Last active
January 11, 2020 22:57
-
-
Save BradGunnerSGT/ba1cea6c6629a702f9eb to your computer and use it in GitHub Desktop.
Ansible instance-environment example:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In order to minimize slip-ups, we have a different inventory file for | |
each instance-environment pair, and each inventory uses a different | |
group name as well. Then there are group-vars files for each | |
instance-environment pair that set a variable so the proper playbooks | |
get run. | |
For example, here is how we have the project laid out: | |
site.yml | |
inventory/ | |
main-prod | |
main-test | |
lab-prod | |
lab-test | |
group_vars/ | |
main-prod.yml | |
main-test.yml | |
lab-prod.yml | |
lab-test.yml | |
roles/ | |
common/ | |
defaults/ | |
main.yml | |
handlers/ | |
main.yml | |
tasks/ | |
main.yml | |
templates/ | |
ntp.conf.j2 | |
openssl.conf.j2 | |
... | |
tomcat/ | |
... | |
httpd/ | |
... | |
myapp/ | |
files/ | |
env/ | |
main-prod/ | |
conf/ | |
conf.xml | |
otherconf.xml | |
yetanother.xml | |
war/ | |
myapp.war | |
credentials/ | |
secretfile.xml | |
keys.jks | |
main-test/ | |
... | |
lab-prod/ | |
... | |
lab-test/ | |
... | |
Now we can run the following commands to obtain the desired behavior: | |
# ansible-playbook site.yml -K -i inventory/main-test | |
# ansible-playbook site.yml -K -i inventory/main-prod | |
# ansible-playbook site.yml -K -i inventory/lab-test | |
# ansible-playbook site.yml -K -i inventory/lab-prod | |
Also, we can specify just one host (usually for testing or for ensuring | |
that the rolling update takes effect on only one host at a time): | |
# ansible-playbook site.yml -K -i inventory/main-test -l mp-test-1 | |
# ansible-playbook site.yml -K -i inventory/main-test -l mp-test-2 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[main-prod] | |
mp-[1:2] | |
[myapp-servers:children] | |
main-prod |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
app_env: main-prod | |
app_version: 2.4.0 | |
rpm_version: 1 | |
mysql_community_client_required: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
mysql_client_required: false | |
mysql_community_client_required: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: restart ntpd | |
service: name=ntpd state=restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: ensure libselinux is installed | |
yum: pkg=libselinux-python state=installed | |
tags: selinux | |
- name: ensure ntp is installed | |
yum: pkg=ntp state=installed | |
tags: ntp | |
- name: ensure ntp is configured | |
template: src=ntp.conf.j2 dest=/etc/ntp.conf | |
notify: | |
- restart ntpd | |
tags: ntp | |
- name: ensure ntpd is running and enabled | |
service: name=ntpd state=running enabled=yes | |
tags: ntp | |
- name: update bash to prevent ShellShock | |
yum: name=bash state=latest | |
- name: ensure the mysql client is installed | |
yum: name="mysql" state=installed | |
when: mysql_client_required == true | |
# Note: we need to have mysql 5.6 client installed on certain servers, | |
# but RHEL only provides 5.1. This play installs the community repo RPM, and the | |
# next one installs the client | |
- name: ensure the MySQL Community repository is activated | |
yum: name="http://dev.mysql.com/get/mysql-community-release-el6-5.noarch.rpm" state=present | |
when: mysql_community_client_required == true | |
- name: ensure the MySQL Community client (5.6) is installed | |
yum: name="mysql-community-client" state=installed | |
when: mysql_community_client_required == true | |
- name: configure openssl | |
template: src=openssl.cnf.j2 dest=/etc/pki/tls/openssl.cnf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- assert: | |
that: | |
- "app_env is defined" | |
- "app_version is defined" | |
- "rpm_version is defined" | |
- name: Install myapp base RPM | |
yum: name=http://rpmserver.example.com/rpms/myapp-{{app_version}}-{{rpm_version}}.el6.noarch.rpm state=present | |
# NOTE: the trailing "/" is important!! | |
- name: copy directories specific to each environment | |
copy: src="env/{{ app_env }}/{{ item.path }}/" dest={{ app_home }}/{{ item.path }}/ owner=root group=root | |
with_items: | |
- { path: 'conf' } | |
- { path: 'war' } | |
# copy the credentials with different permissions (the trailing "/" is important!!) | |
- name: copy the credentials | |
copy: src="env/{{ app_env }}/credentials/" dest={{ idp_home }}/credentials/ mode=640 owner=root group=tomcat | |
notify: restart tomcat | |
- name: deploy the WAR files into tomcat | |
template: src="{{ item.src }}" dest="{{ tomcat_context }}/{{ item.name }}" owner=root group=root | |
notify: restart tomcat | |
with_items: | |
- { name: 'idp.xml', src: 'idp.xml.j2' } | |
- { name: 'ROOT.xml', src: 'ROOT.xml.j2' } | |
- name: configure tomcat for myapp | |
copy: src="env/{{app_env}}/tomcat/{{ item.name }}" dest="{{ tomcat_conf }}/{{ item.name }}" owner=root group=root | |
notify: restart tomcat | |
with_items: | |
- { name: 'server.xml' } | |
- { name: 'tomcat6.conf' } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: all | |
sudo: true | |
roles: | |
- common | |
- hosts: myapp-servers | |
sudo: true | |
serial: 1 | |
vars: | |
app_base: /opt/myapp | |
app_home: "{{ idp_base }}/home" | |
tomcat_home: "/usr/share/tomcat6" | |
tomcat_conf: "{{ tomcat_home }}/conf" | |
tomcat_context: "{{ tomcat_conf }}/Catalina/localhost" | |
roles: | |
- tomcat | |
- myapp | |
- hosts: webservers | |
sudo: true | |
roles: | |
- httpd | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment