Anyone that says yaml is readable is psychotic. It’s literally objectively not readable because a random white space character can break the entire thing and that’s by definition not readable I can’t see whether there’s a white space or not without explicitly setting that up in an editor
The scandinavian country codes, as understood by yaml:
- se
- false
- dk
Only 1.1. Which everybody has been fiercely clinging onto since 2009, because YAML 1.2 did not seem to consider it a problem that they broke backwards compatibility on that behavior. So now the only way to keep existing YAML files working is for us all to keep pretending YAML 1.2 does not exist.
Ow! My semver.
deleted by creator
Which versioning???
somekey: yesGo right ahead and tell me what the YAML version is and what is the type of
somekeyis. Oh that’s right, it’s impossible, because the versioning is entirely up to the serializers for some godforsaken reason.
they broke backwards compatibility
Tell me this is post-y2k and built in the dark ages after we lost our mentors and gurus without using those words.
That’s what ansible-lint is for.
I mean sure or you could just start by using a format that’s not so painfully strict with how it’s laid out. I miss the good old INI config. It couldn’t give two shits how you format it, throw in random spaces random tabs random new lines so long as the value was correct
I hate ini. Lists stuck in ini.
I fucking hate YAML. Everything about it is shit. I have no idea why it exists. “Oop, my config failed because I accidentally used an extra tab” should not be a thing.
Anybody that uses any of that shit can get fucked. KDL, too. I almost used Zellij until I saw how brain-dead their config system was.
Honestly, fuck Ansible.
It’s the dialup of automation tools. It was probably amazing 10 years ago.
It’s YAML is awful, it scales terribly, it’s so fucking slow at literally everything, it gives people who have no clue what they’re doing a false sense of confidence.
The number of times I’ve seen app teams waste the time of support groups and engineers because something went wrong and they didn’t have the knowledge to know why and need to waste so many man hours having other people solve it for them. I (the engineer) was added to a chat that had 15 people in it because they, after running ansible, saw errors in their server… So clearly there was a problem with the server… At no point did they question there Ansible job.
Of the various tools I’ve used, I prefer Salt. The YAML is slightly less ass and it’s so much faster while also seeming to scaling better too. It by no means is perfect.
Honestly, fuck Ansible.
It’s the dialup of automation tools. It was probably amazing 10 years ago.
It’s actually on par with 20-year-old tech. There’s nothing it’s doing that we weren’t doing back then already in the enterprise space. And, in so many cases where Ansible’s unable to respond well to changes to the system, it ends up not being on par with 20-yer-old tech.
Salt is better as it’s one generation newer, aka last-gen. Puppet, salt, chef/cinc, all the same generation, and we get single source of truth and fast operation de
Current-gen is mgmtconfig, and from it we get instant/constant converging event-driven code. If you like ansible, you’re gonna love sale or cinc. If you love salt or puppet, mgmtconfig will blow your mind clean out the back of your head.
100 servers? 5000? Ansible don’t care
Sub-second convergence of thousands of servers. Files managed so hard you can’t manually mod them as they revert immediately and it’s an actual race to try and mod a file to use it, since it’s hooked into inotify and friends.
James even put in a YAML-ish DSL for the crayola crew who haven’t learned Go yet. :-P
mgmtconfig
Never heard of that, will be looking into it
You had me at “fuck Ansible”.
Thanks for including an alternative you’d recommend!
Well you will be happy to hear that it’s owned by Broadcom now. While salt is better, I wouldn’t use it just because of Broadcom.
But then again, Oracle now owns Redhat, so…
IBM owns Red Hat.
Oops yeah. Not sure why I was thinking Oracle
I also appreciate the alternative suggestion. No terraform love?
Terraform and Ansible do different things, they do have overlapping features, but ultimately they’re meant to do different things. I use them both at my current job with Terraform running Ansible
No terraform love
Terraform 0.12 was awesome. It had no supply-chain sploit risk, ran well, accepted add-ons easily, and was very powerful.
Then they got a registry for people to attack, an umbilical to operation that ubisoft would envy.
I’ve been unable to get anything newer approved so far, because of the risk . Sure, you firewall off the box running CI, but often it needs to get out to the world, and suddenly it’s a WAF on top of everything, and it’s a real mess … which they can eliminate by killing terraform usage altogether. And I don’t wanna see that, as while tf’s dsl is pretty weird it’s the least-worst tool out there.
THANK YOU FOR THE SUMMARY, BROTHER. I’M GONNA TRY IT OUT AFTER I CRANK MY HOG. AROOOOOO!
I have to say, the resurgence of this energy in the last whenever has been refreshing. Can’t we all just crank our hogs?
I’ve been using Ansible for almost 10 years now and one thing I learned is to keep things simple, most issues I had with Ansible in the past were due to me taking the wrong approach to problem solving. In way, it forced me to not overcomplicate things.
I’m not the biggest fan of it, but I do prefer it over other IaCs.
edit: tbh my biggest issue with Ansible is other people who ask me “why not wrtie a bash script instead?”
Finally, KISS enforced software
I hate anything that uses python or depends on whitespace in it’s code. Nothing but fucking problems. You know what’s hard to see an extra space in a line of code. A missing semicolon is so much easier to find.
uses vanilla ssh
Clearly you haven’t tried automation of network devices because it constantly bitches about missing ansible-pylibssh and falls back to Paramiko
Also completely parses your whole goddamn secrets file multiple times per run, so if you need to change a single server, make sure you have time.
I finally understand Ansible.
WASTHATSOFUCKINGHARD?!?!!
Last time I checked on ansible, it was a sysadmin complaining that he could just do everything better with vanilla bash scripts and that redhat keeps riding it because every company keeps asking for ansible experience, even if it’s now a dated product.
And just personally, declarative anything seems to defeat it’s own purpose any time you want to do something non standard, which comes up more often than you’d think.
i keep telling myself what a timesaver ansible is, while at the same time my simple scripts got abstracted and puzzled into more files, much harder to quickly read and understand them and after hours of frustration, ansible actually works. there may be multiple minutes of delay between my tasks wasting time like hell but it works (as in not randomly fails to connect). except when it doesn’t. there still is a playbook where the host cannot be reached and i keep on failing to understand why as everything appears to be the same and looks correct. there will be more hours wasted.
The higher abstraction level is the price you pay for idempotency!
You forgot that it can run without ssh set up, by installing ansible on the machines and letting them poll for changes.
The enemy gate is down
Wtf is SSH and why should I care?
