Ansible Best PracticesTyler Turk – DevOps Engineer at WP Engine

Who am I?

DevOps Engineer at WP Engine

Enjoys Operations, Development, and long walks on the beach

General Overview

Content Organization

• Follow hierarchy best practices

• Use roles for content

• Simplify your roles

Make it readable; keep it simple

• Always provide a task name

• Always define state

• Over-use comments and white-space

Tag all the things

• Tags help organization

• --skip-tags=tags,to,skip

• --tags=only,run,these,tags

Don’t Repeat Yourself!

• Re-use code when

possible

• Leverage jinja2

templating

• Avoid duplication unless

absolutely necessary

Idempotency

What is idempotence?

Idempotence is the property of

certain operations in mathematics

and computer science, that can be

applied multiple times without

changing the result beyond the initial

application

Why is idempotency important?

Config Management that lacks idempotency introduces

doubt!

• Ensure no changes unless things actually change

• Some idempotency issues can be big issues (> versus >>)

• Hides the real changes in a cloud of doubt

• Reduction in speed if changes are consistently made

• Testing becomes increasingly difficult

Shooting Yourself in the Foot

• Conflicting tasks for differing roles

• Remember: Don’t Repeat Yourself!

• Double check your work

How do we get there?

• Fully understand requirements

• Document required processes and

procedures

• Requirement verification with

invested parties

• Review module docs to ensure it is

idempotent

Some Modules Lacking Idempotency

• Shell module

• Command module

• File module with touch argument

What are changed_when and failed_when?

Templating

Jinja2 – An Introduction

• Python templating language

• Many filters available

(to_nice_json, to_nice_yaml, sort)

• Conditional evaluation on task result

(success, changed, failed, skipped)

Additional Information:

http://docs.ansible.com/playbooks_variables.html#using-variables-about-jinja2

http://jinja.pocoo.org/docs/templates/#builtin-filters

Variables with Jinja2

• Avoid dictionaries if values will change

• Accessible with double curly braces

{{ i_am_a_variable }}

{{ cluster.datacenter }}

• Verify variable definition

{% if cluster.lbmaster is not defined %}

# Potential Error: No lbmaster

{% endif %}

More with Jinja2

• Simple file templating with loops

• Simple file templating with if/else

• Even use variables for file

names!

• Iterate through items, globs, and

hashes

Lessons Learned

Lessons Learned

• Long running tasks should run

in screen!

• Leverage the community on

IRC

• Validate proper order of

operations

• Overly document playbooks

and procedures

More Lessons Learned

• Burn and churn on virtual

instances for additional testing

• Consistency in playbook

development

• Implement actual testing with

ansible-lint and other CI

utilities

• Do not merge non-idempotent

pull requests

Questions? What about testing? That’s next!

References

Ansible Playbook Best Practiceshttp://docs.ansible.com/playbooks_best_practices.html

Ansible (Real Life) Good Practiceshttp://www.reinteractive.net/posts/167-ansible-real-life-good-practices

Jinja2 Documentationhttp://jinja.pocoo.org/docs/