory/group_vars/<group>.yml:

    ansible_user: "{{ managed_user }}"
    

• Playbook usage:
  • Prefer playbooks/bootstrap.yml for first-run bootstrap.
  • If Python already exists on targets, playbooks/setup_ansible_user.yml remains available.

Testing

• Fresh init:
  • Initialize a project; verify playbooks/bootstrap.yml and managed vars present.
  • Run wrapper: ansible-playbook -i inventory/hosts.ini playbooks/bootstrap.yml -u root --private-key ~/.ssh/<key> --limit <group>.
• Migration:
  • Run installer with --migrate-vars; verify group_vars/all.yml uses managed_* and symlink exists.
• Plugin:
  • Run all detectors: ansible-playbook -i inventory/hosts.ini plugins/inventory/refine_inventory/playbook.yml --limit <group>.
  • Run subset by names: -e '{"refine_detectors":["nginx","apache"]}'.
  • Run by tags: --tags detect_nginx,detect_apache.

Breaking changes

• None. Existing flows remain; recommended practices updated.