Last night, I met up with my friend Tim Dobson to talk about Ansible. I’m not an expert, but I’ve done a lot of Ansible recently, and he wanted some pointers.
He already had some general knowledge, but wanted some pointers on “other things you can do with Ansible”, so here are a couple of the things we did.
- If you want to set certain things to happen as “Production” and other things to happen as “Pre-production” you can either have two playbooks (e.g. pre-prod.yml versus prod.yml) which call certain features… OR use something like this:
---
- hosts: localhost
tasks:
- set_fact:
my_run_state: "{% if lookup('env', 'runstate') == '' %}{{ default_run_state|default('prod') }}{% else %}{{ lookup('env', 'runstate')|lower() }}{% endif %}"
- debug: msg="Doing prod"
when: my_run_state == 'prod'
- debug: msg="Doing something else"
when: my_run_state != 'prod'
With this, you can define a default run state (prod), override it with a group or host var (if you have, for example, a staging service or proof of concept space), or use your Environment variables to do things. In the last case, you’d execute this as follows:
runstate=preprod ansible-playbook site.yml - You can tag almost every action in your plays. Here are some (contrived) examples:
---
- name: Get facts from your hosts
tags: configure
hosts: all
- name: Tell me all the variable data you've collected
tags: dump
hosts: localhost
tasks:
- name: Show data
tags: show
debug:
var=item
with_items: hostvars
When you then run
ansible-playbook test.yml --list-tagsYou get
playbook: test.ymlplay #1 (all): Get facts from your hosts TAGS: [configure]
TASK TAGS: [configure]play #2 (localhost): Tell me all the variable data you've collected TAGS: [dump]
TASK TAGS: [dump, show]Now you can run
ansible-playbook test.yml -t configureoransible-playbook test.yml --skip-tags configureTo show how useful this can be, here’s the output from the “–list-tags” I’ve got on a project I’m doing at work:
playbook: site.ymlplay #1 (localhost): Provision A-Side Infrastructure TAGS: [Functional_Testing,A_End]
TASK TAGS: [A_End, EXCLUDE_K5_FirewallManagers, EXCLUDE_K5_Firewalls, EXCLUDE_K5_Networks, EXCLUDE_K5_SecurityGroups, EXCLUDE_K5_Servers, Functional_Testing, K5_Auth, K5_FirewallManagers, K5_Firewalls, K5_InterProjectLinks, K5_Networks, K5_SecurityGroups, K5_Servers]play #2 (localhost): Provision B-Side Infrastructure TAGS: [Functional_Testing,B_End]
TASK TAGS: [B_End, EXCLUDE_K5_Firewalls, EXCLUDE_K5_Networks, EXCLUDE_K5_SecurityGroups, EXCLUDE_K5_Servers, Functional_Testing, K5_Auth, K5_FirewallManagers, K5_Firewalls, K5_InterProjectLinks, K5_Networks, K5_SecurityGroups, K5_Servers]play #3 (localhost): Provision InterProject Links - Part 1 TAGS: [Functional_Testing,InterProjectLink]
TASK TAGS: [EXCLUDE_K5_InterProjectLinks, Functional_Testing, InterProjectLink, K5_InterProjectLinks]play #4 (localhost): Provision InterProject Links - Part 2 TAGS: [Functional_Testing,InterProjectLink]
TASK TAGS: [EXCLUDE_K5_InterProjectLinks, Functional_Testing, InterProjectLink, K5_InterProjectLinks]play #5 (localhost): Provision TPT environment TAGS: [Performance_Testing]
TASK TAGS: [EXCLUDE_K5_FirewallManagers, EXCLUDE_K5_Firewalls, EXCLUDE_K5_Networks, EXCLUDE_K5_SecurityGroups, EXCLUDE_K5_Servers, K5_Auth, K5_FirewallManagers, K5_Firewalls, K5_InterProjectLinks, K5_Networks, K5_SecurityGroups, K5_Servers, Performance_Testing, debug]This then means that if I get a build fail part-way through, or if I’m debugging just a particular part, I can run this:
ansible-playbook site.yml -t Performance_Testing --skip-tags EXCLUDE_K5_Firewalls,EXCLUDE_K5_SecurityGroups,EXCLUDE_K5_Networks