Honestly, fuck Ansible.
It’s the dialup of automation tools. It was probably amazing 10 years ago.
It’s YAML is awful, it scales terribly, it’s so fucking slow at literally everything, it gives people who have no clue what they’re doing a false sense of confidence.
The number of times I’ve seen app teams waste the time of support groups and engineers because something went wrong and they didn’t have the knowledge to know why and need to waste so many man hours having other people solve it for them. I (the engineer) was added to a chat that had 15 people in it because they, after running ansible, saw errors in their server… So clearly there was a problem with the server… At no point did they question there Ansible job.
Of the various tools I’ve used, I prefer Salt. The YAML is slightly less ass and it’s so much faster while also seeming to scaling better too. It by no means is perfect.
Thanks for including an alternative you’d recommend!
Well you will be happy to hear that it’s owned by Broadcom now. While salt is better, I wouldn’t use it just because of Broadcom.
But then again, Oracle now owns Redhat, so…
IBM owns Red Hat.
Oops yeah. Not sure why I was thinking Oracle
Honestly, fuck Ansible.
It’s the dialup of automation tools. It was probably amazing 10 years ago.
It’s actually on par with 20-year-old tech. There’s nothing it’s doing that we weren’t doing back then already in the enterprise space. And, in so many cases where Ansible’s unable to respond well to changes to the system, it ends up not being on par with 20-yer-old tech.
Salt is better as it’s one generation newer, aka last-gen. Puppet, salt, chef/cinc, all the same generation, and we get single source of truth and fast operation de
Current-gen is mgmtconfig, and from it we get instant/constant converging event-driven code. If you like ansible, you’re gonna love sale or cinc. If you love salt or puppet, mgmtconfig will blow your mind clean out the back of your head.
100 servers? 5000? Ansible don’t care
Sub-second convergence of thousands of servers. Files managed so hard you can’t manually mod them as they revert immediately and it’s an actual race to try and mod a file to use it, since it’s hooked into inotify and friends.
James even put in a YAML-ish DSL for the crayola crew who haven’t learned Go yet. :-P
mgmtconfig
Never heard of that, will be looking into it
“crayola crew” - amen brother
You had me at “fuck Ansible”.
I also appreciate the alternative suggestion. No terraform love?
Terraform and Ansible do different things, they do have overlapping features, but ultimately they’re meant to do different things. I use them both at my current job with Terraform running Ansible
Anyone that says yaml is readable is psychotic. It’s literally objectively not readable because a random white space character can break the entire thing and that’s by definition not readable I can’t see whether there’s a white space or not without explicitly setting that up in an editor
The scandinavian country codes, as understood by yaml:
- se
- false
- dk
Only 1.1. Which everybody has been fiercely clinging onto since 2009, because YAML 1.2 did not seem to consider it a problem that they broke backwards compatibility on that behavior. So now the only way to keep existing YAML files working is for us all to keep pretending YAML 1.2 does not exist.
Ow! My semver.
they broke backwards compatibility
Tell me this is post-y2k and built in the dark ages after we lost our mentors and gurus without using those words.
deleted by creator
Which versioning???
somekey: yesGo right ahead and tell me what the YAML version is and what is the type of
somekeyis. Oh that’s right, it’s impossible, because the versioning is entirely up to the serializers for some godforsaken reason.
Since when is YAML readable and clean?
Small yaml files are, big complex ones are a nightmare.
I hate anything that uses python or depends on whitespace in it’s code. Nothing but fucking problems. You know what’s hard to see an extra space in a line of code. A missing semicolon is so much easier to find.
THANK YOU FOR THE SUMMARY, BROTHER. I’M GONNA TRY IT OUT AFTER I CRANK MY HOG. AROOOOOO!
