I have defined all my variables in group_vars/all/vars_file.yml and my playbook is as below:
---
# Top level play site.yml
- hosts: webclient
roles:
- common
- nginx
- nvm
- deploy_web_client
- hosts: appserver
roles:
- common
- gradle
- tomcat
- deploy_sb_war
Now I have 3 environments dev / staging / production. Depending upon the environment i used to change the vars_file.yml under group_vars and then run the ansible-play.
Is there any way I can keep 3 files like "group_vars/dev" , "group_vars/staging", "group_vars/production" and specify it in my main site.yml
I have 3 inventory files as below, and depending upon the environment during ansible-play i specify the inventory file name
[webclient]
10.20.30.40
[appserver]
10.20.30.41
Instead of using inventory files saved in a single directory, use inventory files in separate directories and put group_vars inside each of them.
.
├── dev
│ ├── group_vars
│ │ └── all
│ │ └── vars_file.yml
│ └── inventory
├── production
│ ├── group_vars
│ │ └── all
│ │ └── vars_file.yml
│ └── inventory
└── staging
├── group_vars
│ └── all
│ └── vars_file.yml
└── inventory
Then point to the directory in the ansible-playbook call:
ansible-playbook -i dev <the_rest>
Related
I want to extend my current Ansible project to also support Linux servers. For that I want to re-use the vault file I have created but I cannot seem to find a solution without duplicating the vault file.
Here's what my current Ansible structure looks like
├── ansible.cfg
├── ansible_pw.sh
├── group_vars
│ └── windows
│ ├── vault.yml
│ └── main.yml
├── inventory.yml
├── main.yml
└── roles
├── wait_for_host
│ └── tasks
│ └── main.yml
└── install_software
└── tasks
└── main.yml
inventory.yml
---
all:
children:
windows:
hosts:
win-server.mycompany.com
main.yml
---
- hosts: windows
tasks:
- block:
- include_role: { name: wait_for_host }
- include_role: { name: install_software }
Playbook is run like this:
ansible-playbook main.yml -i inventory.yml --vault-password-file ./ansible_pw.sh
My idea is to create a new group_vars/linux directory which contains all specific settings which only apply for linux servers.
While writing this question I actually found neat solution. All general settings (including the vault file) can be stored in the default all group (see https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#default-groups) and all Windows/Linux specific settings (like ansible_connection) can be stored in separate directories:
group_vars
├── all
│ ├── main.yml
│ └── vault.yml
├── linux
│ └── main.yml
└── windows
└── main.yml
I was wondering if anyone could advise on how I can manage multi environment variables using ansible. Imagine i have development and staging. I have the following structure:
.
├── inventories
│ ├── development
│ │ ├── group_vars
│ │ │ └── all.yml
│ │ └── hosts
│ └── staging
│ ├─── group_vars
│ │ └── all.yml
│ │ └── hosts
├── roles
└── test.yml
In each all.yml file, i have one variable like this:
vars:
name:"development"
I was wondering how is the best approach to load the values depending on a parameter to set for example on command line (-i env=development).
In test.yml, I have this:
- name: test playbook
hosts: localhost
connection: local
tasks:
- name:
debug:
var: name
When I execute, I get this:
ansible-playbook -i inventories/development/ test.yml -vvv
....
ok: [localhost] => {
"name": "VARIABLE IS NOT DEFINED!: 'name' is undefined"
}
I'm kind of new to ansible and I've found thousands of different ways and I was wondering what is the best approach? Because I'm kind of lost :( :(
Regards,
We have something similar to your needs on our project, I guess.
Organized in below maner:
.
group_vars folder
├── all.yml # variables common for all envs (creds for example)
├── development.yml # variables for development env
└── staging.yml # variables for staging env
|
invenory_file.yml # file which stoers your managed hosts list devided by groups
├── [development]
│ ├── dev.host1.name # development host#1 with vars applied from development.yml
│ ├── dev.host2.name # development host#2 with vars applied from development.yml
│ └── dev.host3.name # development host#3 with vars applied from development.yml
├── [staging]
│ ├── staging.host1.name # staging host#1 with vars applied from staging.yml
│ ├── staging.host2.name # staging host#2 with vars applied from staging.yml
│ └── staging.host3.name # staging host#3 with vars applied from staging.yml
|
roles
Main idea that you have separate files with vars for different envs, and you have your hosts organized in environments groups in inventory file. So variables from files in group_vars will applied to correct hosts grouped in Inventory.
Here is usuful link to check on how Ansible groups are organized:
https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html
I am trying to use Ansible Collection for example the nginx one.
