June 24, 2024


My Anti-Drug Is Computer

Ansible variables: choosing the right location

Ansible variables: choosing the right location

Defining variables for your Ansible playbooks and roles can become tough as your job grows.

Browsing the Ansible documentation, the variety of Ansible variables site is complicated, to say the minimum:

  1. command line values (for case in point, -u my_user, these are not variables)
  2. job defaults (outlined in part/defaults/primary.yml)
  3. inventory file or script group_vars
  4. stock team_vars/all
  5. playbook team_vars/all
  6. inventory team_vars/*
  7. playbook group_vars/*
  8. inventory file or script host_vars
  9. stock host_vars/*
  10. playbook host_vars/*
  11. host info / cached set_details
  12. enjoy vars
  13. participate in vars_prompt
  14. participate in vars_files
  15. job vars (outlined in purpose/vars/principal.yml)
  16. block vars (only for tasks in block)
  17. job vars (only for the task)
  18. include things like_vars
  19. set_info / registered vars
  20. function (and consist of_role) params
  21. involve params
  22. added vars (for illustration, -e "user=my_consumer")(always earn precedence)

There are 22 diverse areas wherever to shop your variables! As your code evolve and become far more complicated, it can get messy.

Outline your possess subset of variables areas

The straightforward way

Whenever you assume of a variable, it should really be obvious wherever it is described. If not, it’s possible you are spreading your variables in way too several destinations. Begin with anything basic, for instance obtaining only 2 destinations in which your variables can be defined:

  1. purpose defaults (outlined in role/defaults/key.yml)
  2. purpose (and include_job) params

roles/serviceA/default.yml: this file defines all variables needed by the part, with some default values. Notice how we can remark variables that are required, but for which we never want to present any default worth. By executing that, we are documenting just about every variable the role demands.

servicea_log_dir: /var/log/servicea

servicea_autorestart: indeed

serviceA.yml: this file is the playbook in which the function is identified as. We set our customized configuration there.

- hosts: groupa
  - role: serviceA
      servicea_consumer: gollum
      servicea_autorestart: no

We selected 2 locations for our task: job defaults, et purpose params. It’s easy to know where to come across our variable. It need to work in most predicaments.

A far more generic way

Let us have a further subset of destinations.

  1. part defaults (described in part/defaults/primary.yml)
  2. stock team_vars/*

roles/serviceA/default.yml: part defaults, outlined in the similar as the prior example.

servicea_log_dir: /var/log/servicea

servicea_autorestart: certainly

inventory/group_vars/servicea.yml: these variables are likely to be affiliated with the group known as servicea

servicea_user: gollum
servicea_autorestart: no

It is then required to associate correctly the position to the hosts exactly where you have defined the variables (reminder: at runtime, variables are in the finish involved with a host: there is no teams or function default, only host variables). The playbook:

- hosts: servicea
  - position: serviceA

Now let us say we want to have various roles, servicea and serviceb, to operate on a single team termed for example employee. We could produce the personalized configuration for each products and services (servicea and serviceb) in a one file: stock/team_vars/employee.yml but then it is genuinely not clear wherever to come across your customized variables.

Instead, we can have 1 group for each service, so 1 configuration file per company in the team_vars folder (servicea.yml and serviceb.yml). We then associate the worker hosts to the group of our distinctive solutions. inventory/hosts:




A completely wrong way

Let us just get the 2 earlier examples and combine them. We select 3 places:

  1. purpose defaults (defined in purpose/defaults/primary.yml)
  2. inventory team_vars/*
  3. function (and incorporate_job) params

Let’s say we want to modify servicea_log_dir variable. We are not able to modify the role defaults variable, as we want our individual tailor made value. Now do we transform it in the team_vars or in the purpose params? Each operate, and there is no way to determine out which area you would decide on, unless of course there is a distinct logic driving it. This is not proper and we want to maintain issues straightforward.

Believe gitops

When selecting the few spots to use, consider about what effect it will have on your code versionning.

The gitops methodology might assist you out. In small, you want to break up your code in 2 repositories: your code repository, and your ops repository.

Implementing it to Ansible, your code repository is in which you edition your roles or your Ansible collections. Your ops repository is the place you version anything precise to an instance of your code namely your inventory and custom made variables.

When working with the basic way, you will have to edition your playbooks in your ops repository, as they incorporate your personalized variables. When utilizing the second process we described, where each individual personalized variable is in the inventory group vars, you can version only the stock in your ops repository.

What matters is that it must be doable to break up the generic code and the properties that are appropriate to an instance. For illustration, storing customized variables in the vars folder of a position (eg. roles/servicea/vars/most important.yml) is not correct.

If you consider of any variable and know for confident the place it has been defined, then you are probaly carrying out points suitable.