Migrating our Ansible roles to a collection

Click for: original source

An article by Sebastian Gumprich about their experience with decision to move their existing Ansible roles for Linux, ssh, nginx and MySQL into an Ansible collection. Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins.

Having only one repository for all roles means we don’t have to duplicate code. We have one common test-suite for all roles that works the same for every role. Also Collections are the future, as there is possibly no support for roles in the next version of Ansible Galaxy (see ansible/galaxy_ng#58).

However, collections are only supported from Ansible 2.9 and onwards. And Ansible 2.8 is still supported (https://docs.ansible.com/ansible/latest/reference_appendices/release_and_maintenance.html#release-status). This means we need to support the separate roles until 2.9 is the oldest maintained release.

The guide then describes:

  • The plan
  • Problems and other interesting things
  • The Result
  • The future

The hardest bug we encountered was a problem with AppArmor and MySQL on recent Ubuntu distributions. Here’s the bug: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1610765. A faulty AppArmor profile prevents MySQL from starting because AppArmor blocks access to MySQL’s configuration files. And Github Actions run on a Ubuntu 18.04 virtual machine with AppArmor enabled. So I wondered why the role does work when running molecule locally (btw: I use Arch) but not in the CI-pipeline. It took some days to figure this one out. However once I found out the reason for this, the solution was found much faster. Robert de Bock also had this problem and fixed it here

Nice one!

[Read More]

Tags ansible web-development devops web-development app-development