The directory tree structure looks like this:
├── ansible_collections
│ └── nginxinc
│ └── nginx_core
│ ├── CHANGELOG.md
.......
│ ├── README.md
│ └── roles
│ ├── nginx
│ │ ├── tasks
│ │ │ ├── amplify
│ │ │ ├── config
│ │ │ ├── keys
│ │ │ ├── main.yml
│ │ │ ├── modules
│ │ │ ├── opensource
│ │ │ │ └── install-debian.yml
│ │ │ └── unit
....
├── hosts
└── site.yaml
the site.yaml file I wrote is:
- name: Demo
hosts: all
connection: local
gather_facts: no
tasks:
- name: test
include_role:
name: nginxinc.nginx_core.nginx
tasks_from: install-debian
I am trying to run the task install-debian from the role nginx.
I run the playbook:
ansible-playbook -i hosts site.yaml
I get this error:
ERROR! the role 'nginxinc.nginx_core.nginx' was not found.....
I need help on how I should fix the site.yaml file
If I understand correctly, you should just install the Nginx collection with the following command, as explained here:
ansible-galaxy collection install nginxinc.nginx_core
It should install it in ~/.ansible/collections/ansible_collections/nginxinc/nginx_core/. Then create a playbook following these examples and the Ansible docs:
---
- hosts: all
collections:
- nginxinc.nginx_core
roles:
- role: nginx
Finally run your playbook:
ansible-playbook -i hosts my_nginx_playbook.yaml
It'll pick the Debian version for you if your host is Debian.
I regret to say that this is not working for me. this gives the impression that collections_paths is not used.
ansible --version
ansible 2.9.17
ansible-config view
[defaults]
inventory=/usr/local/ansible-admin/my_hosts
roles_path=/usr/local/galaxy-roles:./roles
collections_paths=/usr/local/ansible_collections
log_path=./ansible.log
the collections are installed in the /usr/local/ansible_collections folder:
tree -L 2 /usr/local/ansible_collections/nginxinc/
/usr/local/ansible_collections/nginxinc/
└── nginx_core
├── CHANGELOG.md
├── CODE_OF_CONDUCT.md
├── CONTRIBUTING.md
├── docs
├── FILES.json
├── LICENSE
├── MANIFEST.json
├── playbooks
├── plugins
├── README.md
└── roles
here is the very basic content of the playbook:
cat playbooks/nginx_core.yml
- name: Test collection ansible with nginxinc
hosts: "{{ target }}"
collections:
- nginxinc.nginx_core
tasks:
- import_role:
name: nginx
we get the following error message when it is launched:
ansible-playbook playbooks/nginx_core.yml --extra-vars target=myvm.mydomain.org
ERROR! the role 'nginx' was not found in nginxinc.nginx_core:ansible.legacy:/usr/local/ansible-admin/playbooks/roles:/usr/local/galaxy-roles:/usr/local/ansible-admin/roles:/usr/local/ansible-admin/playbooks
it doesn't find the role in the collections, and worse, it doesn't say that it looked in the collections_path...
But here is a solution that works, but it is very very ugly: add the nginx role of the collection in roles_path!
roles_path=/usr/local/galaxy-roles:./roles:/usr/local/ansible_collections/nginxinc/nginx_core/roles
warning: this is obviously a misuse of the ansible collections!
any help would be appreciated.
Ernest.
I have a folder structure like this in Ansible where global variables are at the root group_vars and then environment specific variables are in inventories/dev/group_vars/all etc.
.
├── ansible.cfg
├── group_vars
│ └── all
├── inventories
│ ├── dev
│ │ ├── group_vars
│ │ │ └── all
│ │ └── hosts
│ └── prod
│ ├── group_vars
│ │ └── all
│ └── hosts
└── playbook.yml
I want to use to be able reuse the existing variables in both var files in Molecule but unable to do so as it cannot find the variable. Something similar to the below works but I need both group_vars/all and inventories/dev/group_vars/all
extract of my molecule.yml
provisioner:
name: ansible
inventory:
links:
group_vars: ../../../group_vars
I tried comma separated and that doesn't work because afterall it's just a symlink to the file.
The Ansible best practices documentation recommends to separate inventories:
inventories/
production/
hosts.ini # inventory file for production servers
group_vars/
group1 # here we assign variables to particular groups
group2 # ""
host_vars/
hostname1 # if systems need specific variables, put them here
hostname2 # ""
staging/
hosts.ini # inventory file for staging environment
group_vars/
group1 # here we assign variables to particular groups
group2 # ""
host_vars/
stagehost1 # if systems need specific variables, put them here
stagehost2 # ""
My staging and production environments are structured in the same way. I have in both environments the same groups. And it turns out that I have also the same group_vars for the same groups. This means redundancy I would like to wipe out.
