Hi,
I’d like for roles I assign to a host to append some data to this hosts configuration, facts, or something else, readable by other roles.
To be concrete, a web server role should specify config for local_firewall, router_firewall and nagios_server roles
Right now if I add a web server role to a machine, I have to edit its host_vars by hand, and add something like (simplified):
firewall:
tcp:
http: 80
https: 443
nagios:
groups:
- http
- ssh
checks:
- ping
(nagios dict is read by nagios_server role running on a separate machine, and firewall config is read by a local iptables role but also by a router/firewall/NAT role also running on a separate machine)
Central repetitive config I need to update per-role is inconvenient by itself, but with more roles it gets very messy, I’m supposing I’m not the only one dealing with this, so I’d like to ask about the best practices?
I know about role dependencies but these don’t work remotely (router/nagios) and I don’t want to append to some state from 5000 roles, I think I should be able to generate this state on demand.
and I know about set_fact in roles, but using it would again mean that I have to run all the roles on all machines because “These variables will be available to subsequent plays during an ansible-playbook run, but will not be saved across executions” and also, I’d like to append to the config (a let’s say firewall dict?), and not rewrite it entirely with each set_fact
Am I missing something? How should I approach this?
Thanks!