A systematic approach to variables in Ansible

ansible devops codestyle



Hey! My name is Denis Kalyuzhny and I work as an engineer in the development process automation department. Every day, new builds of apps are rolled out on hundreds of campaign servers. And in this article I share my experience of using Ansible for these purposes.



This guide provides a way to organize variables in a deployment. This guide is designed for those who already use roles in their playbooks and read BestPractices , but face similar problems:



  • Having found a variable in the code, it is impossible to immediately understand what it is responsible for;
  • There are several roles, and variables need to be bound by the same value, but nothing works;
  • There are difficulties in explaining to others how the logic of variables in your playbooks works


We faced these problems on projects in our company, as a result of which we came to the rules for the design of variables in our playbooks, which to some extent solved these problems.



image



Variables in roles



A Role is a separate Object of the deployment system. Like any system object, it must have an interface for interacting with the rest of the system. This interface is role variables.



, , api, Java . ?



image



2 :



1. 
    a)   
    )   
2. 
    a)  
    )   
    )   


— , .



— , , , .



— , , .



, 1, 2, 2 — , (, ..) defaults . 1. 2. 'example' , .



Code style



  • . , .
  • , , .
  • . Ansible .



    :



    myrole_user:
        login: admin
        password: admin


    login — , password — .

    ,

    . . :



    myrole_user_login: admin
    myrole_user_password: admin






( ), , . , : git . , — , . .



, , : .



mydeploy                        #  
├── deploy.yml                  #  
├── group_vars                  #   
│   ├── all.yml                 #      
│   └── myapi.yml               #     myapi
└── inventories                 #
    └── prod                    #   prod
        ├── prod.ini            #  
        └── group_vars          #    
            └── myapi           #
                ├── vars.yml    #    myapi
                └── vault.yml   #  ( ) *


* — Variables and Vaults



, , . , , . , , , .



, , .



, .



, , SSL , SSL . , , .





1, 2 Java , .



image



, :



- hosts: myapi
  roles:
    - api

- hosts: bbauth
  roles:
    - auth

- hosts: ghauth
  roles:
    - auth


, group_vars , . , . . : .



Code Style



  • host_vars , , , : " ?", .




, , ?

, .



:

hostvars[groups['bbauth'][0]]['auth_bind_port'],

. -, . -, . -, , .



.



— , , .



group_vars/all/vars , .



.



:



image



, , :



# roles/api/defaults:
#  
api_auth1_address: "http://example.com:80"
api_auth2_address: "http://example2.com:80"

# roles/auth/defaults:
#  
auth_bind_port: "20000"


group_vars/all/vars , :



# group_vars/all/vars
bbauth_auth_bind_port: "20000"
ghauth_auth_bind_port: "30000"

# group_vars/bbauth/vars
auth_bind_port: "{{ bbauth_auth_bind_port }}"

# group_vars/ghauth/vars
auth_bind_port: "{{ ghauth_auth_bind_port }}"

# group_vars/myapi/vars
api_auth1_address: "http://{{ bbauth_auth_service_name }}:{{ bbauth_auth_bind_port }}"
api_auth2_address: "http://{{ ghauth_auth_service_name }}:{{ ghauth_auth_bind_port }}"


, , , , .



Code Style



  • , , , , .




, .



SSL-.

. .



, api_ssl_key_file: "/path/to/file".



, , ,

group_vars/myapi/vars , ' '.





files/prod/certs/myapi.key, :

api_ssl_key_file: "prod/certs/myapi.key". , , . , .











. , , . . .



group_vars, .









:



mydeploy                        #  
├── deploy.yml                  #  
├── files                       #    
│   ├── prod                    #      prod
│   │   └── certs               # 
│   │       └── myapi.key       #
│   └── test1                   #      test1
├── group_vars                  #   
│   ├── all.yml                 #      
│   ├── myapi.yml               #     myapi
│   ├── bbauth.yml              # 
│   └── ghauth.yml              #
└── inventories                 #
    ├── prod                    #   prod
    │   ├── group_vars          #    
    │   │   ├── myapi           #
    │   │   │   ├── vars.yml    #    myapi
    │   │   │   └── vault.yml   #  ( )
    │   │   ├── bbauth          # 
    │   │   │   ├── vars.yml    #
    │   │   │   └── vault.yml   #
    │   │   └── ghauth          #
    │   │       ├── vars.yml    #
    │   │       └── vault.yml   #
    │   └── prod.ini            #   prod
    └── test                    #   test
        ├── group_vars          #
        │   ├── myapi           #
        │   │   ├── vars.yml    #
        │   │   └── vault.yml   #
        │   ├── bbauth          #
        │   │   ├── vars.yml    #
        │   │   └── vault.yml   #
        │   └── ghauth          #
        │       ├── vars.yml    #
        │       └── vault.yml   #
        ├── test1.ini           #   test1   test
        └── test2.ini           #   test2   test




: . , . , , , .



, , . .



. , .












All Articles