Ansible
I have a home media server, and I spent a lot of time configuring, testing and installing on it. But I was never really satisfied by the way I had to perform the installation (which happens way too often).
And I recently discovered Ansible, which is a tool for doing a lot of stuff with a server (configuration, run repetitive command, installation) over ssh.
I really loved experienced with it, it does not require a lot of dependencies on the targeted server, and can be easily run.
The project
I decided to install my home server with it, because it can at last allow me to versionned my installation in an easy way (which seems too complicated with chef or puppet). It also allows me to test this installation against a virtual machine and have a reproductible installation.
For the installation I choose to switch on Archlinux (hipsters for the win), for a lot of reasons, but mainly because I can easily install zfs and nvidia drivers (because I also play on this computer).
I decided to create a github organisation in order to push the various git projects I created. You can check this out: here
This repository is separated in three sub project which I will explain.
Development environment
The development environment is based on a VM with Vagrant, it also contains the configuration to deploy on the targeted machine.
You can check the sources here -> https://github.com/T0rt4nk/ansible-arch
Setup scripts
When installing on the server we need a basic operating system with the ssh service started. I created some scripts which can be retrieved easily and setup the default config.
Check it out here -> https://github.com/T0rt4nk/setup
The installation
A really great experience so far, it was reliable and easy, it “kind of” works (ansible is young currently, a lot of things have to be fixed).
You can look at the code here -> https://github.com/T0rt4nk/setup
I tried to follow the best practices but there is a need to involve in this technology and I don’t have the time right now (it was a side project here).
Return on experience
Ansible was a really good experience and here are some throughts
PRO
- easy, understandable, it does not require advanced knowledge, nor configuration.
- written in python, this is a language I masterize and it helps me a lot when I tried to hack behaviour. I also think that the choice of python is really good for this kind of tool. Recently, a sysadmin told me that he prefers python over golang because he can hack some code even if he does not understand well what is happening.
- my configuration is versionned (woohoo \o/) and that was the goal of this project. I now want to perform any repetitive action with Ansible and/or hack the code to make it better.
- kind of good documentation (this can be hugely improved, but at this moment it is still better than many projects).
CONS
I encountered some issues, some are fixable, some will need evolution on Ansible part.
- debug was a bit complicated, as a lot of code is wrapped on client side the debugging is hard (I didn’t figure how to perform this well). I think this one will quickly became a priority for the community.
- the tool is not fully mature, some behaviours are counter intuitive and we have the impression that it is not predicable. This is mostly due to the mix of Jinja templates, YAML syntax and python execution.
- some tools not complete, or not existing (I am looking at you systemd support).
- lack of tests, especially on community modules. Beware of the node effect: people creating their own tool instead of improving existant one. This bring some regression between versions (migration from 1.4 to 2.0 was a real pain)
- issue with procedural execution, and state management. This is one of the most complicated question when coming to issues which tools like Ansible tries to solve: which part need to be declarative, which doesn’t. I think that the use of jinja templates (and python code through plugins in the library) is a great idea, but it is not advertised in the documentation whereas it could save plenty of time and provide a real
- issues with state management, this is mostly due to the declarative approach. Ansible tries to solve it, but the tool lacks of features and extensibility. See previous point for thoughts on how to solve this.
NOTE This was done during the transition between 1.4 and 2.0, maybe some behaviours moved the good way and are now fixed. I will try to write an update later when my project will need to evolve.