Thanks Michael for the ansible-vault insight, I knew of its existence but never used it ... yet.
Anyhow, Paolo has a point there, we already use add_host handoff in our playbook, what I guess you meant is that we should call the actual "application payload" (in our case, docker containers): https://github.com/nimiq/ansible-biostar/blob/master/biostar.yml At the end of each cloud instantiation: https://github.com/nimiq/ansible-biostar/tree/master/roles/ec2_instance https://github.com/nimiq/ansible-biostar/tree/master/roles/gce_instance Perhaps via a simple "include" at the end of the {ec2|gce}_instance? Thanks! Roman Den måndagen den 23:e juni 2014 kl. 20:05:03 UTC+2 skrev Michael DeHaan: > > "The inline extra-vars are meant to have things like aws_access_key and > other sensitive tokens away from potentially public version-controlled > files." > > That makes sense, though if you want to keep them private, also consider > ansible-vault (and maybe not keeping them in source control paths) if you > want. > > > > > On Mon, Jun 23, 2014 at 12:17 PM, Roman Valls <[email protected] > <javascript:>> wrote: > >> Thanks Michael, >> >> I see, so you would go for the second option and implement the add_host >> trick described here? Clever: >> >> http://skvidal.wordpress.com/2012/10/31/ansible-and-cloud-instances/ >> >> The inline extra-vars are meant to have things like aws_access_key and >> other sensitive tokens away from potentially public version-controlled >> files. >> >> In the future we might check if those are on, for instance, $HOME/.botorc >> instead of having them in a .yml file in our playbook, just one commit away >> from being published in the open. >> >> Thanks again! >> Roman >> >> >> Den måndagen den 23:e juni 2014 kl. 16:12:24 UTC+2 skrev Michael DeHaan: >>> >>> I'd probably keep the provisioning playbooks seperate and then have them >>> include the configuration portion using the usual "add_host" handoff. >>> >>> Also I should point out >>> >>> --extra-vars @from_file.yml >>> >>> is an option >>> >>> >>> >>> >>> On Mon, Jun 23, 2014 at 8:41 AM, Roman Valls <[email protected]> >>> wrote: >>> >>>> Hello Ansible-Project, >>>> >>>> I would like to know which best practices are there when it comes to >>>> deploying a playbook to several different cloud providers (mainly AWS and >>>> GCE now, but more might come later). >>>> >>>> More specifically, which one feels more natural to you: >>>> >>>> ansible-playbook site.yml --extra-vars "cloud_provider=aws >>>> aws_access_key=..." >>>> ansible-playbook site.yml --extra-vars="cloud_provider=gce >>>> gce_service_email=..." >>>> >>>> Which follows ansible docs on Best Practices... >>>> >>>> ... or the following, shorter version instead? >>>> >>>> ansible-playbook aws.yml --extra-vars "aws_access_key=..." >>>> ansible-playbook gce.yml --extra-vars="gce_service_email=..." >>>> >>>> >>>> >>>> Here's the original GitHub discussion that triggered this email, thanks >>>> Michael DeeHann for pointing this google group: >>>> >>>> https://github.com/nimiq/ansible-biostar/issues/11 >>>> >>>> Thanks in advance, >>>> Roman >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/73665fe0-d3c7-43aa-970b- >>>> e6de8a40f15b%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/73665fe0-d3c7-43aa-970b-e6de8a40f15b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/1c5df81e-804c-40d0-a643-37001686d6c6%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/1c5df81e-804c-40d0-a643-37001686d6c6%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/46f49ac0-165b-4625-8ab8-4c66a70ebe7e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
