ansible devops codestyle
Hey! My name is Denis Kalyuzhny and I work as an engineer in the development process automation department. Every day, new builds of apps are rolled out on hundreds of campaign servers. And in this article I share my experience of using Ansible for these purposes.
This guide provides a way to organize variables in a deployment. This guide is designed for those who already use roles in their playbooks and read BestPractices , but face similar problems:
- Having found a variable in the code, it is impossible to immediately understand what it is responsible for;
- There are several roles, and variables need to be bound by the same value, but nothing works;
- There are difficulties in explaining to others how the logic of variables in your playbooks works
We faced these problems on projects in our company, as a result of which we came to the rules for the design of variables in our playbooks, which to some extent solved these problems.
Variables in roles
A Role is a separate Object of the deployment system. Like any system object, it must have an interface for interacting with the rest of the system. This interface is role variables.
, , api, Java . ?
2 :
1.
a)
)
2.
a)
)
)
— , .
— , , , .
— , , .
, 1, 2, 2 — , (, ..) defaults . 1. 2. 'example' , .
Code style
- . , .
- , , .
. Ansible .
:
myrole_user: login: admin password: admin
login — , password — .
,
. . :
myrole_user_login: admin myrole_user_password: admin
( ), , . , : git . , — , . .
, , : .
mydeploy #
├── deploy.yml #
├── group_vars #
│ ├── all.yml #
│ └── myapi.yml # myapi
└── inventories #
└── prod # prod
├── prod.ini #
└── group_vars #
└── myapi #
├── vars.yml # myapi
└── vault.yml # ( ) *, , . , , . , , , .
, , .
, .
, , SSL , SSL . , , .
1, 2 Java , .
, :
- hosts: myapi
roles:
- api
- hosts: bbauth
roles:
- auth
- hosts: ghauth
roles:
- auth, group_vars , . , . . : .
Code Style
- host_vars , , , : " ?", .
, , ?
, .
:
hostvars[groups['bbauth'][0]]['auth_bind_port'],
. -, . -, . -, , .
.
— , , .
group_vars/all/vars , .
.
:
, , :
# roles/api/defaults:
#
api_auth1_address: "http://example.com:80"
api_auth2_address: "http://example2.com:80"
# roles/auth/defaults:
#
auth_bind_port: "20000" group_vars/all/vars , :
# group_vars/all/vars
bbauth_auth_bind_port: "20000"
ghauth_auth_bind_port: "30000"
# group_vars/bbauth/vars
auth_bind_port: "{{ bbauth_auth_bind_port }}"
# group_vars/ghauth/vars
auth_bind_port: "{{ ghauth_auth_bind_port }}"
# group_vars/myapi/vars
api_auth1_address: "http://{{ bbauth_auth_service_name }}:{{ bbauth_auth_bind_port }}"
api_auth2_address: "http://{{ ghauth_auth_service_name }}:{{ ghauth_auth_bind_port }}", , , , .
Code Style
- , , , , .
, .
SSL-.
. .
, api_ssl_key_file: "/path/to/file".
, , ,
group_vars/myapi/vars , ' '.
files/prod/certs/myapi.key, :
api_ssl_key_file: "prod/certs/myapi.key". , , . , .
. , , . . .
group_vars, .
:
mydeploy #
├── deploy.yml #
├── files #
│ ├── prod # prod
│ │ └── certs #
│ │ └── myapi.key #
│ └── test1 # test1
├── group_vars #
│ ├── all.yml #
│ ├── myapi.yml # myapi
│ ├── bbauth.yml #
│ └── ghauth.yml #
└── inventories #
├── prod # prod
│ ├── group_vars #
│ │ ├── myapi #
│ │ │ ├── vars.yml # myapi
│ │ │ └── vault.yml # ( )
│ │ ├── bbauth #
│ │ │ ├── vars.yml #
│ │ │ └── vault.yml #
│ │ └── ghauth #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ └── prod.ini # prod
└── test # test
├── group_vars #
│ ├── myapi #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ ├── bbauth #
│ │ ├── vars.yml #
│ │ └── vault.yml #
│ └── ghauth #
│ ├── vars.yml #
│ └── vault.yml #
├── test1.ini # test1 test
└── test2.ini # test2 test: . , . , , , .
, , . .
. , .