I have to say, the resurgence of this energy in the last whenever has been refreshing. Can’t we all just crank our hogs?
i keep telling myself what a timesaver ansible is, while at the same time my simple scripts got abstracted and puzzled into more files, much harder to quickly read and understand them and after hours of frustration, ansible actually works. there may be multiple minutes of delay between my tasks wasting time like hell but it works (as in not randomly fails to connect). except when it doesn’t. there still is a playbook where the host cannot be reached and i keep on failing to understand why as everything appears to be the same and looks correct. there will be more hours wasted.
The higher abstraction level is the price you pay for idempotency!
Last time I checked on ansible, it was a sysadmin complaining that he could just do everything better with vanilla bash scripts and that redhat keeps riding it because every company keeps asking for ansible experience, even if it’s now a dated product.
And just personally, declarative anything seems to defeat it’s own purpose any time you want to do something non standard, which comes up more often than you’d think.
“Keep it simple” says the project that decided it would be great to program in YAML…
I’ve tried using it to manage a few home servers and parameterizing anything was painful and boilerplate-ridden
Jist wait until you have to start fucking around with multiple incompatible versions of python for different targets.
Because group or host vars are hard?
No. Because the python version of the host and the target server must loosely match up. Otherwise you get some cryptic error messages in some unexpected modules. Red Hat’s solution: just manage RHEL 9 targets from RHEL9 hosts and RHEL8 from RHEL8 hosts. There is no official way to align python versions across that major.
That’s not entirely true. You could use Ansible Navigator and Execution Environments.
Except it isn’t actually YAML you’re writing, it’s a jinja2 string template that parses to YAML because the expressions they came up with ended up not being sufficient.
Mm, I love stacking weird formats. How many backslashes do I need for a regular expression to work right? 🥵
Well it’s bash down the line so I’ll say five.
I’ve been using Ansible for almost 10 years now and one thing I learned is to keep things simple, most issues I had with Ansible in the past were due to me taking the wrong approach to problem solving. In way, it forced me to not overcomplicate things.
I’m not the biggest fan of it, but I do prefer it over other IaCs.
edit: tbh my biggest issue with Ansible is other people who ask me “why not wrtie a bash script instead?”
uses yaml for scripting so it’s clean and readable.
Eh…
I guess yaml is fine.
I hate the significance of whitespace, and the fact that I cannot find any editor that can auto-format. Which are both related, I guess: there is no way to know a yaml document is actually correctly formatted without knowing the intended schema.Whereas JSON doesn’t have this ambiguity. But JSON has it’s own drawbacks.
Protip: you can actually just write your ansible (or any yaml really( as JSON.
YAML is fine as a configuration language and ok data input language.
YAML is absolutely cursed as a programming language. As in Ansible has created a really shitty programming language inside of YAML. Should be burned with fire.
I kinda like YAML for simple configuration files, but the YAML spec is borderline insane.
https://ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell
And don’t get me started with ansible, it never works the way I think it should and almost every playbook or role I write is a pain to get right. When it works, it’s a really nice tool and I couldn’t manage my homelab as efficiently without Ansible, but it frustrated the hell out of me way too often.
You forgot that it can run without ssh set up, by installing ansible on the machines and letting them poll for changes.
Hello? Its me, NixOS.
After a suspicious-looking guide I nearly started with, and the NoxOS split drama, and having homemanager bork my login in a test setup, I wonder if next time I’ll try GUIX.
Yeah, guix started as a nix fork with scheme, we all dancing at the same party.
NixOS : no dudes, its not raw screeching madness, its great. Just great. So great. Please read these 17 guides that are outdated more every minute to get started. Also, dont read that guide. We don’t do that anymore, but there is no way for me to explain why unless you already know.
Ive tried NixOS three times now, and it hasn’t took. Has anyone written a sane guide to the current iteration yet?
Listen. The more painful it is up front, the better you’ll feel once you get it.
This is the argument I use to convince straight guys to let me bum them
Just so you know.
Wtf is SSH and why should I care?
SSH is a network protocol for making secure connections, allowing remote access to various systems. As for why you should care, if you didn’t know what SSH was, then you probably shouldn’t care since you aren’t the target audience. It’s fringe knowledge for me too.
