>
>
> But again, re-think your approach, it doesn't sound like a good idea:
> - roles have been invented for a reason...
> - I always try to replace the typical `include/when: somevariable has
> somevalue` pattern with `include {{somevariable}}.yml` to avoid all those
> skips
>
Roles are not a good fit for me.
Ansible, on the other hand is a good fit for me.
Biggest mismatch, from what I see ansible is being geared at cloud
infrastructure at scale, being able to mint new servers at will, where the
needs are tightly defined and narrowly focused.
But my needs are corralling an existing infrastructure. Some details:
* smallish mid-size infrastructure (currently just over 100 servers in
inventory)
* many of the servers are pre-built, and cannot easily be rebuilt (much
disruption that I do not have the authority to impose).
* Platforms are (assuming homogeneous linux) pretty heterogeneous. There
are 4 distributions, and several major releases for each distro. Plus the
quirks of several different admin styles.
Ansible is great for this:
* Is *very* well suited for incremental improvements
* "Lightweight" (AKA only ssh requirement) means it works on older servers.
It allows me to progressively coral this, and at the same time have new
builds in a more structured fashion
* We have to support a variety of vendor requirements. This works against
cookie cutter standards
* We run almost no load balanced, cookie cutter servers.
Roles are well suited to cookie cutter needs. But they have real problems:
* It's almost impossible to completely abstract away platform details.
"Apache Web Server" means something quite different in a Debian/Ubuntu
world then in a Redhat/Centos/Suse world. Most Galaxy roles have this
problem, either a) not supporting needed platforms, b) or too much
complexity in setup.
* Roles tend to be "God Objects". I want a lighter weight role, a "snippet"
approach. I can much more easily debug and apply shorter bits of setup. To
extend the above, "Base Apache Install" is much easier to incorporate into
a complete setup. This is basically "Composition over inheritance" to which
I can add "Base SSL", "Certbot SSL", "Varnish proxied" etc.
* I've an additional issue (more minor) in that our shop is mostly Suse,
and ansible (and indeed all the major player in config
management/orchestration) focus on Ubuntu and Redhat/Centos.
I've had much better luck with re-using smaller snippets of shorter code
then roles.
This is probably falling on deaf ears (for which I'm sorry) but I thought
it might be worthwhile to let you good folks know :-)
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/61b9ea2a-c19e-4080-a1cc-2c4b773509c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
