Hi Team,
I’m a newbie to ansible, trying to complete this project for opening firewall ports. Below is my project structure
- group_vars
- dbserver
- webserver
- applicationserver
- host_vars
- roles
- Common
- files
- app.app
- handlers
- main.yml
- tasks
- main.yml
- hosts
- site.yml
Contents of /hosts
[dbserver]
host1 ansible_ssh_host=10.10.10.1
host2 ansible_ssh_host=10.10.10.2
[webserver]
host2 ansible_ssh_host=10.10.10.2
host3 ansible_ssh_host=10.10.10.3
[applicationserver]
host1 ansible_ssh_host=10.10.10.1
host3 ansible_ssh_host=10.10.10.3
Contents of /group_vars/dbserver
How are you invoking the playbook? Just because a host is in two groups, doesn’t mean it will execute the logic for both groups.
The problem is that the list called firewallports gets overwritten by
whatever vars file is processed last.
For example, first it gets set to list from databases var file, then
to webserver list.
I do not know if it is possible to tell ansible to add lists together
automatically.
Quick and dirty: I would name the lists differently, and duplicate the
task:
- name: add database ports to the firewall
firewalld: port={{ item }} permanent=true zone=work state=enabled
with_items: "{{ db_firewallports }}"
when: db_firewallports is defined
- name: add webserver ports to the firewall
firewalld: port={{ item }} permanent=true zone=work state=enabled
with_items: "{{ web_firewallports }}"
when: web_firewallports is defined
Or join all lists together before the task into another list:
set_fact: firewallports= db_firewallports + web_firewallports
(or something in this manner)
Johannes
This behavior seems like it was changed recently, when the default in ansible.cfg changed from hash_behavior=merge to hash_behavior=replace.
Changing the value back to merge seems to work for many circumstances, but beware some caveats that were documented here:
https://groups.google.com/forum/#!topic/ansible-project/cDWcbgJz1Hs
Ansible makes me want to go back to Bash-based deployments.
The default has always been replace.