Hi,
As I build more complex playbooks that will be used by other teams that
have zero knowledge of Ansible (read: big corporation), I started to
migrate much of the configuration data to variable files. The idea was
to enforce certain things in the playbooks (thing that won't ever
change and are standards -- famous last words) and let these users
change the moving parts through variables.
Initially it was nice because I was asking them to fill in a variable
named "oracle_sid" and I would use it throughout the plays in all sorts
of ways. The "users" didn't have to mess with Jinja filters, get the
chance to break the logic, etc.
Then it got weird when I was creating lists of dictionaries for users
that should exist for a given role, like this:
oracle_users:
- name: userX
group: groupX
groups: groupY,groupZ
home: /home/userX
- name: userY
group: ....
The YAML file with these variables is _almost_ like the playbook file
itself and I'm just looping over the list creating users with _almost_
all parameters defined by the end-user through that vars file.
So I got stuck thinking if I should be radical and not allow any
configuration data in the playbooks, only get it from variables. Or if I
should let these other operation teams mess directly with the playbooks.
I'm really divided about this and really appreciate any feedback.
Giovanni