Le 10/02/2016 21:44, Guy Matz a écrit :
Does anyone have an opinion as to whether it's better to keep all
ansible code in one repo, or whether it's better to keep separate repos
for each group/app/arbitrary distinction? I can see the benefits and
pitfalls of both, but can't tell which outweighs the other.
Any thoughts are greatly appreciated.
Hi Guy,
I've probably tried a broad spectrum on this topic, from a huge playbook
covering all my systems, to something very fine grained. I now lie in
the middle.
My first approach few years ago was to try to encompass all my needs in
one playbook . I didn't even have roles (it was more a side feature at
that time). The result was, of course, something completely unusable:
side effects were numerous, things were failing all the time, and
configuration drift started to cripple in. So, in the end, whatever you
choose do, please just don't do this. You wont manage everything in one
playbook and one inventory (unless you have a small, i.e..
"project-size", infrastructure). It will just grow to a monster that
will eat you.
Now, assuming you have dedicated systems per project, I (currently)
think the right size is the project size.
- one repo per role
- one repo containing playbooks & inventories (you might have several
inventories e.g. dev, prod, ...)
- each required role as a submodule in playbook's roles/
- one ansible.cfg to point to the proper inventory (dev by default, to
limit production accidents)
Having roles as submodules in playbook will let you improve roles
without impacting other projects.
I usually split my playbooks per topic (baseline install, daemons,
application, ...) but I try to limit splitting as it complicates things
(variable, facts & handlers scoping). I use tags when I can but they
come with the same limitations, although fact caching (I use Redis)
helps a bit.
I also try to list each role explicitely in my playbooks, and try not to
rely on dependency magic (and I don't use Galaxy).
Listing dependencies explicitely helps tracking down problems, and makes
playbooks much more readable. Generally speaking, role coupling is your
worst enemy.
I am pretty happy with this setup right now, but in the end, it is very
dependent on your environment and style.
M
--
Michel Blanc
{ :github => "@leucos", :twitter => "@b9m", :gpg => "0X24B35C22" }
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/56BC41CC.4090802%40mbnet.fr.
For more options, visit https://groups.google.com/d/optout.
