Newby Requirements and missing workarounds

[Bastian Bringenberg]

Hey together,

I am working with ansible for a few days now and it is perfect and really what I needed, but there are a few things I am not able to solute for myself and where I have ( in my opinion ) ugly workarounds that should be able to be done a lot smoother.

1.) Merging Variables per Playbook

• I know that merging variables is possible with editing ansible.cfg
• I know, that a lot of playbooks do not use this behavior so enabling it could create problems
• Is it somehow possible to create it just for my own playbooks?
• Reason:
• All my variables are build like this: 
• bbnetz.PLAYBOOK.packages.[nano, screen, curl, ...] ( for example ) set in the vars folder per distribution/version
• bbnetz.PLAYBOOK.settings.[database.*, vhost, defaultUser, ... ] set in the defaults folder and also in my host_vars.

Just as a workaround: I just renamed the bbnetz.PLAYBOOK.packages to bbnetz_packages.PLAYBOOK, but this is not as clean as I would like to have it.

2.) Creating Runtime variables

This is my set up:

• I tried to setup a PHP-FPM setup with different ports 
• I created for each php-fpm vhost a file in /etc/php5/fpm/pool.d/ and name it HOSTNAME_PORTNUMBER where portnumber is 9000 + i.
• And here is where this ends. I am not able to figure out what my i is or how to add it to 9000.

Just as workaround: I am working with PHP-FPM over Sockets for the moment...

3.) Git Module and owners

This is one of my settings:

• I am connected as user bbringenberg to my test server
• I create a new user named openproject and want to create the github repo from openproject in /home/openproject as user openproject.
• There is no attribute owner/group so this is not possible =(.
• I am also not able to configure the user for a new connection in my vars file

Just as a workaround: I am creating a copy of the gitrepo for the moment and set the new owner there.

4.) How are you working with SSL Certs?

• The last of my problems is, that I am not sure how to deploy SSL Certs
• I could add them to my host_vars file, but that would make it really huge and as my configuration is in a locale git it would not make it any more secure...
• I need to deploy them as files with gitignore or so...
• How are you doing this?

Just as a workaround: I am doing this manually on each server...

It would be really cool if you'd be able to help me out here, because I have a lot of cool things todo with ansible =).

Thanks for your help and have a very nice evening,

Greetings from Ruhrarea, Germany,

Bastian

[Michael DeHaan]

On Thu, Jul 24, 2014 at 2:38 PM, Bastian Bringenberg <avalario...@googlemail.com> wrote:

Hey together,

I am working with ansible for a few days now and it is perfect and really what I needed, but there are a few things I am not able to solute for myself and where I have ( in my opinion ) ugly workarounds that should be able to be done a lot smoother.

Replies inline !

 

1.) Merging Variables per Playbook

• I know that merging variables is possible with editing ansible.cfg
• I know, that a lot of playbooks do not use this behavior so enabling it could create problems

It's not really going to cause any problems, but it's more confusing than it's worth for most people new to ansible - and most people don't need it.

 

• Is it somehow possible to create it just for my own playbooks?

It's set in ansible.cfg as "hash_merge_behavior". 

• Reason:
• All my variables are build like this: 
• bbnetz.PLAYBOOK.packages.[nano, screen, curl, ...] ( for example ) set in the vars folder per distribution/version
• bbnetz.PLAYBOOK.settings.[database.*, vhost, defaultUser, ... ] set in the defaults folder and also in my host_vars.

Just as a workaround: I just renamed the bbnetz.PLAYBOOK.packages to bbnetz_packages.PLAYBOOK, but this is not as clean as I would like to have it.

2.) Creating Runtime variables

This is my set up:

• I tried to setup a PHP-FPM setup with different ports 
• I created for each php-fpm vhost a file in /etc/php5/fpm/pool.d/ and name it HOSTNAME_PORTNUMBER where portnumber is 9000 + i.
• And here is where this ends. I am not able to figure out what my i is or how to add it to 9000.

Look into the "set_fact" module for exactly this.

- set_fact: 

      x: "{{ ((x|int) + 1) }}"

I'm being a little paranoid with the int casting, in case you have it as a string somewhere.

Etc.

 

Just as workaround: I am working with PHP-FPM over Sockets for the moment...

3.) Git Module and owners

This is one of my settings:

• I am connected as user bbringenberg to my test server
• I create a new user named openproject and want to create the github repo from openproject in /home/openproject as user openproject.
• There is no attribute owner/group so this is not possible =(.

There's a better approach here.   You could "sudo_user: username" to that user and check that thing out as you.

You could also just set this after the fact, but it's cleaner to do the other.   This is the same reason the git command itself does not have owner and group modes.

 

• I am also not able to configure the user for a new connection in my vars file

I'm not sure what this part means.

 

Just as a workaround: I am creating a copy of the gitrepo for the moment and set the new owner there.

4.) How are you working with SSL Certs?

• The last of my problems is, that I am not sure how to deploy SSL Certs
• I could add them to my host_vars file, but that would make it really huge and as my configuration is in a locale git it would not make it any more secure...
• I need to deploy them as files with gitignore or so...
• How are you doing this?

I'll let other people answer this part...

 

Thanks for your help and have a very nice evening,

You are welcome!  Hope the above helps!

 

Greetings from Ruhrarea, Germany,

Bastian

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/79b95ecd-61ad-4252-93f9-34e3f5266a53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Bastian Bringenberg]

Hey Michael,

thank you very much for your help! With those Informations I am able to do all the jobs I currently needed to do =). 

Have a nice day,

Bastian