On 25.01.2019 15:23, Sylvain Martel wrote:
Hi,
We are new to using ansible, and I saw something while going
through
our early code that had me worried. I have CoderA and CoderB that are
starting to create roles and tasks. In one Task, coderA adds IIS
features,
but coderB, in another role , also adds some IIS features in a Task,
and
also make sure other features are absent, but some of those features
are
installed by CoderA role. You can see the problem when both roles
will
be applied to the same machine.
This is easily solved by having the code one place, many people uses a
git repository for that job.
And to add more security you can have code review before it get into
production.
In powershell DSC, there are failsafe in place to prevent this: When
code
tries to change something that was defined somewhere else, powershell
will
raise an error at the mof creation and prevent this. Is there some
failsafe n Ansible too to prevent a task from undoing what another
does?
If not, what is the best way to avoid this?(code review won't catch
them
all)
Ansible is declarative so the code you run says I want is to be
configure like this and Ansible does what it's told and make the
configuration that way.
So you need something outside of Ansible to make sure this doesn't
happens.
Code review and testing in different stages should catch this, if not
you have some improvements to do in the work flow.
--
Kai Stian Olstad
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/cbe80c338c4a653f14781b5c6aaa78ec%40olstad.com.
For more options, visit https://groups.google.com/d/optout.
