Don't assume anything about localhost

redhat-cop / automation-good-practices

Recommended practices for all elements of automation using Ansible, starting with collections and roles, continuing with playbooks, inventories and plug-ins... These good practices are planned to be used by all Red Hat teams interested but can of course be used by others.

268 stars 66 forks source link

Don't assume anything about localhost #3

Open ericzolf opened 3 years ago

ericzolf commented 3 years ago

Just random notes about recommendations as I go through old documents:

make delegate_to configurable and localhost only the default (it might not have access to the API, might not have the necessary dependencies, especially true for Tower)
don't write playbooks against localhost, the host might be remote

ericzolf commented 3 years ago

Some consequences highlighted by a colleague (some are more generic though):

Avoid reading inventory files in scripts as they can contain variables → the script likely fails if you need the actual value Lookups (file, template, ...) are executed on the ansible controller → if the playbook assumes ansible controller = provisioned host this leaves the customer with modifications to workaround this assumption include_vars → same as lookups Same for loading files in scripts - right now they are not on the ansible controller Avoid modifying inventory files, ideally provide an ansible role and use set_facts → this also makes it more agnostic to the deployment scenario

jeichler commented 3 years ago

a bit more context: this was something I mentioned for vendors providing "canned playbooks". @ericzolf I can provide a bit content if this is simething that is deemed wothwhile to mention in this repo.

Just assign this to me in that case.

mophahr commented 2 years ago

@jeichler @ericzolf I've noticed there hasn't been any update here in quite a while. What's the status?

jeichler commented 2 years ago

no new status, but I can pick it up and send a PR soon-ish. @mophahr