Best practices for ansible roles development
6 likes3,189 views
The document describes steps to set up a test environment using Vagrant and Ansible: 1. Clone Vagrantfile and Ansible role repositories for nginx configuration 2. Create vagrant.yaml file to define VM ports and site.yaml playbook to configure nginx 3. Run vagrant up to provision VM, vagrant provision to run Ansible, and ansible-playbook to run the playbook 4. Connect to the VM via vagrant ssh and use the private key to ssh 5. Destroy the test environment with vagrant destroy
![● - { } [ ] * & ? | > ! % ` # @ :
- file:
path: "{{ my_path }}"
mode: 0644
●
- debug:
msg: "Path: {{ my_path }}"
● yes false
- copy:
dest: "{{ my_path }}"
content: "yes"
● yamllint
ansible all -i localhost, --connection local -m debug -a 'msg={{xxx}}' -e '{xxx: @asd}'](https://image.slidesharecdn.com/bestpracticesforansiblerolesdevelopment-171013123725/85/Best-practices-for-ansible-roles-development-7-320.jpg)
![# Desired config file (myapp.cfg):
[section1]
option11=value11
option12=value12
# myapp_role/templates/myapp.cfg.j2:
{{ myapp_config | encode_ini }}
# myapp_role/defaults/main.yaml:
myapp_config:
section1:
option11: value11
option12: value12
# myapp_role/tasks/main.yaml:
- name: Create config file
template:
dest: /etc/myapp/ myapp.cfg
src: myapp.cfg.j2](https://image.slidesharecdn.com/bestpracticesforansiblerolesdevelopment-171013123725/85/Best-practices-for-ansible-roles-development-32-320.jpg)
![# myapp_role/defaults/main.yaml:
myapp_section1_option11: value1
myapp_section1_option12: value2
myapp_section1__default:
option11: "{{ myapp_section1_option11 }}"
option12: "{{ myapp_section1_option12 }}"
myapp_section1__custom: []
myapp_section1: "{{
myapp_section1__default.update(myapp_section1__custom)}}{{
myapp_section1__default}}"
myapp_config__default:
section1: "{{ myapp_section1 }}"
myapp_config__custom: {}
myapp_config: "{{
myapp_config__default.update(myapp_config__custom) }}{{
myapp_config__default }}"](https://image.slidesharecdn.com/bestpracticesforansiblerolesdevelopment-171013123725/85/Best-practices-for-ansible-roles-development-33-320.jpg)
Best practices for ansible roles development
- 4. - file: path=/etc/foo.conf mode=0644 - file: path=/etc/foo.conf mode=0644 - file: "path=/etc/foo.conf mode=0644" - file: path: /etc/foo.conf mode: 0644
- 6. - file: path: "{{ my_path }}" owner: "foo" group: "bar" mode: "0644" - copy: dest: "{{ my_path }}" content: " Some very long line which needs to be wrapped" - copy: dest: "{{ my_path }}" content: "FirstnSecondn" - file: path: "{{ my_path }}" owner: foo group: bar mode: 0644 - copy: dest: "{{ my_path }}" content: >2- Some very long line which needs to be wrapped - copy: dest: "{{ my_path }}" content: | First Second
- 7. ● - { } [ ] * & ? | > ! % ` # @ : - file: path: "{{ my_path }}" mode: 0644 ● - debug: msg: "Path: {{ my_path }}" ● yes false - copy: dest: "{{ my_path }}" content: "yes" ● yamllint ansible all -i localhost, --connection local -m debug -a 'msg={{xxx}}' -e '{xxx: @asd}'
- 9. - file: path: "{{ my_path }}" owner: foo group: bar mode: 0644 - hosts: all vars: data: aaa: bbb ccc: - ddd: - eee # Half tabs (4 spaces) - file: path: "{{ my_path }}" owner: foo group: bar mode: 0644 # Inconsistent indentation - hosts: all vars: data: aaa: bbb ccc: - ddd: - eee
- 11. ● .yml .yaml .jon .json ● .yaml meta
- 13. ● ● ○ ● ○ ○
- 15. # roles/role1/defaults/main.yaml var1: aaa # roles/role2/defaults/main.yaml var1: bbb # group_vars/all var1: ccc # role1/defaults/main.yaml role1_var1: aaa # role2/defaults/main.yaml role2_var1: bbb # group_vars/all role2_var1: ccc
- 17. # roles/role1/defaults/main.yaml role1_var1: aaa # roles/role1/tasks/main.yaml - debug: msg: > var1={{ role1_var1 }}, var2={{ role1_var2 }} # group_vars/all role1_var2: bbb # roles/role1/defaults/main.yaml role1_var1: aaa # Must be defined by the user role1_var2: null # roles/role1/tasks/main.yaml - debug: msg: > var1={{ role1_var1 }}, var2={{ role1_var2 }} # group_vars/all role1_var2: bbb
