Hi,
For who is further interested in this discussion, allow me to link to my presentation on http://cfgmgmtcamp.eu/ on this topic: https://speakerdeck.com/svg/modelling-infrastructure-with-ansible-inventory-data Without the talk itself, this presentation is not fully informative, but I'm happy to further discuss it, or to receive private mail on it, if you find that need. Serge On 24 January 2014 09:59, C. S. <[email protected]> wrote: > > On Jan 22, 2014, at 04:16 , Serge van Ginderachter < > [email protected]> wrote: > > > On 22 January 2014 09:11, C. S. <[email protected]> wrote: > >> - Use Ansible roles (of course) >> > > Obviously :) But ansible play syntax related things are not really an > issue here (except perhaps how far I can iterate through things) > > - Use the group_vars directory for vars, as opposed to passing the vars >> into the role directly, much easier to mange and track changes to envs. >> (also easy to parse for generating docs of what connects to what) >> > > As our environment is mostly 1 application type, everything must be > parametrized in inventory, I can't afford to hardcode things in playbooks > here. So, yes. > > > - Databases, loadbals, firewalls get their own groups too, just like your >> app servers. >> > - Deploying a new app means you need to link everything together by >> editing the correct group_vars files for the database, loadbal, app and >> firewall. Then run the playbooks in the right order. (Obviously there’s >> room for automation here) >> > > As of now, they are just delegated hosts, not really part of the > inventory, as i see it, the config of the loadbalncer depends on data from > the nodes, data that should be part of that node. > I don't really like the idea to have certain data about certain > applications, part of a node, be linked directly to a separate host. > But maybe that's part of the reason I complicate things? Not sure. > > > > I would think so, the data is still part of your node logically, even if > it’s split up between files so located it’s where it’s being used. > > - Little known feature -i <directory> will cause ansible to use all the >> files and scripts in the dir for the inventory (very useful!) >> > > I already heavily split up things in different subdirectories :) Which has > drawbacks however, but that's another story. > > > We don’t actually split up our inventories, we just use one, and then > always use —limit to control which hosts it get’s applied to. Other than > some base os type playbooks, we have no use case where we’d run all our > playbooks over all hosts, we only do very specific playbook runs. > > > >> - Lists of >> >> associative arrays in group_vars files are quite nice for managing >> accounts, ACLs and other things you need to keep on adding to. >> > > Can you elaborate on what exactly you mean by this? By > > associative arrays? > > > e.g. > inventory/group_vars/tag_Role_my_db_cluster_01: > my_db_users: > - db: database1 > login: app1 > pass: secret > perms: rw > …. > > - db: database2 > login: app2 > pass: secret > perms: ro > ... > > role/dbcluster/tasks/main.yml: > - dbmodule: database={{item.db}} name={{item.login}} > password={{item.pass}} perms={{item.perms}} … > with_items: my_db_users > > Also, the above syntax for my_db_users scales nicely if you have long > values and a lot of them per entry. > > > > Thanks, > > > Serge > > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
