Usually, I prefer to start a project from the recommended best practice layout in ansible official website.
1 | inventories/ |
It covers the essential mulitple environments deployment so that we can easily switch deployment by running following command in production or staging
1 | $ ansible-playbook -i inventories/production webservers.yml -k -K --ask-vault-pass |
As I mentioned in my previous post Using ansible playbook in a DevOps pipeline, we could add an all.yml file in the playbook group_vars to provide following information to ansible-playbook to prevent from inputing password.
1 | ansible_user: YOUR_USER_NAME |
The group_vars in the root of the playbook is called playbook group_vars
1 | inventories/ |
I feel it’s so inconvienient when I’m using my own user password instead of a shared service account between team members.
I don’t want tell others my vault password, in that case others can know my ansible_password
and ansible_become_password
.
Initially, I think I can create a template and everyone who wants to use the playbook should copy the project template and create their all.yml locally. It results in following project structure.
1 | inventories/ |
It turns out it’s even more cumbersome, obviously…
I find another better solution out, where we can use the –extra-vars options to achieve my goal without constraints.
I decide to use the profile concept which I’ve learnt from ant build scripts in my previous company.
Here we don’t use playbook group_vars, instead, we create a profiles folder and add the vars for each profile, such as kai, chu
1 | inventories/ |
I have put ansible_user
, ansible_password
and ansible_become_password
in the all.yml in folder kai
Now we gain the benefit of the profile by running following command
1 | $ ansible-playbook -i inventories/production --extra-vars @profiles/kai/all.yml webservers.yml --vault-password-file ~/.ansible-vault-pass |
It is an env/profile matrix solution, it gives the flexibility to test our ansible-playbook with any favourate vars
Let’s run the playbook with chu’s profile in staging before finish this posts
1 | $ ansible-playbook -i inventories/staging --extra-vars @profiles/chu/all.yml webservers.yml --vault-password-file ~/.ansible-vault-pass |
Summary
- It’s good to use –extra-vars when we have some variables setup which is the ansible playbook user related, in other words, the variables are different for different ansible user.
- It would be more appropriate to add one more inventories/test if there are a lot environment related differences.