Sensible way to have a common set of roles as base for multiple playbooks in ansible?

0
votes

I use ansible to manage a wide range of VMs, all with their own specifics, but each have some roles commonly defined under them.

Eg. multiple playbooks reference a role, that sets up admin users with access, same goes for ssh setup, timesync, timezone etc.

Now these roles are explicitly referenced in the same way in these playbooks, which is hard to maintain if a role happens to change.

I tried two methods:

  • Include playbooks: While an included playbook can be ran for an inventory file, which would cover all the needed VMs, it still has a separate configuration set, and I would try to avoid possible misconfigurations with included playbooks
  • Master role with included roles: I managed to make this method work by passing variables, however it is a bit hard to set up, not to mention because of this maintainability and tracability of variable flow defeats the purpose of ease of use.

If anyone more experienced, is there a suggested way to group commonly used roles together while still having the option to use the separately if needed?

1
configurationansiblevirtual-machine
Why so many playbooks? I only have one: run_roles.yml. Can pass in a list of roles that will be run.Jack
We have defined multiple palybook for all the different type of VM's we use. Eg, on premise databases, servers, developer machines, on-site machines with their specific functionalities etc... They are all separated, kept to their base minimum requirements, minimizing unneeded programsVikingPingvin
Again I say, you do not need so many playbooks, just one that runs the roles passed in via extra_vars. If you are using Ansible Tower, each job wraps a playbook. You just have different jobs all running the run_roles playbook, and the extra_vars tells it which role to run. You can then string those jobs together in a Workflow.Jack

1 Answers

1
votes

I would not want to say that I'm more experienced, but I do have a way of 'making it work for me', and am also struggling with the question if this is the best (or at least a good) way of doing it.

  • My hosts are divided in groups, and each group has it own set of variables in group_vars.
  • I have a single playbook for each top-level group ("server" and "client").
  • The roles are split up according to function ("webserver" or "gnome-desktop").
  • Whenever a role is used by multiple hosts or groups, I use conditionals based on inventory_hostname, groups or a custom variable. This does generate some repetition, but that can be kept minimal by conditionally importing tasks.

To be completely honest: I'm not there yet, but in a few weekends from now I hope to get there :-).