Ansible: Idempotent Playbooks

Effective Directory Layout

├── ansible.cfg
├── host_vars
│ ├── raspi-3-1.yml
│ ├── ...
├── group_vars
├── roles
│ ├── consul
│ ├── docker-arch
│ ├── docker-arm
│ ├── nfs-client
│ ├── nfs-server
│ └── nomad
├── scripts
│ ├── consul
│ ├── nomad
│ ├── configs
│ ├── jobs
│ ├── system
│ ├── update_packages.yaml
│ ├── tutorial
│ └── uninstall
├── hosts
└── site.yml
  • Global config files in directory root: The ansible config files ansible.cfg and the inventory hosts.
  • Global playbook: The playbook site.yml is an idempotent playbook that, when executed, configures all nodes with all the infrastructure systems that I have. Effectively it installs all the roles on all nodes and patches the nodes to the newest OS packages.
  • Global vars: The group_vars directory contains global variables, especially the IP addresses for the Nomad, Consul and NFS servers. In the host_vars directory, I include a file for each node that determines its Nomad/Consul/NFS role as being master or agent.
  • Separating roles and scripts: The roles directory contains playbooks that install infrastructure systems. These are the ansible roles I explained in earlier articles. In scripts are commands that are executed regularly, things like updating the nodes or restarting processes on the nodes. I also include the deployments of Nomad jobs, including config files for programs, inside the script directory.

Uninstaller

- block:
- name: Install dnsmasq
apt:
name: dnsmasq
state: present
- name: Configure dnsmasq
lineinfile:
path: /etc/dnsmasq.d/10_consul
create: true
line: server=/consul/192.168.2.201#8600
regexp: consul
state: present
when: uninstall is not defined
- block:
- name: Uninstall
apt:
name: dnsmasq
state: absent
- file:
path: /etc/dnsmasq.d
state: absent
when: uninstall is defined and uninstall
ansible-playbook site.yml --limit=raspi-3-1 --tags dns -e "{uninstall: true}"
PLAY [Configure DNS] ***********************************************************************************************************************TASK [dns : Install dnsmasq] ***************************************************************************************************************
skipping: [raspi-3-1]
TASK [dns : Configure dnsmasq] *************************************************************************************************************
skipping: [raspi-3-1]
TASK [dns : Restart dnsmasq] ***************************************************************************************************************
skipping: [raspi-3-1]
TASK [dns : Uninstall] *********************************************************************************************************************
changed: [raspi-3-1]
TASK [dns : file] **************************************************************************************************************************
changed: [raspi-3-1]

Idempotent Playbooks

- name: Create fstab entry
lineinfile:
path: /etc/fstab
line: '{{ nfs_dir_server_ip }}:{{ nfs_dir_mnt_path }} {{ nfs_dir_mnt_path }} nfs defaults,soft,bg,noauto,rsize=32768,wsize=32768,noatime 0 0'
state: present
- name: Create fstab entry
lineinfile:
path: /etc/fstab
line: '{{ nfs_dir_server_ip }}:{{ nfs_dir_mnt_path }} {{ nfs_dir_mnt_path }} nfs defaults,soft,bg,noauto,rsize=32768,wsize=32768,noatime 0 0'
regex: 'nfs defaults,soft,bg,noauto'
state: present

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sebastian

Sebastian

IT Project Manager & Developer