Newby Requirements and missing workarounds

Hey together,

I am working with ansible for a few days now and it is perfect and really what I needed, but there are a few things I am not able to solute for myself and where I have ( in my opinion ) ugly workarounds that should be able to be done a lot smoother.

1.) Merging Variables per Playbook

  • I know that merging variables is possible with editing ansible.cfg
  • I know, that a lot of playbooks do not use this behavior so enabling it could create problems
  • Is it somehow possible to create it just for my own playbooks?
  • Reason:
  • All my variables are build like this:
  • bbnetz.PLAYBOOK.packages.[nano, screen, curl, …] ( for example ) set in the vars folder per distribution/version
  • bbnetz.PLAYBOOK.settings.[database.*, vhost, defaultUser, … ] set in the defaults folder and also in my host_vars.

Just as a workaround: I just renamed the bbnetz.PLAYBOOK.packages to bbnetz_packages.PLAYBOOK, but this is not as clean as I would like to have it.

2.) Creating Runtime variables

This is my set up:

  • I tried to setup a PHP-FPM setup with different ports
  • I created for each php-fpm vhost a file in /etc/php5/fpm/pool.d/ and name it HOSTNAME_PORTNUMBER where portnumber is 9000 + i.
  • And here is where this ends. I am not able to figure out what my i is or how to add it to 9000.

Just as workaround: I am working with PHP-FPM over Sockets for the moment…

3.) Git Module and owners

This is one of my settings:

  • I am connected as user bbringenberg to my test server
  • I create a new user named openproject and want to create the github repo from openproject in /home/openproject as user openproject.
  • There is no attribute owner/group so this is not possible =(.
  • I am also not able to configure the user for a new connection in my vars file

Just as a workaround: I am creating a copy of the gitrepo for the moment and set the new owner there.

4.) How are you working with SSL Certs?

  • The last of my problems is, that I am not sure how to deploy SSL Certs
  • I could add them to my host_vars file, but that would make it really huge and as my configuration is in a locale git it would not make it any more secure…
  • I need to deploy them as files with gitignore or so…
  • How are you doing this?
    Just as a workaround: I am doing this manually on each server…

It would be really cool if you’d be able to help me out here, because I have a lot of cool things todo with ansible =).

Thanks for your help and have a very nice evening,
Greetings from Ruhrarea, Germany,

Bastian

Hey together,

I am working with ansible for a few days now and it is perfect and really
what I needed, but there are a few things I am not able to solute for
myself and where I have ( in my opinion ) ugly workarounds that should be
able to be done a lot smoother.

Replies inline !

*1.) Merging Variables per Playbook*

   - I know that merging variables is possible with editing ansible.cfg
   - I know, that a lot of playbooks do not use this behavior so enabling
   it could create problems

It's not really going to cause any problems, but it's more confusing than
it's worth for most people new to ansible - and most people don't need it.

   - Is it somehow possible to create it just for my own playbooks?

It's set in ansible.cfg as "hash_merge_behavior".

   - Reason:
   - All my variables are build like this:
      - bbnetz.PLAYBOOK.packages.[nano, screen, curl, ...] ( for example
      ) set in the vars folder per distribution/version
      - bbnetz.PLAYBOOK.settings.[database.*, vhost, defaultUser, ... ]
      set in the defaults folder and also in my host_vars.

Just as a workaround: I just renamed the bbnetz.PLAYBOOK.packages to
bbnetz_packages.PLAYBOOK, but this is not as clean as I would like to have
it.

*2.) Creating Runtime variables*

This is my set up:

   - I tried to setup a PHP-FPM setup with different ports
   - I created for each php-fpm vhost a file in /etc/php5/fpm/pool.d/ and
   name it HOSTNAME_PORTNUMBER where portnumber is 9000 + i.
   - And here is where this ends. I am not able to figure out what my i
   is or how to add it to 9000.

Look into the "set_fact" module for exactly this.

- set_fact:
      x: "{{ ((x|int) + 1) }}"

I'm being a little paranoid with the int casting, in case you have it as a
string somewhere.

Etc.

Just as workaround: I am working with PHP-FPM over Sockets for the
moment...

*3.) Git Module and owners*

This is one of my settings:

   - I am connected as user bbringenberg to my test server
   - I create a new user named openproject and want to create the github
   repo from openproject in /home/openproject as user openproject.
   - There is no attribute owner/group so this is not possible =(.

There's a better approach here. You could "sudo_user: username" to that
user and check that thing out as you.

You could also just set this after the fact, but it's cleaner to do the
other. This is the same reason the git command itself does not have owner
and group modes.

   - I am also not able to configure the user for a new connection in my
   vars file

I'm not sure what this part means.

Just as a workaround: I am creating a copy of the gitrepo for the moment
and set the new owner there.

*4.) How are you working with SSL Certs?*

   - The last of my problems is, that I am not sure how to deploy SSL
   Certs
   - I could add them to my host_vars file, but that would make it really
   huge and as my configuration is in a locale git it would not make it any
   more secure...
   - I need to deploy them as files with gitignore or so...
   - How are you doing this?

I'll let other people answer this part...

Thanks for your help and have a very nice evening,

You are welcome! Hope the above helps!

Hey Michael,

thank you very much for your help! With those Informations I am able to do all the jobs I currently needed to do =).

Have a nice day,

Bastian