Need suggestion on our setup

18 views
Skip to first unread message

Sander Mol

unread,
Nov 10, 2020, 8:22:48 AM11/10/20
to Ansible Project
Hi

I currently notice some problems without role structure in Ansible and think that we might not have defined a logical separation of responsibility of the roles. Currently, two scenarios do not work smoothly, indicating a structure-smell.

Our roles are currently separated by their specific functionality. Example, we have "jump-server" and "backup" as roles. These have their own tasks which will setup all dependencies that are needed to get to the result of, for example, a "backup" server.

Now, it can happen that a specific role does overwrite or extend a task that is already defined in the "common" role. For example, the "SSHD" config can be overwritten or the "authorized_keys" can be extended.

In both of these cases, I would have the problem the "common" role always resetting the state of the specialized role. Thus always resulting in "changed", whereas the summation state (summation of all the roles on the server) is actually already present.

This makes me think that defining modules in multiple places where they have a cross-over, should be avoided.

My question is: did you experience this same issue and what directions would you suggest for this? I hope my question makes sense as it quite hard to explain as it might be a underlying structural problem of how we have set it up.

Something that could fix this, is maybe by hosts specific variables and to only apply it once (so define the module once). As this answer kind of shows https://stackoverflow.com/a/55670416/2491420

Javi Legido

unread,
Nov 10, 2020, 8:31:29 AM11/10/20
to ansible...@googlegroups.com
Hi there.

My 5 cents here. Have a deeper look at below concepts:

a) Inventory. Is tricky but powerful. I like to play with overwritting variables depending where you place them.
b) Meta. Kind of dependencies. Are triggered by a role. For example the role "wordpress" can have a meta indicating to trigger the role "mariadb".

Cheers.




--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f1486ca1-76c3-4bda-aed0-03839a892373n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages