Multi-cloud deployment, use site.yml or --extra-vars

Roman_Valls · June 23, 2014, 12:41pm

Hello Ansible-Project,

I would like to know which best practices are there when it comes to deploying a playbook to several different cloud providers (mainly AWS and GCE now, but more might come later).

More specifically, which one feels more natural to you:

ansible-playbook site.yml --extra-vars "cloud_provider=aws aws_access_key=..."
ansible-playbook site.yml --extra-vars="cloud_provider=gce gce_service_email=..."

Which follows ansible docs on Best Practices…

… or the following, shorter version instead?

ansible-playbook aws.yml --extra-vars "aws_access_key=..."
ansible-playbook gce.yml --extra-vars="gce_service_email=..."

Here’s the original GitHub discussion that triggered this email, thanks Michael DeeHann for pointing this google group:

https://github.com/nimiq/ansible-biostar/issues/11

Thanks in advance,
Roman

Michael_DeHaan1 · June 23, 2014, 2:12pm

I’d probably keep the provisioning playbooks seperate and then have them include the configuration portion using the usual “add_host” handoff.

Also I should point out

–extra-vars @from_file.yml

is an option

Roman_Valls · June 23, 2014, 4:17pm

Thanks Michael,

I see, so you would go for the second option and implement the add_host trick described here? Clever:

http://skvidal.wordpress.com/2012/10/31/ansible-and-cloud-instances/

The inline extra-vars are meant to have things like aws_access_key and other sensitive tokens away from potentially public version-controlled files.

In the future we might check if those are on, for instance, $HOME/.botorc instead of having them in a .yml file in our playbook, just one commit away from being published in the open.

Thanks again!
Roman

Paolo · June 23, 2014, 4:28pm

Just a note: we already use add_host in the way Michael said.
F.i. we first launch a EC2 instance, then add its public IP to the Ansible host file using add_host module:
https://github.com/nimiq/ansible-biostar/blob/master/roles/ec2_instance/tasks/main.yml#L83

Paolo

Michael_DeHaan1 · June 23, 2014, 6:04pm

“The inline extra-vars are meant to have things like aws_access_key and other sensitive tokens away from potentially public version-controlled files.”

That makes sense, though if you want to keep them private, also consider ansible-vault (and maybe not keeping them in source control paths) if you want.

Roman_Valls · June 24, 2014, 1:10pm

Thanks Michael for the ansible-vault insight, I knew of its existence but never used it … yet.

Anyhow, Paolo has a point there, we already use add_host handoff in our playbook, what I guess you meant is that we should call the actual “application payload” (in our case, docker containers):

https://github.com/nimiq/ansible-biostar/blob/master/biostar.yml

At the end of each cloud instantiation:

https://github.com/nimiq/ansible-biostar/tree/master/roles/ec2_instance

https://github.com/nimiq/ansible-biostar/tree/master/roles/gce_instance

Perhaps via a simple “include” at the end of the {ec2|gce}_instance?

Thanks!
Roman

Topic		Replies	Views
Playbook's --extra-vars reinstated on the devel branch Ansible Project	5	3	April 27, 2012
Use --extra-vars with .json file as input but per host Ansible Project	2	7	November 25, 2014
How to use --extra-vars option to pass host variables in ansible-playbook Ansible Project	6	22	February 29, 2016
Ansible deployment script, variable hosts value Ansible Project	4	0	October 7, 2015
extra-vars behavior Ansible Project	2	9	March 1, 2016

Multi-cloud deployment, use site.yml or --extra-vars

Related topics