I want to extend my current Ansible project to also support Linux servers. For that I want to re-use the vault file I have created but I cannot seem to find a solution without duplicating the vault file.
Here's what my current Ansible structure looks like
├── ansible.cfg
├── ansible_pw.sh
├── group_vars
│ └── windows
│ ├── vault.yml
│ └── main.yml
├── inventory.yml
├── main.yml
└── roles
├── wait_for_host
│ └── tasks
│ └── main.yml
└── install_software
└── tasks
└── main.yml
inventory.yml
---
all:
children:
windows:
hosts:
win-server.mycompany.com
main.yml
---
- hosts: windows
tasks:
- block:
- include_role: { name: wait_for_host }
- include_role: { name: install_software }
Playbook is run like this:
ansible-playbook main.yml -i inventory.yml --vault-password-file ./ansible_pw.sh
My idea is to create a new group_vars/linux directory which contains all specific settings which only apply for linux servers.
While writing this question I actually found neat solution. All general settings (including the vault file) can be stored in the default all group (see https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#default-groups) and all Windows/Linux specific settings (like ansible_connection) can be stored in separate directories:
group_vars
├── all
│ ├── main.yml
│ └── vault.yml
├── linux
│ └── main.yml
└── windows
└── main.yml
Related
I'm trying to clean up my ansible infrastructure and wanted to stick to the best practices as much as possible.
My problem is that I have host-specific tasks that I naturally want to map into the logic as sensibly as possible.
If I want to have both, "best practice" and host-specific tasks, I end up with the following simplified file structure:
├── dbservers.yml
├── generic.yml
├── group_templates/
│ └── webservers/
├── group_vars/
│ └── webservers.yml
├── host_files/
│ └── d-ws323/
├── host_tasks/
│ └── d-ws323.yml
├── host_vars/
│ └── d-ws323/
├── production.ini
├── roles/
├── secrets.txt
├── site.yml
└── webservers.yml
My approch looks like this:
site.yml is the master playbook:
---
# file: site.yml
- import_playbook: webservers.yml
- import_playbook: dbservers.yml
- import_playbook: generic.yml
And generic.yml:
---
- hosts: all
become: yes
roles:
- generic
tasks:
- local_action: stat path=host_tasks/{{ inventory_hostname }}.yml
register: host_file
become: no
- include: host_playbooks/{{ inventory_hostname }}.yml
when: host_file.stat.exists
Does it make sense?
What we do is create roles that have playbooks and then assign these roles to hosts or groups of hosts. Based on that, we would have a directory layout similar to:
.
├── group_vars
├── hosts
├── host_vars
│ └── host-01.yml
├── roles
│ └── webservers
│ ├── files
│ ├── tasks
│ │ └── main.yml
│ └── templates
└── webservers.yml
The hosts file is the inventory file, which you're gonna put all your hosts and groups, and the webservers.yml is the playbook with the following content:
---
- hosts: host-01
become: true
user: ubuntu
roles:
- webservers
If you have to make any distro-specific arrangement, you should do that inside the role playbook. Playbooks outside roles should exist only for conecting groups or hosts to roles, or very trivial tasks, if possible.
Best regards!
I was wondering if anyone could advise on how I can manage multi environment variables using ansible. Imagine i have development and staging. I have the following structure:
.
├── inventories
│ ├── development
│ │ ├── group_vars
│ │ │ └── all.yml
│ │ └── hosts
│ └── staging
│ ├─── group_vars
│ │ └── all.yml
│ │ └── hosts
├── roles
└── test.yml
In each all.yml file, i have one variable like this:
vars:
name:"development"
I was wondering how is the best approach to load the values depending on a parameter to set for example on command line (-i env=development).
In test.yml, I have this:
- name: test playbook
hosts: localhost
connection: local
tasks:
- name:
debug:
var: name
When I execute, I get this:
ansible-playbook -i inventories/development/ test.yml -vvv
....
ok: [localhost] => {
"name": "VARIABLE IS NOT DEFINED!: 'name' is undefined"
}
I'm kind of new to ansible and I've found thousands of different ways and I was wondering what is the best approach? Because I'm kind of lost :( :(
Regards,
We have something similar to your needs on our project, I guess.
Organized in below maner:
.
group_vars folder
├── all.yml # variables common for all envs (creds for example)
├── development.yml # variables for development env
└── staging.yml # variables for staging env
|
invenory_file.yml # file which stoers your managed hosts list devided by groups
├── [development]
│ ├── dev.host1.name # development host#1 with vars applied from development.yml
│ ├── dev.host2.name # development host#2 with vars applied from development.yml
│ └── dev.host3.name # development host#3 with vars applied from development.yml
├── [staging]
│ ├── staging.host1.name # staging host#1 with vars applied from staging.yml
│ ├── staging.host2.name # staging host#2 with vars applied from staging.yml
│ └── staging.host3.name # staging host#3 with vars applied from staging.yml
|
roles
Main idea that you have separate files with vars for different envs, and you have your hosts organized in environments groups in inventory file. So variables from files in group_vars will applied to correct hosts grouped in Inventory.
Here is usuful link to check on how Ansible groups are organized:
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
I am trying to use Ansible Collection for example the nginx one.
The directory tree structure looks like this:
├── ansible_collections
│ └── nginxinc
│ └── nginx_core
│ ├── CHANGELOG.md
.......
│ ├── README.md
│ └── roles
│ ├── nginx
│ │ ├── tasks
│ │ │ ├── amplify
│ │ │ ├── config
│ │ │ ├── keys
│ │ │ ├── main.yml
│ │ │ ├── modules
│ │ │ ├── opensource
│ │ │ │ └── install-debian.yml
│ │ │ └── unit
....
