Hi, I don't think I have an answer for you, but faced with a similar problem (being able to reuse roles and yet have separate projects) we started investigating the following solution. At this stage we're only trying this with one and a bit of (smallish) projects so I'm unsure how well this is going to work yet
1. separate ansible.cfg for each project with a list of 2 role paths (project and shared) 2. a repo of 'shared roles' (with no playbooks) shared roles look for its data in specific locations: - its own default/vars directories - predefined project directories (generally host_vars/role_name/...) this is manually loaded shared roles are a submodule in git 3. actual repo for the project with the usual setup Two things we've noticed so far: - shared roles have to be truely reusable, abstracted out and idempotent - takes more effort - the behaviour of shared roles must be well defined: all input parameters must be validated and when they fail they must leave good trail of what actually when wrong I'm also keen to hear how others scale up their setups. One of the issues we seem to have is the multitude of top-level playbooks - we try to keep them separate by using naming conventions (like object-action-subject) but that only helps to a degree. kind regards Pshem On Wed, 30 Aug 2017 at 22:12 <[email protected]> wrote: > Hey > > I'm really struggling to find a solution or "best practise" that enables > me to use Ansible to manage multiple different projects, while still being > able to reuse roles between them to target hosts from all projects in a > play. > > Every tutorial or document I read seems to assume you are provisioning one > project with a handful of web and database servers in various regions or > whatever. What we have currently is a single server per client/project and > the way I have been using Ansible so far is: > > playbooks/ > - files/ > - public_keys/ <-- common keys used on multiple projects/servers > - galaxy_roles/ > - group_vars/ > - all/ > - droplets/ > - host_vars/ > - project1/ > - vars.yml > - vault.yml > - project2/ > - vars.yml > - vault.yml > - roles/ <-- custom roles, as reusable and broken down as I can make them > - templates/ > - iptables/ > - project1/rules.j2 <-- each project may require different iptable > rules > - project2/rules.j2 > - project1.yml > - project2.yml > > It doesn't scale well. I know that if "project1" was suddenly comprised of > more web servers for example, then I should probably be looking at > group_vars instead of host_vars. I haven't experimented with groups of > groups. I also have to check three places to find the configuration used > for a server (all, droplets, host_vars/project (and I guess the role > defaults too really)). > > I thought about having a separate folder per project, each with its own > ansible.cfg and inventory to allow for future scaling, modifying the > roles_path to find the common/reusable roles and galaxy roles. This feels > neat, but then I can't target all servers in multiple projects (for example > to apply an ad-hoc patch). I think the public_keys and iptables setup would > also need to be altered so that these files are within the roles somehow. > > My setup is starting to feel unwieldy and cumbersome and I'd like to get > to the point where I have a solid foundation where Ansible is helping me > more than being a hindrance. > > Any thoughts or suggestions or links I may have missed much appreciated. > > Thanks > Jamie > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/fb912723-17ed-4480-8d99-93138501b934%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/fb912723-17ed-4480-8d99-93138501b934%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEaZiRXmEecuej9UWmBXTpMRQcK8PKw85MNyp%3DMiKNUWehiahA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
