Ansible organization for a versioned product - ansible

I'm working in a company with a big code base with multiples products,
We use Ansible for our products deployments.
We have multiples shared roles and specific roles per product.
Each shared role is versioning and tagged,
Let's imagine product X in version 1.0.0 and a product Y in version 1.1.0
and 2 shared roles A & B
X has a dependency on role A/B in version 1.0.0
Y has a dependency on role A in version 1.0.0 and role B in version 1.5.0
I'm working on my product X for a new major release 1.1.0
So I'm working too in Ansible to add multiples config files, remove some others, update the shared role A
But my version 1.0.0 is still in production, so it may require some adjustments for bugs. and It may need to update the ansible too.
Now is my problem.
When I release X:1.1.0 with the updated ansible, my playbooks are no more compatible with the 1.0.0 branch.
What's a good practice for handling ansible with a product life
It is good to have a role and tasks per version ?
tasks
- main.yml
- 1.0.0.yml
- 1.1.0.yml
cat main.yml
---
include_tasks: {{product_version}}.yml
include_tasks: 1.1.0.yml
when : product_version >= 1.1.0
and in each version file contains the diff with the previous one ?
but for the 1.10.0, it will become a nightmare...
Do you have any experience for these uses cases ?

First, we must assume that all roles are in their own git repositories. (If they are not, fix that first.) Also, the playbook that will do the installation is also in its own repository, along with a file called roles/requirements.yml. (That is where Ansible Tower expects it to be.)
A particular version of the installation playbook repo will have a particular roles/requirements.yml file which will specify exactly what versions of what roles are needed to run that version of the playbook.
So, for product X, we have a roles/requirements.yml file that says,
- name: A
src: git#gitlab.company.com:mygroup/A.git
scm: git
version: 1.0.0
- name: B
src: git#gitlab.company.com:mygroup/B.git
scm: git
version: 1.0.0
And for product Y, we have a roles/requirements.yml file that says,
- name: A
src: git#gitlab.company.com:mygroup/A.git
scm: git
version: 1.0.0
- name: B
src: git#gitlab.company.com:mygroup/B.git
scm: git
version: 1.5.0
Installing Roles with Ansible Galaxy

Related

How to handle multiple bambooinstances with one bamboo.yaml

I have a bamboo.yaml (same project) which is used on 2 diffrent Bambooservers - this is needed (cause of staging concept and other stufff)
The buildjobs differ a bit on those bambooinstances, i could solve this by using global-variables and conditional Task.
Like this:
tasks:
- maven:
executable: Maven 3.6.3
jdk: JDK 11.0.2
goal: |-
clean install -s settings.xml
environment: BUILD_USER=${bamboo.hpf_bamboo_user} BUILD_PWD=${bamboo.hpf_bamboo_password}
conditions:
- variable:
equals:
bamboo_instance: devstack
- maven:
executable: Maven 3.6.3
jdk: JDK 11.0.2
goal: |-
clean deploy -s settings.xml
environment: BUILD_USER=${bamboo.hpf_bamboo_user} BUILD_PWD=${bamboo.hpf_bamboo_password}
conditions:
- variable:
equals:
bamboo_instance: ci
The group which should have permissions on the job has diffrent names on the bambooinstances too,
but i cant use variables on permissions.
plan-permissions:
- users: []
groups: ${bamboo.devgroup}
This will return the error "no group '${bamboo.devgroup}'"
Has anyone a idea how i could solve this ?
FYI: Found a Solution
its possible to define the bamboo-server name in the yaml - bamboo will skip the configurations which have another servername as itself :)
server-name: 'bambooservername'

ERROR! couldn't resolve module/action . This often indicates a misspelling, missing collection, or incorrect module path

I've got an Ansible Collections in my Ansible playbook as follows:
- name: Create a profile for the user
community.windows.win_user_profile:
username: test
name: test
state: present
and the collection is installed via
ansible-galaxy collection install ansible.windows
so I can see it at ~/.ansible/collections.
However I keep getting:
ERROR! couldn't resolve module/action 'community.windows.win_user_profile'. This often indicates a misspelling, missing collection, or incorrect module path.
I've also copied it alongside the playbook just in case but still get the same error message.
Any suggestions?
I got the same error with Ansible 2.9 on Ubuntu 20.04 after install community.general. The solution in this case was installing ansible.posix
ansible-galaxy collection install ansible.posix
as this contains the mount module https://docs.ansible.com/ansible/latest/collections/ansible/posix/mount_module.html
There are two Windows collections: community and Supported. I know that's confusing :(
Looks like you've installed ansible.windows, though you are using community.windows
The fix is:
ansible-galaxy collection install community.windows
ansible 2.9 uses collections different.
One way is to add them to the top:
---
- hosts: all
collections:
- community.windows
and then later use:
- name: Create a profile for the user
win_user_profile:
username: test
name: test
state: present
for reference:
Use Ansible Collections
collections are backwardcompatible
Dirty:
dont do this, but it works.
ansible-config dump |grep DEFAULT_MODULE_PATH
and copy them there (example replace path and name)...
cp -p ~/.ansible/collections/ansible_collections/community/general/plugins/modules/system/sudoers.py ./library/
Adding below details to your question would be helpful
Ansible host operating system
Ansible version
I guess, this is error is specific to ansible version. I guess you are using ansible 2.9 version or lower version. whereas, Installing collections with ansible-galaxy is only supported in ansible 2.9+.
Reference link : https://galaxy.ansible.com/ansible/windows ( look into 'Note' section )
You can upgrade your ansible version and give a try.
Reference link : https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#upgrading-from-2-9-or-earlier-to-2-10

