Ansible: Pure (only in its) pragmatism (opens in new tab)

(andrejradovic.com)

16 pointscue_the_strings1y ago8 comments

8 comments

6 comments · 2 top-level

andreareina1y ago· 4 in thread

Has Ansible solved the issue where some tasks (e.g. postgresql_user) require a Python module to be available, which you don't want to be installed in the global environment? Last I looked into it you could use a venv but had to monkey around with some envvars and it wasn't ergonomic in the least.

bravetraveler1y ago

You can monkey with the Python primitives, containerize the runtime env, or probably something more involved

Would suggest the middle option: https://docs.ansible.com/ansible/latest/getting_started_ee/i...

One can use the primitives, but eventually you'll find conflict or drift. Config management becomes something else. Not worth the hassle considering inconsistent usage/placement of the 'become' keyword, the '-b' argument, and such.

EEs slot perfectly into AWX/AAP, the next logical step once you've grown tired of using the Ansible CLI.

cue_the_stringsOP1y ago

Nope, the issue is still there, and not just for Postgres. You need `hvac` to use Hashicorp Vault-related stuff, for example.

There's a decent workaround, though, if you don't mind managing your Ansible install with `pipx` instead of your system package manager:

    $ pipx install ansible --include-deps
    $ pipx inject ansible psycopg2-binary --include-apps

I'd prefer to use `uv tool install` instead of `pipx`, but it's not there yet [1].

You can also containerize it w/ Podman or Docker and install the deps in the container. Maybe even add an alias.

[1]: https://github.com/astral-sh/uv/issues/6314

ringeryless1y ago

Just to clarify, for the reader, that ansible and python are only required for the deployment host, not it's targets.

being agentless and using ssh for transport, the target hosts need only have an ip address listed in the deployment hosts inventory, aka one can address target hosts directly after creating them, given ssh access.

much of ansibles python issues are just python issues.

ansible is a very flexible tool, and idempotent behavior is largely a factor of playbook design until it hits real world limits.

bravetraveler1y ago

The managed nodes do indeed need Python, though the requirements tend to be lower.

The bulk of the modules essentially generate Python payloads for Ansible to ship/run/track. Most of the burden is on the controller. Not all.

The execution environment information I linked [in another comment] covers what this user points out

1 more reply

sam_goody1y ago

The fact that Ansible doesn't allow feedback when a task is running, or give you access to the output of the task [it does give the response, but in a urlencoded json field that is useful but not friendly), makes it incredibly difficult for me to write tasks for, and uncomfortable to use.

The fact that it makes a new connection for every command, even when just doing a loop, makes it slow as mollasses. To add insult to injury, the name Ansible means "a tool faster than light"!

The fact that there is no way to return in the middle of a task, means that I cannot use task files as functions - that is, I cannot just tell Ansible that a given file exists it should stop running this taskfile, it will stop the whole playbook or nothing.

And because I cannot add conditions to a block, that means that the best I can do is make deeply nested layers of playbooks - ie. not the Ansible way.

These are just off the top of my head - I use Ansible heavily, and curse it all the time!

j / k navigate · click thread line to collapse

8 comments

6 comments · 2 top-level

andreareina1y ago· 4 in thread

bravetraveler1y ago

You can monkey with the Python primitives, containerize the runtime env, or probably something more involved

Would suggest the middle option: https://docs.ansible.com/ansible/latest/getting_started_ee/i...

EEs slot perfectly into AWX/AAP, the next logical step once you've grown tired of using the Ansible CLI.

cue_the_stringsOP1y ago

Nope, the issue is still there, and not just for Postgres. You need `hvac` to use Hashicorp Vault-related stuff, for example.

There's a decent workaround, though, if you don't mind managing your Ansible install with `pipx` instead of your system package manager:

    $ pipx install ansible --include-deps
    $ pipx inject ansible psycopg2-binary --include-apps

I'd prefer to use `uv tool install` instead of `pipx`, but it's not there yet [1].

You can also containerize it w/ Podman or Docker and install the deps in the container. Maybe even add an alias.

[1]: https://github.com/astral-sh/uv/issues/6314

ringeryless1y ago

Just to clarify, for the reader, that ansible and python are only required for the deployment host, not it's targets.

much of ansibles python issues are just python issues.

ansible is a very flexible tool, and idempotent behavior is largely a factor of playbook design until it hits real world limits.

bravetraveler1y ago

The managed nodes do indeed need Python, though the requirements tend to be lower.

The bulk of the modules essentially generate Python payloads for Ansible to ship/run/track. Most of the burden is on the controller. Not all.

The execution environment information I linked [in another comment] covers what this user points out

1 more reply

sam_goody1y ago

The fact that it makes a new connection for every command, even when just doing a loop, makes it slow as mollasses. To add insult to injury, the name Ansible means "a tool faster than light"!

And because I cannot add conditions to a block, that means that the best I can do is make deeply nested layers of playbooks - ie. not the Ansible way.

These are just off the top of my head - I use Ansible heavily, and curse it all the time!

j / k navigate · click thread line to collapse