Overview
If you don’t know what Ansible is, check out the intro. For general information, check out the documentation index.
Directory and file structure
The Ansible Project publishes a set of Best Practices. Our guideline is an extension to that guide.
.
├── README.rst
├── doc/
├── ansible.cfg
├── hosts
├── site.yml
├── vault-pass
├── defaults/
│ └── main.yml
├── files/
│ ├── file1.txt
│ └── file2.txt
├── group_vars/
│ └── all/
│ ├── ntp.yml
│ └── ssh.yml
├── host_vars/
│ ├── www.example.com/
│ │ ├── ntp.yml
│ │ └── ssh.yml
│ └── mail.example.org/
│ ├── ntp.yml
│ └── ssh.yml
├── roles/
├── adfinis-roles/
│ ├── ntp/
│ │ ├── defaults/
│ │ │ └── main.yml
│ │ ├── files/
│ │ ├── handlers/
│ │ │ └── main.yml
│ │ ├── meta/
│ │ │ └── main.yml
│ │ ├── tasks/
│ │ │ ├── config.yml
│ │ │ ├── install.yml
│ │ │ └── main.yml
│ │ ├── templates/
│ │ │ └── etc/
│ │ │ └── ntp.conf.j2
│ │ └── vars/
│ │ ├── Debian.yml
│ │ └── RedHat.yml
│ └── ssh/
│ ├── defaults/
│ │ └── main.yml
│ ├── files/
│ │ └── etc/
│ │ └── default/
│ │ └── ssh
│ ├── handlers/
│ │ └── main.yml
│ ├── meta/
│ │ └── main.yml
│ ├── tasks/
│ │ ├── config.yml
│ │ ├── install.yml
│ │ └── main.yml
│ ├── templates/
│ │ └── etc/
│ │ └── ssh/
│ │ └── sshd_config.j2
│ └── vars/
│ ├── Debian.yml
│ └── RedHat.yml
└── vars/
├── Debian.yml
└── RedHat.yml
Inventory
The file hosts
in the project directory contains a list of each server,
if needed with the depending connection information.
jumphost.example.com
[webservers]
www1.example.com ansible_host=192.0.2.50 ansible_port=2222 ansible_user=root
www2.example.com
[databases]
db-[0:9].example.com
You can define groups of hosts with []
. There is a group called all
,
each server in the hosts file is automatically in that group! Hostgroups can be used to
define special roles only for one hostgroup or to define some special
variables for this group.
Task structure
- Playbooks
A playbook is a set of roles. For each playbook it can be defined in which hostgroup it should be run, default is [all]. Ansible Playbooks
- Roles
Each role configures one application and consists of multiple tasks. Playbooks Reuse
- Tasks
Each tasks uses one module (e.g. template, file, copy, service).
Variable structure
- roles/$ROLE/defaults/main.yml
Each variable in a role should have a default value. Default values are specified in this file.
- roles/$ROLE/vars/*.yml
We use multiple variable files per role. Define only constant data here, like package names. Store all data here not in the tasks.
- group_vars/$HOSTGROUPS/*.yml
Each host can be in multiple hostgroups, create hostgroups as many as you need and as few as possible. Possible variables per hostgroup could be ntp servers per datacenter or nameservers per net.
- host_vars/$FQDN/*.yml
Host specific data, e.g. webserver virtualhost configurations or ip configuration.
Variable Precedence
This list shows different locations and their precendence of variables. The last valid rule has winning prioritization.
role defaults (
roles/$ROLE/defaults/main.yml
)inventory vars (
vars/main.yml
)inventory group_vars (
group_vars/$HOSTGROUP/*.yml
)inventory host_vars (
host_vars/$FQDN/*.yml
)playbook group_vars (we don’t make a difference to inventory group_vars)
playbook host_vars (we don’t make a difference to inventory host_vars)
host facts (default facts of a host: Ansible facts)
play vars (?)
play vars_prompt (Interactive Input: Prompts)
play vars_files (?)
registered vars (Register Variables)
set_facts (ansible.builtin.set_fact module)
role and include vars (
roles/$ROLE/vars/main.yml
)block vars (only for tasks in block; Blocks)
task vars (only for the task)
extra vars (always win precedence;
ansible --extra-vars='foo=bar'
)
We don’t use all of the above locations, mostly the following locations are used.
role defaults (
roles/$ROLE/defaults/main.yml
)inventory group_vars (
group_vars/$HOSTGROUP/*.yml
)inventory host_vars (
host_vars/$FQDN/*.yml
)host facts (default facts of a host: Ansible facts)
registered vars (Register Variables)
set_facts (ansible.builtin.set_fact module)
role and include vars (
roles/$ROLE/vars/main.yml
)