Host-based files and templates

[ProfHase]

Is there a feature in Ansible for host-based files/templates directory?

In my actual setup i am keeping track of it manually (on playbook level there is a files/ directory with one directory for {{ inventory_hostname }} .

Nicer would be the same mechanism as host_vars / group_vars . Sometimes vars are not sufficient (for example the monitoring configuration differs too much between the machines).

Would it be worth a feature request?

Regards Ilya

[Michael Peters]

If your monitoring configuration differs too much between machines, I
think you might be doing it wrong. I can definitely understand how it
would be different per group/role (db vs web, etc) but how would it
differ between machines of the same role?

> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/d3e4e8df-1d8d-4877-9b9b-56d44b01c94b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Brian Coca]

Most users use variables to handle the per host differences vs full templates.



--
Brian Coca

[ProfHase]

The most actual case with my configuration is: I have multiple machines with the same apache configuration (application) except for ssl certificates. Would one put the whole certificate into a variable (looks strange to me)?

@Michael Peters:
I am using monit for monitoring. And depending on machine there are completely different services to monitor. I could also do multiple roles like 'monit_webservice' , 'monit_db', 'monit_application_a', 'monit_application_b' for just one configuration file. .... this would mean a certain amount of duplication and it seems odd in terms of clarity. Also some applications do not support a 'conf.d/' style. In my actual setup i can see on a per-machine basis which services are monitored.

[Brian Coca]

you can put the list of certificates per host/app in a variable and
then just reference that variable to copy the certs and reference them
from the configs.

I really don't understand the comment about needing a conf.d when you
have multiple functions to apply to a file, that is easily handled
within a template.


--
Brian Coca

[Michael Peters]

On Mon, Feb 9, 2015 at 10:55 AM, ProfHase <profh...@gmail.com> wrote:

> @Michael Peters:
> I am using monit for monitoring. And depending on machine there are
> completely different services to monitor. I could also do multiple roles
> like 'monit_webservice' , 'monit_db', 'monit_application_a',
> 'monit_application_b' for just one configuration file. .... this would mean
> a certain amount of duplication and it seems odd in terms of clarity. Also
> some applications do not support a 'conf.d/' style. In my actual setup i can
> see on a per-machine basis which services are monitored.

You don't need a whole role for each config file. If you have a
webservice role, have that role depend on the monit role. The monit
role will make sure that monit is installed and configured globally.
And then the webservice role would add the extra monit configuration
file that is specific for webservices. And you can repeat this same
pattern for other things like rsyslog, statsd, collectd, etc.

And you're right that some applications don't do the conf.d/ pattern
so you need to do extra work to get around that. But still in those
cases you get around that in role-specific ways, not host specific
ways. I still think that if you need host specific files and
templates, something is probably wrong.

[ProfHase]

Thanks a lot, great idea for my poor design :) (did not have the role dependencies in mind).

Do you have any idea what to do about the machine-specific ssl-certificates?

Thanks, Ilya

[Michael Peters]

On Mon, Feb 9, 2015 at 12:18 PM, ProfHase <profh...@gmail.com> wrote:

> Do you have any idea what to do about the machine-specific ssl-certificates?

Again, I can't think of a valid "machine-specific" ssl certificate
case. It should be based on roles, right? But I liked Brian Coca's
ealier comment about putting the names of the files in a variable and
then using that variable to determine what to deploy.

[ProfHase]

No, a certificate is always machine-specific. Multiple machines may have the same role, like "webapplicationA". this application may run on different hosts like (mytestapplication.com, myprodapplication.com, etc). Everything stays equal except for the certificate, which is a machine parameter.

[Mirko Friedenhagen]

Hello,

when you have an active/passive approach or use IP based load
balancing (e.g. round robin) for a service you may want to use the
same SSL certificate on all machines.

Regards
Mirko
Regards Mirko
--
http://illegalstateexception.blogspot.com/
https://github.com/mfriedenhagen/ (http://osrc.dfm.io/mfriedenhagen)
https://bitbucket.org/mfriedenhagen/

> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit

> https://groups.google.com/d/msgid/ansible-project/e5212cde-e8a8-44c9-9c42-37a03fef37d9%40googlegroups.com.