Hello,
I have a group of servers in EC2 that will be a cluster of Consul server
nodes, but on some of them I also want to run LDAP.
I believe in a static inventory file this would be:
[consul]
server1
server2
server3
[ldap]
server1
server 2
I'm using the pattern from the EC2 guide of calling out to the ec2 module
to create or persist/no-op the instances and then using add_host to group
them (so it does ec2/add_host during every call to ansible-playbook). I'm
passing 'type: consul' in to the ec2 role which ends up in some of the
naming tags and being used for idempotence/exact_count.
My question is: Where do I create the second group ('ldap')?
I'm kind of hoping I could slice the existing 'consul' group into an ldap
group or start a play (within the same run of ansible-playbook) on only
some of the hosts in the consul group:
- name: Create instances
hosts: localhost
connection: local
roles:
- role: ec2
type: consul
count: 3
- name: Install Consul
hosts: consul
roles:
- role: consul
- name: Install LDAP
hosts: *"A subset of 'consul', or a new 'ldap' subgroup created from a
subset of 'consul'"*
roles:
- role: ldap
And finally... the catch.
I'm using just enough tags to name the instances and get
'count_tags'+'exact_count' to work with the EC2 module. I'd rather not add
more tags to get an 'ldap' group out of ec2.py because I want to be able to
use this with other cloud providers (existing playbooks already work with
EC2 and Rackspace). In the past I've found that some providers may only
support one tag/group, may not allow changing groups via API, or don't do
tags/groups at all and impotence is based on the instance name alone.
I'm hoping I'm overlooking an obvious fix but right now I'm planning to do:
- name: Create instances
hosts: localhost
connection: local
roles:
- role: ec2
type: consul_ldap
count: 2
- role: ec2
type: consul
count: 1
- name: Install Consul
hosts: *consul_ldap:consul*
roles:
- role: consul
- name: Install LDAP
hosts: consul_ldap
roles:
- role: ldap
Thanks,
Mark
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/24334d89-61fa-45ef-b1f1-8a71c67e7ff4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
