group_vars values overriden for repeating servers

[Manoj Badam]

Hi Team,

I'm a newbie to ansible, trying to complete this project for opening firewall ports. Below is my project structure

| - group_vars

|     - dbserver

|     - webserver

|     - applicationserver

| - host_vars

| - roles

|    - Common

|       - files

|          - app.app

|       - handlers

|          - main.yml

|       - tasks

|          - main.yml

| - hosts

| - site.yml

Contents of /hosts

[dbserver]

host1 ansible_ssh_host=10.10.10.1

host2 ansible_ssh_host=10.10.10.2

[webserver]

host2 ansible_ssh_host=10.10.10.2

host3 ansible_ssh_host=10.10.10.3

[applicationserver]

host1 ansible_ssh_host=10.10.10.1

host3 ansible_ssh_host=10.10.10.3

Contents of /group_vars/dbserver

---

firewallports: 

    - 27017

    - 6379

Contents of /group_vars/webserver

---

firewallports: 

    - 80

Contents of /group_vars/applicationserver

---

firewallports: 

   - 8080 

Contents of /roles/common/tasks/main.yml

---

  - name: add ports to the firewall          

    firewalld: port={{ item }} permanent=true zone=work state=enabled

    with_items: "{{ firewallports }}" 

Here i have host2 available on both dbserver and webserver groups and im expecting it open both the ports of dbserver (port - 27017 , 6379) and webserver (port - 80) group related. But only one among them is working, not both. 

Is there a way i can open multiple ports on the same host using group_vars.

Thanks

Manoj Badam

[Dejay Clayton]

On Monday, April 18, 2016 at 2:38:32 PM UTC-4, Manoj Badam wrote:

Is there a way i can open multiple ports on the same host using group_vars.

How are you invoking the playbook?  Just because a host is in two groups, doesn't mean it will execute the logic for both groups. 

[Johannes Kastl]

On 12.05.16 22:39 Dejay Clayton wrote:

> How are you invoking the playbook? Just because a host is in two groups,
> doesn't mean it will execute the logic for both groups.

The problem is that the list called firewallports gets overwritten by
whatever vars file is processed last.

For example, first it gets set to list from databases var file, then
to webserver list.

I do not know if it is possible to tell ansible to add lists together
automatically.

Quick and dirty: I would name the lists differently, and duplicate the
task:

- name: add database ports to the firewall

firewalld: port={{ item }} permanent=true zone=work state=enabled

with_items: "{{ db_firewallports }}"
when: db_firewallports is defined

- name: add webserver ports to the firewall

firewalld: port={{ item }} permanent=true zone=work state=enabled

with_items: "{{ web_firewallports }}"
when: web_firewallports is defined

Or join all lists together before the task into another list:
set_fact: firewallports= db_firewallports + web_firewallports
(or something in this manner)

Johannes

[Dejay Clayton]

On Friday, May 13, 2016 at 4:32:31 PM UTC-4, Johannes Kastl wrote:

The problem is that the list called firewallports gets overwritten by
whatever vars file is processed last.

This behavior seems like it was changed recently, when the default in ```ansible.cfg``` changed from ```hash_behavior=merge``` to ```hash_behavior=replace```.

Changing the value back to ```merge``` seems to work for many circumstances, but beware some caveats that were documented here:

https://groups.google.com/forum/#!topic/ansible-project/cDWcbgJz1Hs

Ansible makes me want to go back to Bash-based deployments. 

[Brian Coca]

The default has always been replace.

----------

Brian Coca