1

I have a role for configuring nginx. As you'd expect, it adds files to a directory that is then included by the main config file. I've started to run into issues with the order in which these files are read so I'd like to move some of them into another directory that's included after this one.

The problem is that the role has already been run in several places so if I just change the path of some of the config files to the new directory then old copies will be left behind in the old directory. Solutions I've thought of are:

  • Include tasks to delete the old files - this feels like clutter that's going to be stuck in the role forever.
  • Delete everything in the directory and let the role recreate the files that are supposed to be there - files from other sources (e.g. other roles or the same role run multiple times) will be lost.

In this case I know everywhere that the role has been used so I could just wait until I know the old files are gone then remove the steps that get rid of them or even remove the files manually but that certainly doesn't scale. Are there any established practices for dealing with this sort of issue or ways of thinking about it that I should know about?

Calum Halpin
  • 207
  • 1
  • 8

1 Answers1

1

You don't need to keep something in the role forever that deletes the old files.

You could always just run a one-off play the next time you run the role that deletes the old files. But keep in mind that you may have to keep that one-off around, if at the time you migrate, some hosts are unreachable, or you run into some other problem.

Or you could add it to the role, and leave it there for a while. As soon as you're sure all affected hosts have had the files removed, you can remove the task that deletes them. It's mostly harmless to keep it around.

I prefer this way to deleting and recreating the whole directory, as that isn't idempotent. It will always be recorded as changed, even when nothing semantically changed. Remember that in Ansible, idempotence is not guaranteed; you have to do it yourself.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • In this case a one-time play would work (or removing some deletion tasks once I know they've run) but I think that would become impractical if the role was being used on more servers, perhaps managed by other people. A handful of deletion tasks are pretty harmless but they could really accumulate over time. Or maybe they wouldn't and I'm just overthinking this. – Calum Halpin Feb 22 '19 at 18:10
  • @CalumHalpin How long will it take you to get the play run on every server that needs it? – Michael Hampton Feb 22 '19 at 18:35
  • I won't actually be responsible for running the playbook, I'm just writing it, so I've included deletion tasks in the role for simplicity. It'll probably have been run everywhere by the end of next week. I was hoping someone might have an approach that would avoid the issue completely in future, I've no idea what that might be though. – Calum Halpin Feb 22 '19 at 18:47
  • Ask whoever is running the playbook for their opinions on when it should be removed. – Michael Hampton Feb 22 '19 at 18:49