Hi James,
They're pretty complicated, and we have several depending on the scenario.
The most common that we run though, and simplest, is a code deploy, and it
looks like this:
# gather facts from monitoring nodes for iptables rules
> - hosts: webservers
> serial: 1
> accelerate: true
> # These are the tasks to run before applying updates:
> pre_tasks:
> - name: disable the staging server in haproxy
> shell: echo "disable server web_staging/{{ ansible_hostname }}" |
> socat stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
> - name: disable the production server in haproxy
> shell: echo "disable server web_production/{{ ansible_hostname }}" |
> socat stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
> roles:
> - deploy_web
> # These tasks run after the roles:
> post_tasks:
> - name: Enable the staging server in haproxy
> shell: echo "enable server web_staging/{{ ansible_hostname }}" | socat
> stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
> - name: Enable the production server in haproxy
> shell: echo "enable server web_production/{{ ansible_hostname }}" |
> socat stdio /var/lib/haproxy/stats
> delegate_to: "{{ item }}"
> with_items: groups.lbservers
In short, it removes the web server from HA Proxy, then does a code update
(deploy_web role is basically a git pull), then it adds the server back to
HA Proxy.
I have not considered an inventory variable. I'll look into it to see if
it can be done in a way that makes sense to me.
I'm starting to think the cleanest way might just be three hosts files, and
then just running the playbook three times. :-(
-Joel
On Friday, December 6, 2013 12:50:38 PM UTC-5, James Martin wrote:
>
> Joel,
>
> I think I understand what you mean. It would help to see the
> playbook(s). Perhaps you need an inventory variable for the
> load balancers that define what group they are in charge of?
> I don't think ansible is capable of automatically inferring it on its own.
> You might be able to write some logic around it in your
> playbook/template as well. Declaring it might be faster and easier to
> understand.
>
> - James
>
> On Fri, Dec 6, 2013 at 12:44 PM, <jo...@tweetwall.com <javascript:>>
> wrote:
> > Hi James,
> >
> > If I didn't limit, would it run the tasks for each lbservers for each
> > webserver, or would it properly know that dc1's webservers should only
> > interact with dc1's load balancer?
> >
> > I am trying to make it so that I could run a playbook for a specific
> > datacenter, or I could run it for all at the same time (like a code
> deploy).
> > The sticking point seems to be that the lbserver in dc1 should only know
> > about the webservers in dc1.
> >
> >
> > On Friday, December 6, 2013 12:38:47 PM UTC-5, James Martin wrote:
> >>
> >> Joel,
> >>
> >> It would be:
> >>
> >> - hosts: lbservers
> >>
> >> In theory, the --limit dc1 would limit the playbook to the lbservers
> >> in dc1. Just make sure you don't forget to limit!
> >>
> >> - James
> >>
> >> On Fri, Dec 6, 2013 at 12:32 PM, <jo...@tweetwall.com> wrote:
> >> > Hi James,
> >> >
> >> > First, thanks for the response.
> >> >
> >> > Would the example you provided still work when the .yml files declare
> >> > there
> >> > hosts as:
> >> >>
> >> >> - hosts: lbservers
> >> >
> >> >
> >> > Or would it have to be changed to say:
> >> >>
> >> >> - hosts: dc1_lbservers
> >> >
> >> >
> >> > We have specific tasks that would need to be run on the lbservers vs
> the
> >> > web
> >> > servers.
> >> >
> >> > Thanks,
> >> >
> >> > -Joel
> >> >
> >> >
> >> > On Friday, December 6, 2013 12:19:51 PM UTC-5, James Martin wrote:
> >> >>
> >> >> Joel,
> >> >>
> >> >> This is untested, but might work (depending on what your playbooks
> are
> >> >> doing). Try using multiple groups and parent groups with children.
> >> >>
> >> >> Assuming your playbooks ran against the webservers or lbserver goup:
> >> >>
> >> >> if you wanted updated only dc1 :
> >> >>
> >> >> ansible-playbook myplabook.yml --limit dc1
> >> >>
> >> >> if you wanted to run against both datacenters:
> >> >>
> >> >> ansible-playbook myplaybook.yml
> >> >>
> >> >>
> >> >> hosts file:
> >> >>
> >> >> [dc1:children]
> >> >> dc1_webservers
> >> >> dc1_lbservers
> >> >>
> >> >> [dc1_webservers]
> >> >> 1.1.1.20
> >> >> 1.1.1.30
> >> >>
> >> >> [dc1_lbservers]
> >> >> 1.1.1.10
> >> >>
> >> >> [dc2:children]
> >> >> dc2_webservers
> >> >> dc2_lbservers
> >> >>
> >> >> [dc1_webservers]
> >> >> 1.1.2.20
> >> >> 1.1.2.30
> >> >>
> >> >> [dc1_lbservers]
> >> >> 1.1.2.10
> >> >>
> >> >> [webservers:children]
> >> >> dc1_webservers
> >> >> dc2_webservers
> >> >>
> >> >> [lbservers:children]
> >> >> dc1_lbservers
> >> >> dc2_lbservers
> >> >>
> >> >>
> >> >> - James
> >> >>
> >> >> On Fri, Dec 6, 2013 at 12:17 AM, <jo...@tweetwall.com> wrote:
> >> >> > Hello,
> >> >> >
> >> >> > We currently have three datacenters, and they're all three
> basically
> >> >> > the
> >> >> > same with some very minor differences. Up until now, what I've
> done
> >> >> > is
> >> >> > created a playbook for each, and a hosts file for each datacenter.
> >> >> > This
> >> >> > was
> >> >> > primarily because the ethernet interfaces slightly differed and we
> >> >> > didn't
> >> >> > want to have to remember to provide forgettable variables on the
> >> >> > command
> >> >> > line.
> >> >> >
> >> >> > Now, we're finally migrating our systems where all datacenters
> will
> >> >> > be
> >> >> > exactly the same, so we can use the same playbook. To keep it
> >> >> > simple,
> >> >> > lets
> >> >> > say that each datacenter has one load balancer, and two web
> servers.
> >> >> >
> >> >> > DC1
> >> >> >
> >> >> > [webservers]
> >> >> > 1.1.1.20
> >> >> > 1.1.1.30
> >> >> >
> >> >> > [lbservers]
> >> >> > 1.1.1.10
> >> >> >
> >> >> >
> >> >> > DC2
> >> >> >
> >> >> > [webservers]
> >> >> > 1.1.2.20
> >> >> > 1.1.2.30
> >> >> >
> >> >> > [lbservers]
> >> >> > 1.1.2.10
> >> >> >
> >> >> >
> >> >> > DC3
> >> >> >
> >> >> > [webservers]
> >> >> > 1.1.3.20
> >> >> > 1.1.3.30
> >> >> >
> >> >> > [lbservers]
> >> >> > 1.1.3.10
> >> >> >
> >> >> >
> >> >> >
> >> >> > Typically, in our previous setup where each datacenter had its own
> >> >> > hosts
> >> >> > file and playbook, we'd do the following to deploy all the
> >> >> > installation
> >> >> > tasks:
> >> >> >>
> >> >> >> ansible-playbook -i /ansible/dc1/hosts.txt
> >> >> >> /ansible/dc1/all_full_deploy.yml
> >> >> >
> >> >> >
> >> >> > Since our datacenters will basically be the same, and the playbook
> >> >> > can
> >> >> > now
> >> >> > be the same, I understand that I could use just one playbook, and
> >> >> > change
> >> >> > out
> >> >> > the hosts file and it'll work to isolate deployments to that
> >> >> > datacenter.
> >> >> > The
> >> >> > issue, and why I'm writing this is that I'd also be able to, for
> >> >> > example,
> >> >> > deploy our website to all [webservers] regardless of which
> datacenter
> >> >> > it's
> >> >> > in—and it has to perform a few tasks on the respective load
> balancer
> >> >> > when it
> >> >> > does it (taking it out and adding it back).
> >> >> >
> >> >> > So, what is the recommended way to have a multi-datacenter hosts
> file
> >> >> > so
> >> >> > that we can work with a single datacenter, or all of them ideally
> >> >> > using
> >> >> > the
> >> >> > same hosts file and the same playbook?
> >> >> >
> >> >> > Thank you guys in advance for any advice you can provide.
> >> >> >
> >> >> > Sincerely,
> >> >> > Joel Strellner
> >> >> >
> >> >> > --
> >> >> > You received this message because you are subscribed to the Google
> >> >> > Groups
> >> >> > "Ansible Project" group.
> >> >> > To unsubscribe from this group and stop receiving emails from it,
> >> >> > send
> >> >> > an
> >> >> > email to ansible-proje...@googlegroups.com.
> >> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >> >
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> > Groups
> >> > "Ansible Project" group.
> >> > To unsubscribe from this group and stop receiving emails from it,
> send
> >> > an
> >> > email to ansible-proje...@googlegroups.com.
> >> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Ansible Project" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an
> > email to ansible-proje...@googlegroups.com <javascript:>.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
