How to work with multiple projects in Hetzner Cloud
Posted on April 16, 2021 by Adrian Wyssmann ‐ 3 min read
In Hetzner Cloud you can have multiple projects. As you can have different members per group, it really makes sense to have different projects for different purposes. I will explain in this article on how I work with multiple projects in Ansible, as well when using the cli
Multiple projects in Hetzner Cloud
A project in Hetzner Cloud has a dedicated set of members and resources, whereas each member has a role, which determines what they are allowed to do. In my case I have two projects, to separate productive systems from my playground/development resources:
How to access projects using the cli
Access to projects is controlled by the API token, which you have to create via the Cloud Console:
You can set the token as environment variable HCLOUD_TOKEN
which can be used for both, ansible and the hcloud cli. However as you can have only one environment variable with this name, this may cause undesired side effect, as depending on the value set, you access either one or the other project. Luckily hcloud cli has context
. You can define contexts
by giving it a name and the project-specific token for example:
Let’s see how this works
Dynamic inventory in Ansible with multiple projects
I already wrote in one of my recent posts how manage inventory with inventory plugins using the hcloud inventory plugin and hetzner robot inventory plugin. If you use Hetzner Cloud. So far I started with a single inventory file inventory.hcloud.yml
which looked like this:
So far I always had HCLOUD_TOKEN
set but when removing this will not work anymore:
If you check carefully in the docu of hcloud inventory plugin you can see that one can set the token
. So let`s do that - obviously using an encrypted string:
And see, it’s working
As I have configured inventory
in the ansible.cfg
the above also works without the -i
parameter. So as I have 2 projects, I also need 2 inventory files - inventory.dev.hcloud.yml
and inventory.prd.hcloud.yml
- both with the same configuration, but different token
. I also update ansible.cfg
as follows:
This is sufficient so that I can use the inventory of both projects - dev0001
runs in development
whereas ttrss
runs in production
: