Introduction

I enjoy creating automation templates using the platform Ansible (by Red Hat).

Creating Ansible Roles and Modules/Collections should help others to get started faster.

Feedback is appreciated!

Principles

💭 User interaction

Keeping the user interaction clean and simple

• Per example:

  If a network admin wants to configure a WireGuard VPN-Infrastructure he/she/... should not need to think about the role - just the abstracted topology!

• Each role should use as few 'top-level' variables as possible

  Most roles will take ONE nested variable (dictionary)

• Commonly redundant config is not accepable.

  The role should work its magic ✨ and handle it using inheritance, scoping and/or defaults

🏷 Default = Opt-out

Preferring opt-out on optional features

• IT-Infrastructure is a very sensitive domain.

  I hate it if some role/script does more than it should.

  That can lead to unpredictable results!

• The roles allow the user to choose the features they want to opt-in.

📗 Documentation

Good documentation

• The best tool is useless if you can not handle it..

  Documentation is the tools 'interface' and should be clean.

  I can't tell how often I came across a tool with a nice feature-set but could not use it as of the lack of good documentation!

• Transparency is key when getting to know a role.

  Examples (config => result) are very vital for this.

  Not everybody wants to run the role to see what it actually does do.

🔐 Security

• As security is very important in todays IT environment I'm checking my Roles and Modules/Collections for security best-practises.
• Roles and Modules will at least warn you if unsecure settings are used or will not even fail on you if you use them in an unsecure way.
• You should always use encrypted connectivity => Automation makes it very easy to add/generate certificates.

Epilog

Automation can save time and nerves, enables infrastructure-as-code (with all it's benefits) and scales well.

What are you waiting on? Automate! 😄

Have a nice day!

• AnsibleGuy