Specify Collection dependency for Molecule

Molecule is informed to download role dependencies from Ansible Galaxy via
dependency:
name: galaxy
options:
role-file: requirements.yml
However, there doesn't appear to be any documentation on how Molecule can be informed to download Collections. https://molecule.readthedocs.io/en/stable/configuration.html#ansible-galaxy does not list a collections option and I don't see an open feature request on https://github.com/ansible/molecule for this.
Asking here in case this is a solved issue for Molecule, otherwise I suppose this would be a feature request on the Molecule github repo. How can I inform Molecule that it needs to download a Collection for a ansible-galaxy dependency?
My requirements.yml file looks like this:
---
roles:
- src: gantsign.visual-studio-code
- src: artis3n.bitwarden_app
collections:
- name: artis3n.github
This format is supported by Ansible at https://docs.ansible.com/ansible/devel/user_guide/collections_using.html#install-multiple-collections-with-a-requirements-file.
The documentation now covers collections as well since #2609. However, if you look at this pull request you can see it shouldn't have passed because the tests fail. It makes sense now that I was unable to get a working solution on my host more than 8 days ago; I notice the last merge after tests passed was 8 days ago.
I don't think this latest merge has been released yet, but I believe there is a workaround.
The issue I filed against Molecule has been completed, so this functionality is now present in Molecule as of version 3.0.3.

Travis gem deployment failing "Directory nonexistent"

I don't understand why the deployment is not working. I'm getting the following error in the build console:
Preparing deploy
Found gem
/usr/lib/git-core/git-stash: 186: /usr/lib/git-core/git-stash: cannot create /home/travis/build/prismicio/ruby-kit/.git/logs/refs/stash: Directory nonexistent
Build: https://travis-ci.org/prismicio/ruby-kit/jobs/40767391
My .travis.yml:
language: ruby
rvm:
- 2.1.1
- 2.1.0
- 2.0.0
- 1.9.3
- 1.9.2
- jruby-19mode
script: bundle exec rspec spec
notifications:
email:
- example#example.com
addons:
code_climate:
repo_token: X
deploy:
provider: rubygems
api_key:
secure: XXX
gemspec: prismic.gemspec
on:
tags: true
all_branches: true
What's wrong with the build?
The error:
/usr/lib/git-core/git-stash: 186: /usr/lib/git-core/git-stash: cannot create /home/travis/build/prismicio/ruby-kit/.git/logs/refs/stash: Directory nonexistent
may be related to how you're deploying your files to your provider and it's triggered by git stash and its DPL::Provider#cleanup process (see: releases.rb). By default Deployment Provider will deploy the files from the latest commit. This is not supported for all providers, therefore this just means that the "releases" provider needs to skip the cleanup, so it should deploy from the current file state instead (see #BanzaiMan comment) by adding this line:
skip_cleanup: true
This is because every provider has slightly different flags and these are documented in the Deployment section (or for the latest documentation check on GitHub for supported providers).
Further more, the above error is basically related to Travis CI bug (GH #1648) where basically File#basename is stripping the directory part (as per #BanzaiMan comment) and it's not clear why this cannot manifest in the CLI case. So this is something to fix in the near future.

Sharing Ansible roles

I have packages of Ansible roles that I would like to import into a project.
If I organise them by subdirectory I run into problems relating to dependency relative paths
i.e the shared role needs to know its relative location of where it would be installed if it uses meta dependencies
I would like to be able to just reference everything to the directory the playbook is being run from though this doesn't work
roles/roleA/meta
---
dependencies:
- { role: "{{ playbook_dir }}/roles/shared_roles/roleB"}
roles/shared_roles/roleB
...
I've tried multiple options and running out of ideas.
I looked into roles-path http://docs.ansible.com/intro_configuration.html#roles-path
Though I don't really want to have to uniquely name all roles as they ought to be namespaced / grouped.
Thanks
You could basically use ansible-galaxy to install the roles within ~/.ansible/roles/ path.
The path of .ansible in my macOS machine is in: ~/.ansible/roles/
All you need to do is just create a requirements.yml file which looks something like this:
- src: git+https://<githubURL-Master-role>.git
scm: git
name: Master-role
- src: git+https://<githubURL-dependent1-role>.git
scm: git
name: dependent1-role
- src: git+https://<githubURL-dependent2-role>.git
scm: git
name: dependent2-role
Run this command to install your roles in ~/.ansible/roles/ path:
sudo ansible-galaxy -vvv -r install requirements.yml
This will basically set your roles in the ~/.ansible/roles/ path. To understand it better please follow this documentation https://docs.ansible.com/ansible/latest/reference_appendices/galaxy.html.
and then, like you have already mentioned, you should add all the dependent roles in your ##path/master-role/meta/main.yml file even before executing the anisble-galaxy command, in-order to execute the dependent roles before the master-role, when you run your master-role playbook.
The ##path/master-role/meta/main.yml file looks something like this:
galaxy_info:
author: Jithendra
description: blah...blah...blah
min_ansible_version: 1.2
galaxy_tags:'[]'
dependencies:
- { role: 'Master-role, when: blah == "true"'} #when condition is optional
- { role: 'dependent1-role, when blah == "false"'}
- { role: 'dependent2-role, when blah == "false"'}
Solved it by enforcing that all shared modules reference the name of the shared directory in all dependencies.
I wanted to leave this up to the calling project and hoped that dependencies would be relative to the role directory.
The solution works though and provides namespacing so I can include multiple roles with the same name as long as they are in separate directories.
I now have a project that includes 3 separate packages of roles
PLAY RECAP ********************************************************************
staging : ok=214 changed=5 unreachable=0 failed=0
Its all built using Maven, each shared group being a maven dependency. If anybody reads this and it helps i'll share the structure / poms etc.

Resources