.yml
{{ var }}
not $var
{{ var }}
not {{var}}
EDXAPP_FOO
my_role
) not dashes (my-role
).my_path: /foo
not my_path: /foo/
. When concatenating paths, follow the same convention (e.g. {{ my_path }}/bar
not {{ my_path }}bar
)when:
for conditionals - To check if a variable is defined when: my_var is defined
or when: my_var is not defined
To verify return status (see conditionals)
- command: /bin/false register: my_result ignore_errors: True - debug: msg="task failed" when: my_result|failed |
Use yaml-style blocks.
Good:
- file: dest: "{{ test }}" src: "./foo.txt" mode: 0770 state: present user: "root" group: "wheel" |
Bad:
- file: > dest={{ test }} src=./foo.txt mode=0770 state=present user=root group=wheel |
Break long lines using yaml line continuation.
Reference: http://docs.ansible.com/playbooks_intro.html
- shell: > python a very long command --with=very --long-options=foo --and-even=more_options --like-these |
Every role should have a standard set of role directories, example that includes a python and ruby virtualenv:
edxapp_data_dir: "{{ COMMON_DATA_DIR }}/edxapp" edxapp_app_dir: "{{ COMMON_APP_DIR }}/edxapp" edxapp_log_dir: "{{ COMMON_LOG_DIR }}/edxapp" edxapp_venvs_dir: "{{ edxapp_app_dir }}/venvs" edxapp_venv_dir: "{{ edxapp_venvs_dir }}/edxapp" edxapp_venv_bin: "{{ edxapp_venv_dir }}/bin" edxapp_rbenv_dir: "{{ edxapp_app_dir }}" edxapp_rbenv_root: "{{ edxapp_rbenv_dir }}/.rbenv" edxapp_rbenv_shims: "{{ edxapp_rbenv_root }}/shims" edxapp_rbenv_bin: "{{ edxapp_rbenv_root }}/bin" edxapp_gem_root: "{{ edxapp_rbenv_dir }}/.gem" edxapp_gem_bin: "{{ edxapp_gem_root }}/bin" |
As a general policy we want to protect the following data:
Directory structure for the secure repository:
ansible
├── files
├── keys
└── vars
The default secure_dir
is set in group_vars/all
and can be overridden by adding another file in group_vars that corresponds to a deploy group name.
For templates or files that are secure use first_available_file
, example:
- name: xserver | install read-only ssh key for the content repo that is required for grading copy: src: "{{ item }}" dest: /etc/git-identity force: yes owner: ubuntu group: adm mode: "0640" first_available_file: - "{{ secure_dir }}/files/git-identity" - "git-identity-example" |