Hi James,
They're pretty complicated, and we have several depending on the scenario.
The most common that we run though, and simplest, is a code deploy, and it
looks like this:
# gather facts from monitoring nodes for iptables rules
> - hosts: webservers
> serial: 1
> accelerate: true
> # These are the tasks to run before applying updates:
> pre_tasks:
> - name: disable the staging server in haproxy
> shell: echo "disable server web_staging/{{ ansible_hostname }}" |
> socat stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
> - name: disable the production server in haproxy
> shell: echo "disable server web_production/{{ ansible_hostname }}" |
> socat stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
> roles:
> - deploy_web
> # These tasks run after the roles:
> post_tasks:
> - name: Enable the staging server in haproxy
> shell: echo "enable server web_staging/{{ ansible_hostname }}" | socat
> stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
> - name: Enable the production server in haproxy
> shell: echo "enable server web_production/{{ ansible_hostname }}" |
> socat stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
In short, it removes the web server from HA Proxy, then does a code update
(deploy_web role is basically a git pull), then it adds the server back to
HA Proxy.
I have not considered an inventory variable. I'll look into it to see if
it can be done in a way that makes sense to me.
I'm starting to think the cleanest way might just be three hosts files, and
then just running the playbook three times. :-(
-Joel
On Friday, December 6, 2013 12:50:38 PM UTC-5, James Martin wrote:
>
> Joel,
>
> I think I understand what you mean. It would help to see the
> playbook(s). Perhaps you need an inventory variable for the
> load balancers that define what group they are in charge of?
> I don't think ansible is capable of automatically inferring it on its own.
> You might be able to write some logic around it in your
> playbook/template as well. Declaring it might be faster and easier to
> understand.
>
> - James
>
> On Fri, Dec 6, 2013 at 12:44 PM, <[email protected] <javascript:>>
> wrote:
> > Hi James,
> >
> > If I didn't limit, would it run the tasks for each lbservers for each
> > webserver, or would it properly know that dc1's webservers should only
> > interact with dc1's load balancer?
> >
> > I am trying to make it so that I could run a playbook for a specific
> > datacenter, or I could run it for all at the same time (like a code
> deploy).
> > The sticking point seems to be that the lbserver in dc1 should only know
> > about the webservers in dc1.
> >
> >
> > On Friday, December 6, 2013 12:38:47 PM UTC-5, James Martin wrote:
> >>
> >> Joel,
> >>
> >> It would be:
> >>
> >> - hosts: lbservers
> >>
> >> In theory, the --limit dc1 would limit the playbook to the lbservers
> >> in dc1. Just make sure you don't forget to limit!
> >>
> >> - James
> >>
> >> On Fri, Dec 6, 2013 at 12:32 PM, <[email protected]> wrote:
> >> > Hi James,
> >> >
> >> > First, thanks for the response.
> >> >
> >> > Would the example you provided still work when the .yml files declare
> >> > there
> >> > hosts as:
> >> >>
> >> >> - hosts: lbservers
> >> >
> >> >
> >> > Or would it have to be changed to say:
> >> >>
> >> >> - hosts: dc1_lbservers
> >> >
> >> >
> >> > We have specific tasks that would need to be run on the lbservers vs
> the
> >> > web
> >> > servers.
> >> >
> >> > Thanks,
> >> >
> >> > -Joel
> >> >
> >> >
> >> > On Friday, December 6, 2013 12:19:51 PM UTC-5, James Martin wrote:
> >> >>
> >> >> Joel,
> >> >>
> >> >> This is untested, but might work (depending on what your playbooks
> are
> >> >> doing). Try using multiple groups and parent groups with children.
