Hey
I'm really struggling to find a solution or "best practise" that enables me
to use Ansible to manage multiple different projects, while still being
able to reuse roles between them to target hosts from all projects in a
play.
Every tutorial or document I read seems to assume you are provisioning one
project with a handful of web and database servers in various regions or
whatever. What we have currently is a single server per client/project and
the way I have been using Ansible so far is:
playbooks/
- files/
- public_keys/ <-- common keys used on multiple projects/servers
- galaxy_roles/
- group_vars/
- all/
- droplets/
- host_vars/
- project1/
- vars.yml
- vault.yml
- project2/
- vars.yml
- vault.yml
- roles/ <-- custom roles, as reusable and broken down as I can make them
- templates/
- iptables/
- project1/rules.j2 <-- each project may require different iptable
rules
- project2/rules.j2
- project1.yml
- project2.yml
It doesn't scale well. I know that if "project1" was suddenly comprised of
more web servers for example, then I should probably be looking at
group_vars instead of host_vars. I haven't experimented with groups of
groups. I also have to check three places to find the configuration used
for a server (all, droplets, host_vars/project (and I guess the role
defaults too really)).
I thought about having a separate folder per project, each with its own
ansible.cfg and inventory to allow for future scaling, modifying the
roles_path to find the common/reusable roles and galaxy roles. This feels
neat, but then I can't target all servers in multiple projects (for example
to apply an ad-hoc patch). I think the public_keys and iptables setup would
also need to be altered so that these files are within the roles somehow.
My setup is starting to feel unwieldy and cumbersome and I'd like to get to
the point where I have a solid foundation where Ansible is helping me more
than being a hindrance.
Any thoughts or suggestions or links I may have missed much appreciated.
Thanks
Jamie
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/fb912723-17ed-4480-8d99-93138501b934%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
