We run the same playbooks against 7 (!) various staging environments, with a different inventory for each. Per-environment config goes into the inventory under the [all:vars] key - including things like versions of RPMs etc.
SSH credentials are managed out of band, but there's a central git repo to hold all this that can be checked out to a bastion host on the relevant environment. We've occasionally branched the repo to allow big changes in playbook structure to be proven on dev. environment configs but try to merge those into master asap. As others have said, a playbook per environment is likely to involve unproven playbook runs against production. (as an aside, the restrictions you are being presented with sound like 'policy scar tissue' after someone got burned by a different CM solution like Puppet or Chef. The agentless nature of Ansible makes it a lot less likely a change can 'leak' into prod without some operator explicitly wanting it). On 14 February 2016 at 20:23, Byron Mabbett <[email protected]> wrote: > HI All, > First post and we are looking to implement Ansible into a new cloud > environment for multiple legacy systems. > > Sorry but there is a bit of a story first and this is more a setup/component > architecture question as we have a security constraint that production and > non-production data centers can never talk to each other. Meaning components > such as version control and configuration management have to have two > instances (prod and non-prod) with separate login's etc and syncing taking > place between them. > > I think this is mad, and have managed to talk them down to have only one > version control instance. > > However, compromise was a prod and non prod Ansible, which we can sort of > justify, as we have a lack of maturity with tools as we are just starting to > implement Ansible. > > Do others have experience in running two instances of Ansible, and keeping > common config in sync? > > eg: > 1. One source repository for Ansible config containing both prod and > non-prod config > 2. Two source repository's for Ansible config, one prod and one non-prod > config > > Any steer's appreciated. > > Cheers > Byron > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/ea685c2a-0084-49b6-b692-1934c366d45f%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAK5eLPSXbrsHdy%3Dtm81hxrRuWZiRd32OWN0CgvL%2BJ-QV0xZu%2BQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
