group_vars and limits

[paul.zi...@ecofactor.com]

Background

We use ansible for all our automated deployments, and have had success in managing separate environment configuration using group vars. Our inventories (running locally and also on ansible tower) have hosts belonging to groups based on application and environment -- for example, we might run something like this:

ansible-playbook -i inventories/non-prod -l'env-qa:&backend' backend/deploy.yml

... to deploy to all hosts belonging to the backend group and the env-qa group, and to pull in config values from group_vars/env-qa.

Recently we've decided to use a single cluster of machines for deploying applications which belong to different environments - for example, with apps like Storm, you can run two different qa environments on the same cluster. Where we're running into problems is that even if we set the limit flag on ansible-playbook to 'env-qa-1', we're still getting all the variables belonging to 'env-qa-2' when we actually run the playbook. I've simplified this below.

Files:

inventories/test

[group-a]
host1

[group-b]
host1

[app]
host1

group_vars/group-a

---
base_directory: /opt/app/a/

group_vars/group-b

---
base_directory: /opt/app/b/

test/test.yml

---
- name: test script
  hosts: all
  tasks:
    - debug: msg="deploying to {{ base_directory }}"

ansible-playbook commands:

$ ansible-playbook -i inventories/test -l'app:&group-a' test/test.yml


PLAY [test script] ************************************************************


GATHERING FACTS ***************************************************************
ok: [host1]


TASK: [debug msg="deploying to {{base_directory}}"] **********
ok: [host1] => {
    "msg": "deploying to /opt/app/b/"
}


PLAY RECAP ********************************************************************
host1             : ok=2    changed=0    unreachable=0    failed=0  


$ ansible-playbook -i inventories/test -l'app:&group-b' test/test.yml


PLAY [test script] ************************************************************


GATHERING FACTS ***************************************************************
ok: [host1]


TASK: [debug msg="deploying to {{base_directory}}"] **********
ok: [host1] => {
    "msg": "deploying to /opt/app/b/"
}


PLAY RECAP ********************************************************************
host1             : ok=2    changed=0    unreachable=0    failed=0  

expected behavior:

limiting to group-a returns

"msg": "deploying to /opt/app/a/"

actual behavior:

limiting to group-a returns

"msg": "deploying to /opt/app/b/"

In every other case where we've set a limit, ansible has pulled in the proper group_vars file. Am I crazy to assume that limiting an inventory to a particular group also limits the group_vars/ files ansible loads? I can't think of a reason why you'd want other files (besides all) from group_vars/ loaded if you've explicitly limited the inventory to a particular group.

Is there a better way of going about this?

[Michael DeHaan]

This question has been asked on this forum quite a few times this week.   Search for "--limit" among recent posts if you don't mind.

Thanks!

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/52a4f118-550b-445d-b544-7167c3fcc095%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[paul.zi...@ecofactor.com]

I found one post which was somewhat similar, which mentioned doing what I've come up with to address this in the meantime (passing in an extra var which will get run by an include_vars task) but it seems kind of silly to add that to the beginning of every task list when it could be more simply handled by --limit, not to mention redundant in having to set the exact same environment name for both limit and extra_vars when running an ansible tower job template.

But it'll definitely work. Appreciate your time.

[Michael DeHaan]

It's not silly, so much as --limit doing what it says it is supposed to do.

However, see my proposal about --limit setting a default and being able to also set "limit: all" on some tasks, such that it's possible to control the limit per play, and only have --limit pass it in for some.

I think that's what we need to do.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f950c2da-e1f5-4fa6-b063-c8cbcbd4cd63%40googlegroups.com.