So, I'm running into an issue with variable precedence. I'd appreciate any
feedback. Apologies for how long this is, I'm trying to make sure
everything is clear.
First, I set ```hash_behavior=merge``` in my ansible.cfg file. This lets me
avoid having to repeat configuration across hosts, roles, and the all
group. (DRY)
For example:
group_vars/all.yml
> foo:
> bar1: 'me'
>
> host_vars/node1.yml
> foo:
> bar2: 'you'
>
Instead of what I'd have to do with ```hash_behavior=replace```:
group_vars/all.yml
> foo:
> bar1: 'me'
>
> host_vars/node1.yml
> foo:
> bar1: 'me'
> bar2: 'you'
>
The issue that I'm running into is what happens when you throw groups other
than ```all``` into the mix.
group_vars/alpha.yml
> foo:
> bar5: 'myself'
>
> group_vars/beta.yml
> foo:
> bar9: 'I'
>
Now, this works just fine, I get all foobars.
hosts:
> - all
>
But if I go:
hosts:
> - beta
>
I get
group_vars/all.yml
> foo:
> bar1: 'me'
> bar2: 'you'
> bar9: 'I'
>
When I want bar5 from group_vars/alpha.yml in there as well.
Basically, if you limit your hosts by group, only the vars in the all
group, the specific groups you select, and your host_vars are applied.
(From these variable sources, I'm ignoring -e, and vars: and vars_files:.)
The issues I see are:
- How do you determine which group has precedence when the var names are
the same?
- I think this is why Ansible works the way it currently does. I
can't think of any way to figure precidence out from groups without
having
the user create some kind map.
- What if the reason I'm using a group is to avoid any other vars
getting in the way?
- Is it really a good idea to load all the vars, all the time?
- From a processing standpoint.
The only (somewhat) DRY solution I can think of is to just ignore groups
other than ```all```. That leaves me copying any config that doesn't apply
to every node, into the host_vars files every node to which it does apply.
Which is kinda annoying when you need to change that config...
For a more concrete example:
I have a role that applies iptables rules, and a role that manages Monit
probes. On the servers in my apache group, I want to open 80 and 443, and
watch the apache process to make sure it doesn't go down. On the servers in
my mysql group, I want to open port 3306, and to watch the mysql process.
Some of my servers are in both groups, and if I just call the mysql group,
then only 3306 is opened, while 80 and 443 are closed, and only the mysql
process is watched, while the apache process is ignored. When what I want,
is for the iptables and Monit roles to pull the vars from both mysql and
apache groups, even when I'm not calling both groups.
Anyway, any suggestions? How can I avoid repeating myself? How can I make
groups actually useful to me?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/04d434d4-440f-4939-9b32-cdd3875e7c33%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
