Ansible AWX and gitlab integration

[Kimmo L.]

Hello All!

Hopefully it is right place to as this, but im planning to move all my local playbooks, roles and inventory to gitlab and sync them with Ansible AWX. Does anyone have any guidence, recommendations or best practices how to build up the gitlab repo side - will i add all the local /etc/ansible folder content into one gitlab repo or should i divide them into different sub repos (each role in separate git project)?

Br,

Kimmo

[John Westcott]

There are a lot of different options you have available to you when putting your content into a source control manager. It is very common for roles to be put into separate repositories so that they can be managed individually (i.e. who can read and who can write to them).  The same may hold true for playbooks; you may want a repository per person or per group or per organization or even just one. An AWX project will be tied to a single GitLab project and AWX also has its own roles through its Roles Based Access Controls. So again, depending on how access to your content needs to be setup and managed may determine if you have one giant repo or multiple repos (which would give you multiple projects in AWX with their own RBACs). In a GitLab project you can add a requirements file to pull in collections and roles as needed. In addition, there are now also execution environments which would enable you to bundle all of your standard roles and collections into a specific environment which AWX can be used to run your playbooks.

As you can see there are several options to take and best option is likely whatever works for you now. In the future, as you use the product and grow your automation, you may find you needs change and evolve.

How do other people feel about this? Anyone want to share how they manage their content in an SCM and the pros/cons of it?

Kimmo, please let us know what you try and how it works for you. Also, let us know if you have any more follow up questions.

-John

https://docs.ansible.com/ansible-tower/latest/html/administration/external_execution_envs.html

https://docs.ansible.com/ansible-tower/latest/html/userguide/projects.html#ansible-galaxy-support

https://docs.ansible.com/ansible-tower/latest/html/userguide/projects.html

--
You received this message because you are subscribed to the Google Groups "AWX Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to awx-project...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/ab7a0d5b-39e2-47d6-9e84-7a19fed6c227n%40googlegroups.com.

[Arlan Lloyd]

Create catalog that will definite and categorize projects.  

https://backstage.io/docs/overview/what-is-backstage

Separate projects for application code (artifact is a binary/container/etc) and deployment code (artifact is a deployment to vm/k8s/etc).  

https://argo-cd.readthedocs.io/en/stable/user-guide/best_practices/#separating-config-vs-source-code-repositories

For AWX, I really enjoy taking the monorepo approach.  My lab takes that approach and has functional examples for how to leverage Gitlab pipelines, AWX, and Terraform together.  

https://gitlab.com/acelinkit/monopipeline

-Arlan

[Kimmo L.]

Thanks for the answers and different thoughts.

Because we have only one team, who will manage ansible playbooks/configuration, then im also thinking about using the monorepo approach - structurally something like this:

https://github.com/enginyoyen/ansible-best-practises

We have like 15-30 playbooks at the moment and create a separately subproject for every playbook seems to much work. 

But on the development side, I understand why it's a good idea. Also on AWX side, you only have to re-sync specific project only.

Need to think this through a little more and consider the future as well.

-Kimmo

[Wei-Yen Tan]

The other thing you also have to consider is if you have a lot of roles in the  external requirements.yml file. If you have it to refresh at execution time it will try to download all roles again. That means every single role being downloaded at every job run. 

Food for thought. 

Get Outlook for iOS

---

From: awx-p...@googlegroups.com <awx-p...@googlegroups.com> on behalf of Kimmo L. <klil...@gmail.com>
Sent: Thursday, December 16, 2021 1:31:09 AM
To: AWX Project <awx-p...@googlegroups.com>
Subject: Re: [awx-project] Ansible AWX and gitlab integration

 

To view this discussion on the web visit https://groups.google.com/d/msgid/awx-project/da40e6dd-b5c3-4872-b999-8725a9f4f160n%40googlegroups.com.