Skip to content
View ansibleguy's full-sized avatar
πŸš€
Automating
πŸš€
Automating
Block or Report

Block or report ansibleguy

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ansibleguy/README.md

Introduction

I enjoy creating automation templates using the platform Ansible (by Red Hat).

Creating Ansible Roles and Modules/Collections should help others to get started faster.

Feedback is appreciated!

Principles

πŸ’­ User interaction

Keeping the user interaction clean and simple

  • Per example:

    If a network admin wants to configure a WireGuard VPN-Infrastructure he/she/... should not need to think about the role - just the abstracted topology!

  • Each role should use as few 'top-level' variables as possible

    Most roles will take ONE nested variable (dictionary)

  • Commonly redundant config is not accepable.

    The role should work its magic ✨ and handle it using inheritance, scoping and/or defaults

🏷 Default = Opt-out

Preferring opt-out on optional features

  • IT-Infrastructure is a very sensitive domain.

    I hate it if some role/script does more than it should.

    That can lead to unpredictable results!

  • The roles allow the user to choose the features they want to opt-in.

πŸ“— Documentation

Good documentation

  • The best tool is useless if you can not handle it..

    Documentation is the tools 'interface' and should be clean.

    I can't tell how often I came across a tool with a nice feature-set but could not use it as of the lack of good documentation!

  • Transparency is key when getting to know a role.

    Examples (config => result) are very vital for this.

    Not everybody wants to run the role to see what it actually does do.

πŸ” Security

  • As security is very important in todays IT environment I'm checking my Roles and Modules/Collections for security best-practises.
  • Roles and Modules will at least warn you if unsecure settings are used or will not even fail on you if you use them in an unsecure way.
  • You should always use encrypted connectivity => Automation makes it very easy to add/generate certificates.

Epilog

Automation can save time and nerves, enables infrastructure-as-code (with all it's benefits) and scales well.

What are you waiting on? Automate! πŸ˜„


Have a nice day!

  • AnsibleGuy

Pinned

  1. collection_opnsense collection_opnsense Public

    Ansible Collection to manage OPNSense firewalls using their API

    Python 229 26

  2. webui webui Public

    Basic WebUI for using Ansible

    Python 60 4

  3. infra_wireguard infra_wireguard Public

    Ansible Role to provision Wireguard Site-to-Site Tunnels

    Jinja 13 1

  4. infra_nftables infra_nftables Public

    Ansible Role to provision NFTables firewall

    Python 5 4

  5. collection_nftables collection_nftables Public

    Ansible modules to manage NFTables via libnftables

    Python 8 1

  6. infra_haproxy infra_haproxy Public

    Ansible Role to provision HAProxy Community (with ACME, GeoIP and some WAF-Features)

    Jinja 1 2