Is there a way to share some group_vars between different inventories?
As a work-around I started to put shared group_vars into the roles.
my_var:
my_group:
- { var1: 1, var2: 2 }
This makes it possible to iterate over some vars by intersecting the groups of a host with the defined var:
with_items: "{{group_names | intersect(my_var.keys())}}"
But this is a bit complicate to understand and I think roles should not know anything about groups.
I would like to separate most of the inventories but share some of the group_vars in an easy to understand way. Is it possible to merge global group_vars with inventory specific group_vars?
I scrapped the idea of following Ansible's recommendation. Now one year later, I am convinced that Ansible's recommendation is not useful for my requirements. Instead I think it is important to share as much as possible among different stages.
Now I put all inventories in the same directory:
production.ini
reference.ini
And I take care that each inventory defines a group including all hosts with the name of the stage.
The file production.ini has the group production:
[production:children]
all_production_hosts
And the file reference.ini has the group reference:
[reference:children]
all_reference_hosts
I have just one group_vars directory in which I define a file for every staging group:
group_vars/production.yml
group_vars/reference.yml
And each file defines a stage variable. The file production.yml defines this:
---
stage: production
And the file reference.yml defines that:
---
stage: reference
This makes it possible to share everything else between production and reference. But the hosts are completely different. By using the right inventory the playbook runs either on production or on reference hosts:
ansible-playbook -i production.ini site.yml
ansible-playbook -i reference.ini site.yml
If it is necessary for the site.yml or the roles to behave slightly different in the production and reference environment, they can use conditions using the stage variable. But I try to avoid even that. Because it is better to move all differences into equivalent definitions in the staging files production.yml and reference.yml.
For example, if the group_vars/all.yml defines some users:
users:
- alice
- bob
- mallory
And I want to create the users in both environments, but I want to exclude mallory from the production environment, I can define a new group called effective_users. In the reference.yml it is identical to the users list:
effective_users: >-
{{ users }}
But in the production.yml I can exclude mallory:
effective_users: >-
{{ users | difference(['mallory']) }}
The playbook or the roles do not need to distinguish between the two stages, they can simply use the group effective_users. The group contains automatically the right list of users simply by selecting the inventory.
The simple option here (and what we do) is simply symlink generic group vars files around.
For instance we might have a generic role for something like NGINX and then a few concrete use cases for that role. In this case we create a group vars file that uses the NGINX role for each concrete use case and then simply symlink those group vars files into the appropriate folders.
Our project folder structure then might look something like this (drastically simplified):
.
├── inventories
│ ├── bar-dev
│ │ ├── group_vars
│ │ │ ├── bar.yml -> ../../shared/bar.yml
│ │ │ └── dev.yml -> ../../shared/dev.yml
│ │ └── inventory
│ ├── bar-prod
│ │ ├── group_vars
│ │ │ ├── bar.yml -> ../../shared/bar.yml
│ │ │ └── prod.yml -> ../../shared/prod.yml
│ │ └── inventory
│ ├── bar-test
│ │ ├── group_vars
│ │ │ ├── bar.yml -> ../../shared/bar.yml
│ │ │ └── test.yml -> ../../shared/test.yml
│ │ └── inventory
│ ├── foo-dev
│ │ ├── group_vars
│ │ │ ├── dev.yml -> ../../shared/dev.yml
│ │ │ └── foo.yml -> ../../shared/foo.yml
│ │ └── inventory
│ ├── foo-prod
│ │ ├── group_vars
│ │ │ ├── foo.yml -> ../../shared/foo.yml
│ │ │ └── prod.yml -> ../../shared/prod.yml
│ │ └── inventory
│ ├── foo-test
│ │ ├── group_vars
│ │ │ ├── foo.yml -> ../../shared/foo.yml
│ │ │ └── test.yml -> ../../shared/test.yml
│ │ └── inventory
│ └── shared
│ ├── bar.yml
│ ├── dev.yml
│ ├── foo.yml
│ ├── prod.yml
│ └── test.yml
└── roles
└── nginx
├── defaults
│ └── main.yml
├── meta
│ └── main.yml
├── tasks
│ └── main.yml
└── templates
└── main.yml
Now our inventory files can have the hosts use these shared group vars simply by putting the hosts in the correct groups.
You can place group_vars in playbook directory as well. More info.
Ansible will pick them up for all inventories.