Here is an example inventory: for reference https://docs.ansible.com/ansible/2.9/user_guide/intro_inventory.html
all:
hosts:
a.example.com:
b.example.com:
...
z.example.com:
children:
vpn_group: # set up vpn tunnels on these machines
hosts:
a.example.com:
b.example.com:
c.example.com:
d.example.com:
ha_cluster_group: # set up HA clustering on these machines
hosts:
c.example.com:
d.example.com:
e.example.com:
f.example.com:
g.example.com:
h.example.com:
vars: # global vars
vpn_connections:
- name: tunnel A
hosts:
a.example.com:
b.example.com:
somehost.external.com: # host isn't in inventory
- name: tunnel B
hosts:
c.example.com:
d.example.com:
ha_clusters:
- name: cluster A
ha_cluster_cluster_param_1: some value
hosts:
c.example.com:
ha_cluster_host_param_1: some value
d.example.com:
e.example.com:
- name: cluster B
ha_cluster_cluster_param_2: some value
hosts:
f.example.com:
ha_cluster_host_param_1: some value
g.example.com:
h.example.com:A playbook which used the vpn role and the ha_cluster role would look like this:
- hosts: vpn_group
roles:
- linux-system-roles.vpn
- hosts: ha_cluster_group
roles:
- linux-system-roles.ha_clusterThe role would have to have logic to look for the other members of the clusters/tunnels to which it belongs.
E.g. the ha_cluster role would need to know that, when it is being run on host g.example.com, it is a
member of a cluster with other members f.example.com and h.example.com.