-
Notifications
You must be signed in to change notification settings - Fork 1
/
configuration_with_ansible.utf8
89 lines (63 loc) · 3.29 KB
/
configuration_with_ansible.utf8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
SITUATION
=========
We want to use the configuration repo for setting up and configuring our machines.
We had (some) success with changing values in the folders
playbooks/roles/<rolename>/vars/
for the different roles. But we don't have much experience with variable precedence
and in particular with parametrized variables putting directly in the initial
playbook and the 'secure_dir' variable.
QUESTION
========
CONFIGURATION.1: We would ideally like to have some properties with our use
of the configuration repo:
- having all changes (variables etc.) made to the configuration
within one or two files or directory. (or two with 'secure_dir')
- (if possible) also only having to call one playbook.
This would give us independence of the generic edx repo
in terms of development/testing/documentation and be like
an "internal use plugin".
Do you know if some kind of playbook or config-file/dir is possible?
If yes, can you describe how to setup such a "plugin playbook"?
ANSWER
=======
CONFIGURATION.1:
Yes, it's definitely better to isolate the configuration variables which are specific to
your own installation separately. I actually use a separate repository for this pruprose -
this way you can keep the configuration variables in a private repository (since you don't
want passwords to be available publicly), while still keeping the more general changes you
make to the configuration repository available publicly, as required by the AGPL license
of that repository (it would be illegal to keep those changes private).
* Private: configuration-secure
* Public: configuration
Then, using variable precedence rules (cf
http://www.ansibleworks.com/docs/playbooks2.html#understanding-variable-precedence )
configuration-secure is structured like this:
```
|-- group_vars -> ../configuration/playbooks/group_vars/
|-- hosts_production.lst
|-- hosts_staging.lst
`-- vars
`-- edxapp_vars.yml
```
`edxapp_vars.yml` will contain any variable coming from any of the roles variables
(`playbooks/roles/*/vars/main.yml`) which you want to overwrite.
`hosts_*.lst` is an inventory file, containing something like:
```
[localhost]
edx.antoviaque.org
```
Using the group name `localhost` will allow us to use the sandbox playbook remotely
without having to change the hostname.
`group_vars` is accessd by Ansible from the same directory as the inventory file, so the
symlink allows to use the default values if you don't need to changed them
There is one change you would still need to make in the `configuration` repository, which
is to get it to load the overriding variables from a directory we can configure from the
ansible command-line (the edx_sandbox.yml used to have this line, but it was removed from
the official repo):
https://github.com/antoviaque/configuration/commit/703d06aafac8cedb0bf23ff86930778c075ee817
Assuming you put both `configuration` and `configuration-secure` repositories in the same
directory, to run the edx_sandbox.yml playbook remotely on edx.antoviaque.org, you would
run:
```
$ ansible-playbook -vvv --user=ubuntu -i ../../configuration-secure/hosts_staging.lst -s --extra-vars="secure_dir=../../configuration-secure" edx_sandbox.yml
```