I have a home media server, and I spent a lot of time configuring,
testing and installing on it. But I was never really satisfied by
the way I had to perform the installation (which happens way too often).
And I recently discovered Ansible, which
is a tool for doing a lot of stuff with a server
(configuration, run repetitive command, installation) over ssh.
I really loved experienced with it, it does not require a lot
of dependencies on the targeted server, and can be easily run.
The project
I decided to install my home server with it, because it can at
last allow me to versionned my installation in an easy way
(which seems too complicated with chef or puppet). It also allows
me to test this installation against a virtual machine and have
a reproductible installation.
For the installation I choose to switch on Archlinux
(hipsters for the win), for a lot of reasons, but mainly because I can easily
install zfs and nvidia drivers (because I also play on
this computer).
I decided to create a github organisation in order to push the various git
projects I created. You can check this out: here
This repository is separated in three sub project which I will explain.
Development environment
The development environment is based on a VM with Vagrant,
it also contains the configuration to deploy on the targeted machine.
You can check the sources here ->
https://github.com/T0rt4nk/ansible-arch
Setup scripts
When installing on the server we need a basic operating system with
the ssh service started. I created some scripts which can be retrieved
easily and setup the default config.
Check it out here ->
https://github.com/T0rt4nk/setup
The installation
A really great experience so far, it was reliable and easy, it “kind of” works
(ansible is young currently, a lot of things have to be fixed).
You can look at the code here ->
https://github.com/T0rt4nk/setup
I tried to follow the best practices but there is a need to involve in this
technology and I don’t have the time right now (it was a side project here).
Return on experience
Ansible was a really good experience and here are some throughts
PRO
- easy, understandable, it does not require advanced knowledge, nor
configuration.
- written in python, this is a language I masterize and it helps me
a lot when I tried to hack behaviour. I also think that the choice of
python is really good for this kind of tool. Recently, a sysadmin told
me that he prefers python over golang because he can hack some code
even if he does not understand well what is happening.
- my configuration is versionned (woohoo \o/) and that was the goal of
this project. I now want to perform any repetitive action with Ansible
and/or hack the code to make it better.
- kind of good documentation (this can be hugely improved, but at this moment
it is still better than many projects).
CONS
I encountered some issues, some are fixable, some will need evolution on
Ansible part.
- debug was a bit complicated, as a lot of code is wrapped on client side
the debugging is hard (I didn’t figure how to perform this well). I think
this one will quickly became a priority for the community.
- the tool is not fully mature, some behaviours are counter intuitive and
we have the impression that it is not predicable. This is mostly due
to the mix of Jinja templates, YAML syntax and python execution.
- some tools not complete, or not existing (I am looking at you systemd
support).
- lack of tests, especially on community modules. Beware of the node effect:
people creating their own tool instead of improving existant one. This
bring some regression between versions (migration from 1.4 to 2.0 was a
real pain)
- issue with procedural execution, and state management. This is one of the
most complicated question when coming to issues which tools like Ansible
tries to solve: which part need to be declarative, which doesn’t. I think
that the use of jinja templates (and python code through plugins in the
library) is a great idea, but it is not advertised in the documentation
whereas it could save plenty of time and provide a real
- issues with state management, this is mostly due to the declarative
approach. Ansible tries to solve it, but the tool lacks of features and
extensibility. See previous point for thoughts on how to solve this.
NOTE This was done during the transition between 1.4 and 2.0, maybe some
behaviours moved the good way and are now fixed. I will try to write an update
later when my project will need to evolve.