Ansible Best Practices - July 30
-
Upload
tylerturk -
Category
Technology
-
view
313 -
download
2
description
Transcript of Ansible Best Practices - July 30
Ansible Best PracticesTyler Turk – DevOps Engineer at WP Engine
Who am I?
DevOps Engineer at WP Engine
Enjoys Operations, Development, and long walks on the beach
General Overview
Content Organization
• Follow hierarchy best practices
• Use roles for content
• Simplify your roles
Make it readable; keep it simple
• Always provide a task name
• Always define state
• Over-use comments and white-space
Tag all the things
• Tags help organization
• --skip-tags=tags,to,skip
• --tags=only,run,these,tags
Don’t Repeat Yourself!
• Re-use code when
possible
• Leverage jinja2
templating
• Avoid duplication unless
absolutely necessary
Idempotency
What is idempotence?
Idempotence is the property of
certain operations in mathematics
and computer science, that can be
applied multiple times without
changing the result beyond the initial
application
Why is idempotency important?
Config Management that lacks idempotency introduces
doubt!
• Ensure no changes unless things actually change
• Some idempotency issues can be big issues (> versus >>)
• Hides the real changes in a cloud of doubt
• Reduction in speed if changes are consistently made
• Testing becomes increasingly difficult
Shooting Yourself in the Foot
• Conflicting tasks for differing roles
• Remember: Don’t Repeat Yourself!
• Double check your work
How do we get there?
• Fully understand requirements
• Document required processes and
procedures
• Requirement verification with
invested parties
• Review module docs to ensure it is
idempotent
Some Modules Lacking Idempotency
• Shell module
• Command module
• File module with touch argument
What are changed_when and failed_when?
Templating
Jinja2 – An Introduction
• Python templating language
• Many filters available
(to_nice_json, to_nice_yaml, sort)
• Conditional evaluation on task result
(success, changed, failed, skipped)
Additional Information:
http://docs.ansible.com/playbooks_variables.html#using-variables-about-jinja2
http://jinja.pocoo.org/docs/templates/#builtin-filters
Variables with Jinja2
• Avoid dictionaries if values will change
• Accessible with double curly braces
{{ i_am_a_variable }}
{{ cluster.datacenter }}
• Verify variable definition
{% if cluster.lbmaster is not defined %}
# Potential Error: No lbmaster
{% endif %}
More with Jinja2
• Simple file templating with loops
• Simple file templating with if/else
• Even use variables for file
names!
• Iterate through items, globs, and
hashes
Lessons Learned
Lessons Learned
• Long running tasks should run
in screen!
• Leverage the community on
IRC
• Validate proper order of
operations
• Overly document playbooks
and procedures
More Lessons Learned
• Burn and churn on virtual
instances for additional testing
• Consistency in playbook
development
• Implement actual testing with
ansible-lint and other CI
utilities
• Do not merge non-idempotent
pull requests
Questions? What about testing? That’s next!
References
Ansible Playbook Best Practiceshttp://docs.ansible.com/playbooks_best_practices.html
Ansible (Real Life) Good Practiceshttp://www.reinteractive.net/posts/167-ansible-real-life-good-practices
Jinja2 Documentationhttp://jinja.pocoo.org/docs/