Download - Ansible Best Practices - July 30
![Page 1: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/1.jpg)
Ansible Best PracticesTyler Turk – DevOps Engineer at WP Engine
![Page 2: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/2.jpg)
Who am I?
DevOps Engineer at WP Engine
Enjoys Operations, Development, and long walks on the beach
![Page 3: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/3.jpg)
General Overview
![Page 4: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/4.jpg)
Content Organization
• Follow hierarchy best practices
• Use roles for content
• Simplify your roles
![Page 5: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/5.jpg)
Make it readable; keep it simple
• Always provide a task name
• Always define state
• Over-use comments and white-space
![Page 6: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/6.jpg)
Tag all the things
• Tags help organization
• --skip-tags=tags,to,skip
• --tags=only,run,these,tags
![Page 7: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/7.jpg)
Don’t Repeat Yourself!
• Re-use code when
possible
• Leverage jinja2
templating
• Avoid duplication unless
absolutely necessary
![Page 8: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/8.jpg)
Idempotency
![Page 9: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/9.jpg)
What is idempotence?
Idempotence is the property of
certain operations in mathematics
and computer science, that can be
applied multiple times without
changing the result beyond the initial
application
![Page 10: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/10.jpg)
Why is idempotency important?
Config Management that lacks idempotency introduces
doubt!
• Ensure no changes unless things actually change
• Some idempotency issues can be big issues (> versus >>)
• Hides the real changes in a cloud of doubt
• Reduction in speed if changes are consistently made
• Testing becomes increasingly difficult
![Page 11: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/11.jpg)
Shooting Yourself in the Foot
• Conflicting tasks for differing roles
• Remember: Don’t Repeat Yourself!
• Double check your work
![Page 12: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/12.jpg)
How do we get there?
• Fully understand requirements
• Document required processes and
procedures
• Requirement verification with
invested parties
• Review module docs to ensure it is
idempotent
![Page 13: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/13.jpg)
Some Modules Lacking Idempotency
• Shell module
• Command module
• File module with touch argument
![Page 14: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/14.jpg)
What are changed_when and failed_when?
![Page 15: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/15.jpg)
Templating
![Page 16: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/16.jpg)
Jinja2 – An Introduction
• Python templating language
• Many filters available
(to_nice_json, to_nice_yaml, sort)
• Conditional evaluation on task result
(success, changed, failed, skipped)
Additional Information:
http://docs.ansible.com/playbooks_variables.html#using-variables-about-jinja2
http://jinja.pocoo.org/docs/templates/#builtin-filters
![Page 17: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/17.jpg)
Variables with Jinja2
• Avoid dictionaries if values will change
• Accessible with double curly braces
{{ i_am_a_variable }}
{{ cluster.datacenter }}
• Verify variable definition
{% if cluster.lbmaster is not defined %}
# Potential Error: No lbmaster
{% endif %}
![Page 18: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/18.jpg)
More with Jinja2
• Simple file templating with loops
• Simple file templating with if/else
• Even use variables for file
names!
• Iterate through items, globs, and
hashes
![Page 19: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/19.jpg)
Lessons Learned
![Page 20: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/20.jpg)
Lessons Learned
• Long running tasks should run
in screen!
• Leverage the community on
IRC
• Validate proper order of
operations
• Overly document playbooks
and procedures
![Page 21: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/21.jpg)
More Lessons Learned
• Burn and churn on virtual
instances for additional testing
• Consistency in playbook
development
• Implement actual testing with
ansible-lint and other CI
utilities
• Do not merge non-idempotent
pull requests
![Page 22: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/22.jpg)
Questions? What about testing? That’s next!
![Page 23: Ansible Best Practices - July 30](https://reader036.vdocuments.us/reader036/viewer/2022081412/540d89438d7f72767e8b4a3e/html5/thumbnails/23.jpg)
References
Ansible Playbook Best Practiceshttp://docs.ansible.com/playbooks_best_practices.html
Ansible (Real Life) Good Practiceshttp://www.reinteractive.net/posts/167-ansible-real-life-good-practices
Jinja2 Documentationhttp://jinja.pocoo.org/docs/