ansible-nginx
ansible-nginx copied to clipboard
debops
Manage servers defined via multiple groups
I'm struggling to find a way to realize server configurations that are defined in the group vars of multiple groups but where the inventory maps these groups to the same host.
Details
I have 2 groups (frontend-servers, backend-servers) to which the debops.nginx role is applied via the following playbook:
---
- hosts: frontend-servers
roles:
- debops.nginx
- hosts: backend-servers
roles:
- debops.nginx
Furthermore, I define group variables for both groups:
---
# group_vars/frontend-servers.yaml
nginx_servers:
- '{{ frontend_server }}'
frontend_server:
enabled: True
#...
---
# group_vars/backend-servers.yaml
nginx_servers:
- '{{ backend_server }}'
backend_server:
enabled: True
#...
However, I have an inventory that maps both groups to the same host
[frontend-servers]
webserver
[backend-servers]
webserver
It seems like only one of the nginx_servers lists from the group_vars is respected. Is there another way to realize servers from multiple groups on the same host?
You can't use group variables if you want debops.nginx to create multiple vhosts like that. Instead, you can create two roles: backend and frontend. Inside those two roles, you'd create your backend_server and frontend_server variables. You'd then pass them to the debops.nginx dependency.
# meta/main.yml
---
dependencies:
- role: debops.nginx
nginx_servers:
- '{{ nginx_server }}'
Actually, you can, it's just a little more complicated:
In inventory/group_vars/backend-servers/nginx.yml put:
nginx_servers: [ '{{ nginx_backend_server }}' ]
nginx_backend_server:
name: [ 'backend.{{ ansible_domain }}' ]
enabled: True
In inventory/group_vars/frontend-servers/nginx.yml put:
nginx_servers: [ '{{ nginx_frontend_server }}' ]
nginx_frontend_server:
name: [ '{{ ansible_domain }}', 'www.{{ ansible_domain }}' ]
enabled: True
Now, you need to merge them. To do it, you can create a new inventory group for merged hosts:
[nginx-merged-hosts:children]
frontend-servers
backend-servers
And, in inventory/group_vars/nginx-merged-hosts/nginx.yml put:
nginx_servers: '{{ nginx_merged_servers }}'
nginx_merged_servers:
- '{{ nginx_frontend_server | d({}) }}'
- '{{ nginx_backend_server | d({}) }}'
Now, when you add your host to [nginx-merged-hosts] group, it should have both configurations present.
(All written on the fly, not tested, but I think it should work)
As an aside, Ansible stacks variables from different inventory levels (all, group, host) together so that variables from lower lever override the ones from higher level. Unfortunately, group variables have the same "weight" and I believe the last one wins, so to merge them, you need to get a little creative with different variable names. It's good practive to provide defaults (like d({}) that I did) so that if a variable from one group is not present in the other one, Ansible won't complain.
@carlalexander Since I've got your attention, two ideas I'm thinking about regarding debops.nginx:
- what do you think about adding
nginx_internal_serversvariable similar tonginx_serversand moving the default server, acme and localhost to that? That way adding more custom servers should be easier and you won't need to handle the default ones if you think they are good as they are. - have you checked new
debops.pkiyet? It has ACME support, should work out of the box when you havedebops.nginxset up and DNS pointing to your host. Right now it doesn't have a lot of docs, most of that is in the PR, but I'm looking for feedback before merging the new code.
I have not checked the new debops.pki role yet. I'm following the thread, but debops.pki was over my head a lot already lol
I like the idea of nginx_internal_servers as a place to put vhosts that need to be present for other roles to work. I'm thinking ACME for sure. Not sure with the others, I don't know if you want a default server if I'm putting other vhosts. I guess it could be a more graceful fallback?
