I’d like to share the way I organize ansible to manage infrastructure with the community.
I tend to think of infrastructure as partitioned into “systems”, “services”, and “applications”… and automation as “preparation”, “configuration”, and “deployment”. This approach reduces execution times of playbooks, as it intrinsically strives to avoid the frequent execution of non-changing actions.
A long time ago before there were roles. We had no built in magical conveniences or common structure to build upon. You had to develop your own organization and flow… and in doing so I created a hodge-podge of bash scripts and playbooks around this “pcd” concept. They worked great, but really were not ansible 1.2+ compatible. I’ve finally gotten around to refactoring & ignoring nuisances, and now have a new “framework” (or organizational base) I’d like to share. Roles and inventory sure do make it easier!
https://github.com/iceburg-net/ansible-pcd
A couple of goals;
-
Easy interdependence - e.g. an application can depend on
services/zookeeperwhich can depend onservices/smtp. The ec2-web-1 host can depend onsystems/web-serverwhich depends onservices/apacheand theapplications/apache-ng-securityapplication you’re writing. -
Provide common tasks/vars/handlers/files/templates for convenience and to reduce redundancy
-
Remain distribution agnostic (will support RedHat + Debian distributions, maybe more)
-
Utilize the “pcd” concept. Will utilize tagging once a monolithic site.yml is built.
-
Compartmentalize sensitive information (e.g. rsa keys, ssl certs) to help keep it out of version control (ignore /private)
There’s really not much there now… just an organizational base that outlines my general concept. I’ll be adding services and applications as time avails.
Hope someone finds it useful && would love to see other techniques.
~ Brice
