Bootstrap FreeKB - Ansible - Create variables for groups of nodes using group_vars
Ansible - Create variables for groups of nodes using group_vars

Updated:   |  Ansible articles

Following are the differet ways that variables can be set in Ansible. This list is in the order of precedence, where the option higher in the list takes precedence over options lower in the list.

The group_vars directory can be used to create variables that can be used by:

  • all managed nodes (e.g. target systems)
  • certain managed nodes (e.g. target systems)

For example, let's say main.yml contains variables, perhaps something like this.

foo: "Hello World"
environments:
  - development
  - staging
  - production

 

Variables defined in the group_vars/all/main.yml​ file will be available to all target servers, whereas variables defined in the group_vars/dev/main.yml​ file would only be available to target servers that are part of the "dev" group.

Let's say you have a group of dev and prod servers in your default hosts file or your own inventory file.

dev:
  hosts:
    server1.example.com:
    server2.example.com:
    server3.example.com:
prod:
  hosts:
    server4.example.com:
    server5.example.com:
    server6.example.com:

 

In this scenario, you could create files in the group_vars directory like this.

/usr/local/ansible/group_vars/all.yml
/usr/local/ansible/group_vars/dev.yml
/usr/local/ansible/group_vars/prod.yml

 

Or like this.

/usr/local/ansible/group_vars/all/main.yml
/usr/local/ansible/group_vars/dev/main.yml
/usr/local/ansible/group_vars/prod/main.yml

 

AVOID TROUBLE

If both group_vars/all.yml and group_vars/all/main.yml exist, group_vars/all/main.yml will take precedence over group_vars/all.yml.

In this example:

  • variables in groups_var/all would be made available to all hosts (both the dev and prod hosts)
  • variables in groups_var/dev would only be available to the dev hosts
  • variables in groups_var/prod would only be available to the prod hosts

 

Here is an example of how a playbook could be set to all (or dev, or prod).

---
- hosts: all
  tasks:
  - debug:
      var: foo

  - debug:
      var: environments
...

 

Which should return something like this.

TASK [debug]
ok: [server1.example.com] => {
    "var": "Hello World"
}

ok: [server1.example.com] => {
    "environments": [
        "development",
        "staging",
        "production"
    ]
}

 


Encrypted Ansible Vault File

You could also create an encrypted file using the ansible-vault create command in one of the group_vars directories.

ansible-vault create groups_var/all/vault.yml

 

Let's say groups_var/all/vault.yml contains the following.

bar: World

 

Let's say your playbook contains the "bar" variable.

---
- hosts: all
  tasks:
  - debug:
      var: bar
...

 

When using the ansible-playbook command to run your playbook, you could use the --ask-vault-pass option.

ansible-playbook example.yml --ask-vault-pass

 

And you will be prompted for the vault password.

Vault password:

 

Or, to avoid being prompted for the vault password, you could create a vault password file, and then use the --vault-password-file command line option (if you are going to use the same password for all of the ansible-vault commands) . . .

ansible-playbook example.yml --vault-password-file /usr/local/ansible/vault/.vault_password.txt

 

Or the --vault-id command line option (if you want to use different passwords) 

ansible-playbook example.yml --vault-id john.doe@/usr/local/ansible/vault/.vault_password.txt

 

Or you could set the vault_password_file directive in your ansible.cfg file.

[defaults]
vault_password_file = /usr/local/ansible/vault/.vault_password.txt

 

In this scenario, you wouldn't need to use any of the vault password command line options (--ask-vault-pass--vault-password-file--vault-id).

ansible-playbook example.yml

 

The playbook should then output the following, where the value of the "bar" variable in the encrypted groups_var/all/vault.yml file is returned.

TASK [debug]
ok: [server1.example.com] => {
    "var": "World"
}

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter 5b0b51 in the box below so that we can be sure you are a human.