- 19. # roles/role1/defaults/main.yaml role1_var1: aaa # roles/role1/vars/main.yaml role1_var2: bbb # roles/role1/tasks/main.yaml - debug: msg: > var1={{ role1_var1 }}, var2={{ role1_var2 }} # roles/role1/defaults/main.yaml role1_var1: aaa role1_var2: bbb # roles/role1/tasks/main.yaml - debug: msg: > var1={{ role1_var1 }}, var2={{ role1_var2 }}
- 20. ● vars defaults # roles/role1/meta/main.yaml dependencies: - role2 # roles/role1/vars/main.yaml role1_var1: bbb # roles/role2/defaults/main.yaml role1_var1: aaa ● ○ ○
- 22. - file: path: /etc/foo.conf mode: 0644 - name: Set foo.conf mode file: path: /etc/foo.conf mode: 0644
- 24. - cron: name: Run my command job: /usr/bin/my_prog minute: "*" hour: "*" state: present - cron: name: Run my command job: /usr/bin/my_prog - cron: name: Run my command minute: "{{ minute }}" hour: "{{ hour }}" job: /usr/bin/my_prog
- 26. - package: name: mysql-server - template: src: my.cnf.j2 dest: /etc/my.cnf - service: name: mysql enabled: yes state: started - package: name: mysql-server tags: - mysql_pkg - template: src: my.cnf.j2 dest: /etc/my.cnf tags: - mysql_config - service: name: mysql enabled: yes state: started tags: - mysql_service
- 27. # roles/mysql/tasks/main.yaml - package: name: "{{ mysql_pkg }}" notify: Restart MySQL service tags: mysql_pkg - template: src: my.cnf.j2 dest: "{{ mysql_config_path }}" notify: Restart MySQL service tags: mysql_config - service: name: "{{ mysql_service }}" enabled: yes tags: mysql_service - service: name: "{{ mysql_service }}" state: started register: mysql_service_started tags: mysql_service # roles/mysql/handlers/main.yaml - name: Restart MySQL service service: name: "{{ mysql_service }}" state: restarted when: > mysql_service_started is not defined or not mysql_service_started.changed # roles/mysql/defaults/main.yaml mysql_pkg: mysql-server mysql_config_path: /etc/my.cnf mysql_service: mysql
- 29. - lineinfile: path: /etc/selinux/config regexp: ^SELINUX= line: SELINUX=enforcing - template: src: selinux_config.j2 dest: /etc/selinux/config
- 31. ● ●
- 32. # Desired config file (myapp.cfg): [section1] option11=value11 option12=value12 # myapp_role/templates/myapp.cfg.j2: {{ myapp_config | encode_ini }} # myapp_role/defaults/main.yaml: myapp_config: section1: option11: value11 option12: value12 # myapp_role/tasks/main.yaml: - name: Create config file template: dest: /etc/myapp/ myapp.cfg src: myapp.cfg.j2
- 33. # myapp_role/defaults/main.yaml: myapp_section1_option11: value1 myapp_section1_option12: value2 myapp_section1__default: option11: "{{ myapp_section1_option11 }}" option12: "{{ myapp_section1_option12 }}" myapp_section1__custom: [] myapp_section1: "{{ myapp_section1__default.update(myapp_section1__custom)}}{{ myapp_section1__default}}" myapp_config__default: section1: "{{ myapp_section1 }}" myapp_config__custom: {} myapp_config: "{{ myapp_config__default.update(myapp_config__custom) }}{{ myapp_config__default }}"
- 34. # Desired config file (/etc/selinux/config): SELINUX=enforcing SELINUXTYPE=targeted # roles/sudo/templates/selinux_config.j2: {{ ansible_managed | comment }} {{ selinux_config | encode_ini(ucase_prop=true) }} # roles/selinux/defaults/main.yaml: selinux_config: selinux: enforcing selinuxtype: targeted # roles/selinux/tasks/main.yaml: - name: Create config file template: dest: /etc/selinux/config src: selinux_config.j2
- 39. git clone https://github.com/jtyr/vagrantfile_config.git /tmp/vagrantfile_config mkdir -p /tmp/test/roles && cd /tmp/test git clone https://github.com/jtyr/ansible-nginx.git roles/nginx git clone https://github.com/jtyr/ansible-config_encoder_filters.git roles/config_encoder_filters ln -s /tmp/vagrantfile_config/Vagrantfile ./ cat > vagrant.yaml <<END --- defaults: provision_individual: yes vms: testvm1: ports: HTTP: host: 8080 guest: 80 END cat > site.yaml <<END --- - hosts: all become: yes roles: - nginx END vagrant up vagrant provision ansible-playbook -i .vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory site.yaml vagrant ssh ssh -p 10000 -i .vagrant/machines/test/virtualbox/private_key -l vagrant localhost vagrant destroy -f