My biggest problem with Ansible is linearity.
Ansible roles are plain YAML files describing various tasks you want to achieve. You have no class, no function and no reusable component between roles. Since there are no functions, you have no way to easily document the variables you need to define in your inventory unless you cut / past an existing one. You also won’t know when variables are unset, if they’re set to something impossible, or if you made a typo in your inventory.
Today, Greg found an amazing Ansible trick to both document your roles interface and ensure your variables are set.
Let’s say you want to setup a database connection. You need a host, a port, a user, a password and a database name.
init.yml- assert: that: - db_host != '' - db_port != '' - db_user != '' - db_user != 'root' - db_password != '' - db_name != '' tags: ['check_vars']
Placed at the beginning of your role
main.yaml, or even better in an included
init.yaml, it will prevent your role from being applied if any of the mandatory variables is empty, or if you try to connect as root, which is insecure.
It also acts as a function documentation. Every variable your role uses are described in your init file so you know what you need at a glance. Awesome isn’t it?
One more thing.
You’re missing the smartest part of Greg’s trick. See the
tags: ['check_vars'] part in the snippet? You can use it to check all your variables are set before running your playbook with a simple:
$ ansible-playbook -i your_inventory -t check_vars site.yml
Sure, I could have stayed in the past. I could have even been king. But in my own way, I am king.
Hail to the king, baby.