Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Beware if your host is in more than one group #32

Open
jschaeff opened this issue Apr 13, 2018 · 2 comments
Open

Beware if your host is in more than one group #32

jschaeff opened this issue Apr 13, 2018 · 2 comments

Comments

@jschaeff
Copy link

jschaeff commented Apr 13, 2018
edited

My inventory defines hosts and groups.
Each group has a firewall_v4_group_rules dictionary defined.
I was expecting to get a merge of all the firewall_v4_group_rules from each group a host belongs to, but instead, the host only got the rules defined from one group.

Example:

[all]
myhost

[web]
myhost

[database]
myhost

Then group_vars/web.yaml and group_vars/database.yaml define each firewall_v4_group_rules

As a result, myhost only receives rules from one of the 2 groups.

I can work around this issue by setting globally for ansible "hash_behaviour = merge" but is there a way to get this in the role (without changing ansible config) ? Maybe at the template level (I'm not an expert)?
@mikegleasonjr
Copy link
Owner

Hi,

I was expecting to get a merge of all the firewall_v4_group_rules from each group a host belongs to, but instead, the host only got the rules defined from one group.

That's not how Ansible works, see https://docs.ansible.com/ansible/2.5/user_guide/playbooks_variables.html?highlight=variables#variable-scopes. "Child groups override parent groups, and hosts always override their groups." Also see this question on stack overflow which covers your exact same case: https://stackoverflow.com/questions/23525546/ansible-host-in-multiple-groups. Also ansible/ansible#6538. "This is a common misconception. [...] When variables are all at the same level, there is no defined order."

The firewall_v4_default_rules, firewall_v4_group_rules and firewall_v4_host_rules could be also something like firewall_v4_level_1, firewall_v4_level_2 and firewall_v4_level_3. They are not related to groups/hosts in Ansible. They are just pain variables in a role. They have a relation to them in the sense that they are merged together by the role in a specific order. But the content of those 3 variables for a host are specific for this particular host at any point in time. The group variable is not shared among all the groups.

Hope this helps and thank you for your question and interest in the role!

@ibarrere
Copy link

A little late to the party here, but we use merge_vars to accomplish that. It works quite well.

@c-dst c-dst mentioned this issue Sep 11, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jschaeff @mikegleasonjr @ibarrere