> >> >>
> >> >> Assuming your playbooks ran against the webservers or lbserver goup:
> >> >>
> >> >> if you wanted updated only dc1 :
> >> >>
> >> >> ansible-playbook myplabook.yml --limit dc1
> >> >>
> >> >> if you wanted to run against both datacenters:
> >> >>
> >> >> ansible-playbook myplaybook.yml
> >> >>
> >> >>
> >> >> hosts file:
> >> >>
> >> >> [dc1:children]
> >> >> dc1_webservers
> >> >> dc1_lbservers
> >> >>
> >> >> [dc1_webservers]
> >> >> 1.1.1.20
> >> >> 1.1.1.30
> >> >>
> >> >> [dc1_lbservers]
> >> >> 1.1.1.10
> >> >>
> >> >> [dc2:children]
> >> >> dc2_webservers
> >> >> dc2_lbservers
> >> >>
> >> >> [dc1_webservers]
> >> >> 1.1.2.20
> >> >> 1.1.2.30
> >> >>
> >> >> [dc1_lbservers]
> >> >> 1.1.2.10
> >> >>
> >> >> [webservers:children]
> >> >> dc1_webservers
> >> >> dc2_webservers
> >> >>
> >> >> [lbservers:children]
> >> >> dc1_lbservers
> >> >> dc2_lbservers
> >> >>
> >> >>
> >> >> - James
> >> >>
> >> >> On Fri, Dec 6, 2013 at 12:17 AM, <[email protected]> wrote:
> >> >> > Hello,
> >> >> >
> >> >> > We currently have three datacenters, and they're all three
> basically
> >> >> > the
> >> >> > same with some very minor differences. Up until now, what I've
> done
> >> >> > is
> >> >> > created a playbook for each, and a hosts file for each datacenter.
> >> >> > This
> >> >> > was
> >> >> > primarily because the ethernet interfaces slightly differed and we
> >> >> > didn't
> >> >> > want to have to remember to provide forgettable variables on the
> >> >> > command
> >> >> > line.
> >> >> >
> >> >> > Now, we're finally migrating our systems where all datacenters
> will
> >> >> > be
> >> >> > exactly the same, so we can use the same playbook. To keep it
> >> >> > simple,
> >> >> > lets
> >> >> > say that each datacenter has one load balancer, and two web
> servers.
> >> >> >
> >> >> > DC1
> >> >> >
> >> >> > [webservers]
> >> >> > 1.1.1.20
> >> >> > 1.1.1.30
> >> >> >
> >> >> > [lbservers]
> >> >> > 1.1.1.10
> >> >> >
> >> >> >
> >> >> > DC2
> >> >> >
> >> >> > [webservers]
> >> >> > 1.1.2.20
> >> >> > 1.1.2.30
> >> >> >
> >> >> > [lbservers]
> >> >> > 1.1.2.10
> >> >> >
> >> >> >
> >> >> > DC3
> >> >> >
> >> >> > [webservers]
> >> >> > 1.1.3.20
> >> >> > 1.1.3.30
> >> >> >
> >> >> > [lbservers]
> >> >> > 1.1.3.10
> >> >> >
> >> >> >
> >> >> >
> >> >> > Typically, in our previous setup where each datacenter had its own
> >> >> > hosts
> >> >> > file and playbook, we'd do the following to deploy all the
> >> >> > installation
> >> >> > tasks:
> >> >> >>
> >> >> >> ansible-playbook -i /ansible/dc1/hosts.txt
> >> >> >> /ansible/dc1/all_full_deploy.yml
> >> >> >
> >> >> >
> >> >> > Since our datacenters will basically be the same, and the playbook
> >> >> > can
> >> >> > now
> >> >> > be the same, I understand that I could use just one playbook, and
> >> >> > change
> >> >> > out
> >> >> > the hosts file and it'll work to isolate deployments to that
> >> >> > datacenter.
> >> >> > The
> >> >> > issue, and why I'm writing this is that I'd also be able to, for
> >> >> > example,
> >> >> > deploy our website to all [webservers] regardless of which
> datacenter
> >> >> > it's
> >> >> > in—and it has to perform a few tasks on the respective load
> balancer
> >> >> > when it
> >> >> > does it (taking it out and adding it back).
> >> >> >
> >> >> > So, what is the recommended way to have a multi-datacenter hosts
> file
> >> >> > so
> >> >> > that we can work with a single datacenter, or all of them ideally
> >> >> > using
> >> >> > the
> >> >> > same hosts file and the same playbook?
> >> >> >
> >> >> > Thank you guys in advance for any advice you can provide.
> >> >> >
> >> >> > Sincerely,
> >> >> > Joel Strellner
> >> >> >
> >> >> > --
> >> >> > You received this message because you are subscribed to the Google
> >> >> > Groups
> >> >> > "Ansible Project" group.
> >> >> > To unsubscribe from this group and stop receiving emails from it,
> >> >> > send
> >> >> > an
> >> >> > email to [email protected].
> >> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "Ansible Project" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send
> >> > an
> >> > email to [email protected].
> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to [email protected] <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
