cod3fr3ak · June 14, 2019 00:42
diff --git a/Ansible deployment Practices b/Ansible deployment Practices
 What I would do is to have roles for each system service that your application needs, a play and a role for each application/microservice, and group and/or host variables and role variables and defaults which define what to do.

 I deploy a lot of PHP-based applications, so that looks a lot like this:

 I'll have a play app_microservice.yml:

 ---
 - hosts: app_microservice_servers
  roles:
    - nginx
    - mariadb
    - php-fpm
    - app_microservice
 So I'll have a role roles/app_microservice which deploys the code. When I run this play, the nginx, mariadb and php-fpm prerequisites will be installed and configured first, if they haven't already been.

 In addition to calling roles, a play can also run arbitrary tasks. Feel free to mix and match these if something is simple enough that a full role isn't called for.

 This play also goes into all.yml along with every other play, so that I can occasionally do ansible-playbook all.yml. Remember that ansible doesn't guarantee idempotence like puppet tries to, so this is something you have to be careful of.

 - include: app_microservice.yml
 I use group variables to define things which are common to a group (though there are precious few of these that won't fit in the role variables or defaults instead), group all variables for global stuff, and host variables for anything that's unique to a host.

 For instance, I give a unique MySQL root password to every host, but I have SSL ciphers and protocols defined in group_vars/all/main.yml so that, if they need to be changed, there is one source of truth for them.
	What I would do is to have roles for each system service that your application needs, a play and a role for each application/microservice, and group and/or host variables and role variables and defaults which define what to do.

	I deploy a lot of PHP-based applications, so that looks a lot like this:

	I'll have a play app_microservice.yml:

	---
	- hosts: app_microservice_servers
	roles:
	- nginx
	- mariadb
	- php-fpm
	- app_microservice
	So I'll have a role roles/app_microservice which deploys the code. When I run this play, the nginx, mariadb and php-fpm prerequisites will be installed and configured first, if they haven't already been.

	In addition to calling roles, a play can also run arbitrary tasks. Feel free to mix and match these if something is simple enough that a full role isn't called for.

	This play also goes into all.yml along with every other play, so that I can occasionally do ansible-playbook all.yml. Remember that ansible doesn't guarantee idempotence like puppet tries to, so this is something you have to be careful of.

	- include: app_microservice.yml
	I use group variables to define things which are common to a group (though there are precious few of these that won't fit in the role variables or defaults instead), group all variables for global stuff, and host variables for anything that's unique to a host.

	For instance, I give a unique MySQL root password to every host, but I have SSL ciphers and protocols defined in group_vars/all/main.yml so that, if they need to be changed, there is one source of truth for them.