Multi-cloud deployment, use site.yml or --extra-vars
178 views
Skip to first unread message
Roman Valls
Jun 23, 2014, 8:41:48 AM6/23/14
to ansible...@googlegroups.com
Hello Ansible-Project,
I would like to know which best practices are there when it comes to deploying a playbook to several different cloud providers (mainly AWS and GCE now, but more might come later).
More specifically, which one feels more natural to you:
ansible-playbook site.yml --extra-vars "cloud_provider=aws aws_access_key=..."
ansible-playbook site.yml --extra-vars="cloud_provider=gce gce_service_email=..."
Which follows ansible docs on Best Practices...
... or the following, shorter version instead?
ansible-playbook aws.yml --extra-vars "aws_access_key=..."
ansible-playbook gce.yml --extra-vars="gce_service_email=..."Here's the original GitHub discussion that triggered this email, thanks Michael DeeHann for pointing this google group:
Thanks in advance,
Roman
Michael DeHaan
Jun 23, 2014, 10:12:24 AM6/23/14
to ansible...@googlegroups.com
I'd probably keep the provisioning playbooks seperate and then have them include the configuration portion using the usual "add_host" handoff.
Also I should point out
--extra-vars @from_file.yml
is an option
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/73665fe0-d3c7-43aa-970b-e6de8a40f15b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Roman Valls
Jun 23, 2014, 12:17:51 PM6/23/14
to ansible...@googlegroups.com
Thanks Michael,
I see, so you would go for the second option and implement the add_host trick described here? Clever:
The inline extra-vars are meant to have things like aws_access_key and other sensitive tokens away from potentially public version-controlled files.
In the future we might check if those are on, for instance, $HOME/.botorc instead of having them in a .yml file in our playbook, just one commit away from being published in the open.
Thanks again!
Roman
Paolo
Jun 23, 2014, 12:28:01 PM6/23/14
to ansible...@googlegroups.com
Just a note: we already use add_host in the way Michael said.
F.i. we first launch a EC2 instance, then add its public IP to the Ansible host file using add_host module:
Paolo
Michael DeHaan
Jun 23, 2014, 2:05:03 PM6/23/14
to ansible...@googlegroups.com
"The inline extra-vars are meant to have things like aws_access_key and other sensitive tokens away from potentially public version-controlled files."
That makes sense, though if you want to keep them private, also consider ansible-vault (and maybe not keeping them in source control paths) if you want.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1c5df81e-804c-40d0-a643-37001686d6c6%40googlegroups.com.
Roman Valls
Jun 24, 2014, 9:10:38 AM6/24/14
to ansible...@googlegroups.com
Thanks Michael for the ansible-vault insight, I knew of its existence but never used it ... yet.
Anyhow, Paolo has a point there, we already use add_host handoff in our playbook, what I guess you meant is that we should call the actual "application payload" (in our case, docker containers):
At the end of each cloud instantiation:
Perhaps via a simple "include" at the end of the {ec2|gce}_instance?
Thanks!
Roman
Reply all
Reply to author
Forward
0 new messages