├── hosts
└── site.yaml
the site.yaml file I wrote is:
- name: Demo
hosts: all
connection: local
gather_facts: no
tasks:
- name: test
include_role:
name: nginxinc.nginx_core.nginx
tasks_from: install-debian
I am trying to run the task install-debian from the role nginx.
I run the playbook:
ansible-playbook -i hosts site.yaml
I get this error:
ERROR! the role 'nginxinc.nginx_core.nginx' was not found.....
I need help on how I should fix the site.yaml file
If I understand correctly, you should just install the Nginx collection with the following command, as explained here:
ansible-galaxy collection install nginxinc.nginx_core
It should install it in ~/.ansible/collections/ansible_collections/nginxinc/nginx_core/. Then create a playbook following these examples and the Ansible docs:
---
- hosts: all
collections:
- nginxinc.nginx_core
roles:
- role: nginx
Finally run your playbook:
ansible-playbook -i hosts my_nginx_playbook.yaml
It'll pick the Debian version for you if your host is Debian.
I regret to say that this is not working for me. this gives the impression that collections_paths is not used.
ansible --version
ansible 2.9.17
ansible-config view
[defaults]
inventory=/usr/local/ansible-admin/my_hosts
roles_path=/usr/local/galaxy-roles:./roles
collections_paths=/usr/local/ansible_collections
log_path=./ansible.log
the collections are installed in the /usr/local/ansible_collections folder:
tree -L 2 /usr/local/ansible_collections/nginxinc/
/usr/local/ansible_collections/nginxinc/
└── nginx_core
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── docs
├── FILES.json
├── LICENSE
├── MANIFEST.json
├── playbooks
├── plugins
├── README.md
└── roles
here is the very basic content of the playbook:
cat playbooks/nginx_core.yml
- name: Test collection ansible with nginxinc
hosts: "{{ target }}"
collections:
- nginxinc.nginx_core
tasks:
- import_role:
name: nginx
we get the following error message when it is launched:
ansible-playbook playbooks/nginx_core.yml --extra-vars target=myvm.mydomain.org
ERROR! the role 'nginx' was not found in nginxinc.nginx_core:ansible.legacy:/usr/local/ansible-admin/playbooks/roles:/usr/local/galaxy-roles:/usr/local/ansible-admin/roles:/usr/local/ansible-admin/playbooks
it doesn't find the role in the collections, and worse, it doesn't say that it looked in the collections_path...
But here is a solution that works, but it is very very ugly: add the nginx role of the collection in roles_path!
roles_path=/usr/local/galaxy-roles:./roles:/usr/local/ansible_collections/nginxinc/nginx_core/roles
warning: this is obviously a misuse of the ansible collections!
any help would be appreciated.
Ernest.
I have defined all my variables in group_vars/all/vars_file.yml and my playbook is as below:
---
# Top level play site.yml
- hosts: webclient
roles:
- common
- nginx
- nvm
- deploy_web_client
- hosts: appserver
roles:
- common
- gradle
- tomcat
- deploy_sb_war
Now I have 3 environments dev / staging / production. Depending upon the environment i used to change the vars_file.yml under group_vars and then run the ansible-play.
Is there any way I can keep 3 files like "group_vars/dev" , "group_vars/staging", "group_vars/production" and specify it in my main site.yml
I have 3 inventory files as below, and depending upon the environment during ansible-play i specify the inventory file name
[webclient]
10.20.30.40
[appserver]
10.20.30.41
Instead of using inventory files saved in a single directory, use inventory files in separate directories and put group_vars inside each of them.
.
├── dev
│ ├── group_vars
│ │ └── all
│ │ └── vars_file.yml
│ └── inventory
├── production
│ ├── group_vars
│ │ └── all
│ │ └── vars_file.yml
│ └── inventory
└── staging
├── group_vars
│ └── all
│ └── vars_file.yml
└── inventory
Then point to the directory in the ansible-playbook call:
ansible-playbook -i dev <the_rest>
Ansible executes all dependency role but my main.yml in meta folder looks like this:
---
dependencies:
- { role: common, caller_role: docker, tags: ['packages'] }
So, ansible should execute that part of role common that contains the following:
---
- name: Install required packages
package: name={{ item.name }} state=present
with_items:
- "{{ vars[caller_role]['SYSTEM']['PACKAGES'] }}"
tags:
- packages
- name: Modify /etc/hosts
lineinfile:
dest: /etc/hosts
line: "{{ vars[caller_role]['REGISTRY']['ip'] }} {{ vars[caller_role]['REGISTRY']['hostname']}}"
tags:
- write_etc_hosts
I execute ansible 2.1.1.0 as follows: ansible-playbook --list-tags site.yml and here i'm copying site.yml:
- hosts: localhost
connection: local
remote_user: root
become: yes
roles:
- docker
And finally the tree:
├── common
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
├── docker
│ ├── defaults
│ │ └── main.yml
│ ├── files
│ ├── handlers
│ │ └── main.yml
│ ├── meta
│ │ └── main.yml
│ ├── README.md
│ ├── tasks
│ │ └── main.yml
│ ├── templates
│ ├── tests
│ │ ├── inventory
│ │ └── test.yml
│ └── vars
│ └── main.yml
└── site.yml
I fail to understand what is happening..
If you specify tags for a role, Ansible applies them to every task in that role.
In your example, tag packages will be added to every task in the role common.
Please inspect tag inheritance section in the documentation.
You can apply tags to more than tasks, but they ONLY affect the tasks themselves. Applying tags anywhere else is just a convenience so you don’t have to write it on every task
All of these [samples] apply the specified tags to EACH task inside the play, included file, or role, so that these tasks can be selectively run when the playbook is invoked with the corresponding tags.
OK, thank you Konstantin. For this purpose i think i will use:
- include: foo.yml
tags: [web,foo]
Regards