Ansible Role Structuring

Question

I'm new to Ansible and currently building out a few plays to perform common tasks such as performing pre & post installs for our software in dev/test.

A scenario I’m working on is configuring a server once spun up from TF using Ansible. Ansible will install all pre reqs for our software such as C++ binaries, SQL Server, IIS roles etc and then install our software and perform post reqs such as install a certificate etc and I've been using roles to do this so far.

My playbook to perform the above is currently this:

- hosts: TargetInventory
  gather_facts: true

  vars_files:
  - Windows/000-files/play_variable_files/Windows-Standard-Include.yml
  - Windows/000-files/play_variable_files/Application-Details.yml
  pre_tasks: []

  roles:
  - Windows/010-playbook-init/010-temp-dirs-and-tools
  - Windows/100-InstallWindowsFeatures/090-Install-dotNET35
  - Windows/105-InstallIISRoles-AppName
  - Windows/100-InstallWindowsFeatures/060-Install-MSMQ
  - Windows/100-InstallWindowsFeatures/070-Install-SMTP
  - Windows/100-InstallWindowsFeatures/080-Install-SNMP
  - Windows/200-InstallPackages/020-InstallNet48
  - Windows/200-InstallPackages/030-InstallCPPRedistributable
  - Windows/200-InstallPackages/040-InstallMVC
  - Windows/300-InstallSoftware/040-Install-SQL-Server
  - Windows/300-InstallSoftware/042-Install-SQL-Server-Managment-Studio
  - Windows/500-SpecialityMachines/Install-Configure-ApplicationName

While this works, I'm trying to think long term and build the correct structure since I have a few more apps to do.

I hit this potential roadblock when creating the role Install-Configure-ApplicationName which is quite monolith at the moment.

It will install the MSI, install a SSL cert, configure IIS for the app with hostname inc web.config mods, verify IIS, configure email within registry etc. I wanted to split these plays out and into roles, as the sections can be used else where such as install certificate, configure email for ADHOC jobs.

I like this idea personally but then I think further down the line with regards to documentation. Let’s say in 5 years my playbook with all these role to build a configure our app is gone. How will they know you need 20 roles to deploy the app? This casts a doubt on my current role setup because I would need documentation for what should already be documentation?

Where my confusion comes in is how do you define and organise roles and how does that cascade into different areas such as documentation etc?

Keen to hear your thoughts.

Brad

Answer 1

I do not have experience using ansible for servers but I do use for network configuration and management. I create roles based on the service that is going to provide.

You are essentially building a bottom up structure.

Component Roles:

• SSL install option 1
• SSL install option 2
• Validation option 1

Functional Roles

• SSL Flavor 1 (Role)

• • SSL install option 1
• • Validation option 1

• SSL Flavor 2 (Role)

• • SSL install option 2
• • Validation option 1

Parent/Service Role SSL

• SSL Flavor 1
• SSL Flavor 2

So your documentation will be provide what the expected inputs to run the top level Parent/Service role and the expect outputs i.e SSL Flavor 1 requires abc inputs where as SSL Flavor 2 requires xyz inputs.