Scenarios #
Some hacks or strategies for handling specific situations
Scenario list #
- ansible-vault and GPG
- ansible-vault and GPG # ansible-vault Documentation: https://docs.ansible.com/ansible/latest/user_guide/vault.html TODO Consider rewriting for using ssh keys instead of GPG keys? I think this is now what Debian does for package signing, and would be more accessible as many people do not have GPG set up but do have ssh-agent. If you already have some corporate secret store, like Square’s Keywhiz, Hashicorp’s Vault, or one of many others, you should probably use it with Ansible.
- docker-compose and changing config files
- docker-compose and changing config files # docker-compose (and docker swarm) has a concept of configs, which are sort of like mounting a single file as a volume. Especially handy is that you can specify the user that owns the config in the container. See also the Docker documentation. You might use it in a config file like this: version: "3.7" services: dex: image: dexidp/dex volumes: - /etc/localtime:/etc/localtime:ro configs: - source: dex_config target: /config.
- Prefix all variables
- Prefix all variables # When writing roles, I recommend prefixing all variables with the role name. This helps prevent accidental variable leakage, it means you know exactly where a variable is defined, and it makes variables easier to grep for. For example, in roles/examplerole/defaults/main.yml, I recommend this: examplerole_foo: 12345 examplerole_blah: "asdf" but not this: foo: 12345 blah: "asdf" Variables used elsewhere # (You might think of variables used in multiple rules as “global variables”, but keep in mind that most variables in Ansible are global, so this can be confusing.
- Script templates
- Script templates # template Documentation: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/template_module.html I have a few rules of thumb I use when creating script templates. Following these makes scripts readable on the deployed host, and manageable in Ansible. Keep Ansible variables in a block at the top of the script # Don’t sprinkle Ansible variables throughout a templated script. Instead, keep them at the top of the file where they’re easy to find and update.