Dynamic inventories and variables best practices.

Archives Ansible Project
1

Hello ansible group,

I would like to ask you for some advices related with dynamic inventories and variables.
I read Dynamic Inventories documentation from asnbile however still don’t see clear picture about solution.
So far ansible-tower is also not solution which I can focus on.

So quick ‘my issue’ which looks like ‘chicken and egg’ problem :wink:

  1. I would like to use ansible to provision servers.
  2. I would like to use ansible to do some small changes on servers (for example add / remote some account etc - depends of dynamic work)
  3. I would like to have records about facts (inlcuding local facts) wich can be used for playbooks.
  4. I would like to have easy way of reasigning host and different tasks will be run.

The way which I see, is that:

  1. First initial run of ansible - gathers facts and setup some local facts based on varialbe (role / product / environment (test / dev / etc))
    (Know already how to use callback functions and record results to DB).
  2. Next runs, reads DB (Dynamic Inventory) and setup servers, updating local facts as well.
  3. I can change some ‘flag’ in Dynamic Inventory and ansible will run different tasks.

Expected solution is that:

  1. I can quickly see on which status is server, for example:
  • ENV: Development - web servers - completed,
  • ENV: Testing - ready for application deplyement.
  • Prodcution ---- configuration XXX.
  1. When I am going to a server I can quickly see in local facts forder what has been done (ini or js file) in terms of configuraiton.

My issue is now that we have a lot of INI inventories files and we maintaning quite a lot of servers (250+).
Adding new servers in ini file depends of product line, and is a bit of slow, this is why I whould like to have start using dynamic invenotry.
However I am not quite sure how to deal with all these variables which we are using.

I like to assigning server to some group, then I can use it in tempaltes, etc. And use variables only for some configuration specific details.

So I would like to ask you in general:
How are you working with ansible day by day when you have to:

  • manage big number of hosts where configuration is different (not only web server / DB server - but also web servers have different configuration [apache, nginx])
  • see what has been already done via ansible on server (wihtout reading YAML files over and over).
  • Dealing with small tasks to adjust configuration on server (for example php variables must be adjusted, or apache max_clients have to be decrased, etc).
  • Quickly add / modify server roles and anothers tasks are running.

Maybe my thinking is too big / too complacated - any replies are welcome.

Best regards,
Marcin

2

So quick 'my issue' which looks like 'chicken and egg' problem :wink:
1. I would like to use ansible to provision servers.
2. I would like to use ansible to do some small changes on servers (for
example add / remote some account etc - depends of dynamic work)
3. I would like to have records about facts (inlcuding local facts) wich
can be used for playbooks.
4. I would like to have easy way of reasigning host and different tasks
will be run.

Ok, this is all straighforward.

The way which I see, is that:
1. First initial run of ansible - gathers facts and setup some local facts
based on varialbe (role / product / environment (test / dev / etc))
   (Know already how to use callback functions and record results to DB).
2. Next runs, reads DB (Dynamic Inventory) and setup servers, updating
local facts as well.
3. I can change some 'flag' in Dynamic Inventory and ansible will run
different tasks.

Inventory doesn't control what playbooks you run - it describes what you
have.

Expected solution is that:
1. I can quickly see on which status is server, for example:
   - ENV: Development - web servers - completed,
   - ENV: Testing - ready for application deplyement.
   - Prodcution ---- configuration XXX.

You can use different tags for different cloud systems, as one of many
possible ways. Dynamic inventory typically groups by tag.

2. When I am going to a server I can quickly see in local facts forder
what has been done (ini or js file) in terms of configuraiton.

My issue is now that we have a lot of INI inventories files and we
maintaning quite a lot of servers (250+).

You definitely would want to get away from this.

If you are non-cloudy, dynamic inventory can also access other CMDBs,
including bare metal provisioning systems like Cobbler. Tower is also a
great choice because not only can it graphically sync with other
inventories and track history in the DB, but you can also still on top of
that use it to manage variables. (Thus it provides that same CMDB-ish
capability).

Adding new servers in ini file depends of product line, and is a bit of
slow, this is why I whould like to have start using dynamic invenotry.
However I am not quite sure how to deal with all these variables which we
are using.

I like to assigning server to some group, then I can use it in tempaltes,
etc. And use variables only for some configuration specific details.

So I would like to ask you in general:
How are you working with ansible day by day when you have to:
- manage big number of hosts where configuration is different (not only
web server / DB server - but also web servers have different configuration
[apache, nginx])

Use lots of roles.

Use group_vars to manage differences between groups, regions, and types of
systems, and to set common variables.

- see what has been already done via ansible on server (wihtout reading
YAML files over and over).

Not sure I follow this part. if you want a list of all the things
configured that Ansible last touched versus something the user touched,
this is a bit of a pseudo-NP-complete type problem.

- Dealing with small tasks to adjust configuration on server (for example
php variables must be adjusted, or apache max_clients have to be decrased,
etc).

Playbooks and templates.

- Quickly add / modify server roles and anothers tasks are running.

Modification of roles is done in your editor.

Not sure what "anothers tasks are running".

If you want a central control chokepoint for all of your team to use, with
good inventory locking, Tower also fits well here.