The document discusses how to make Ansible playbooks flexible, maintainable, and scalable. It recommends staying organized by keeping playbooks in source control and including documentation. It also stresses the importance of testing playbooks early and often using tools like YAML linting, Ansible syntax checks, Ansible lint, and test environments. Finally, it suggests simplifying playbooks by using flat variables instead of nested dictionaries, optimizing tasks to disable facts gathering when unnecessary, and using templates instead of lineinfile modules.

1. Make your Ansible playbooks
flexible / maintainable / scalable
J E F F G E E R L I N G ( @ G E E R L I N G G U Y)
# A N S I B L E FEST

2. D E V E L O P E R
A U T H O R
P H O T O G R A P H E R

3. H O S T E D A PA C H E S O L R

4. D R U PA L V M &
M A C D E V P L AY B O O K

5. M E D I A
E C O M M E R C E P L AT F O R M

6. L E S S O N S L E A R N E D
1. Stay organized
2. Test early and often
3. Simplify, optimize

8. S TAY O R G A N I Z E D

10. • Playbooks always run from build server

11. – J E F F G E E R L I N G
“If it's important,
it will be forgotten.”

12. R E A D M E
1. Purpose
2. Links (CI, docs, issue tracking)
3. Instructions for local testing

13. S M A L L F I L E S
• < 100 lines per file
• Start by splitting out related tasks with
include_*
• Progress to single-responsibility roles

14. R O L E S
• Make roles generic
• Share roles among projects
• Contribute to / use from Galaxy?

17. T E S T E A R LY A N D O F T E N

19. The Ansible CI Spectrum

20. • yamllint
• ansible-playbook --syntax-check
• ansible-lint
• molecule test (integration)
• ansible-playbook --check (against prod)
• Parallel infrastructure

21. • yamllint
• ansible-playbook --syntax-check
• ansible-lint
• molecule test (integration)
• ansible-playbook --check (against prod)
• Parallel infrastructure
increasing
complexity

23. • Heed [DEPRECATION WARNING]s
• Read through porting guides
• Disable annoying WARN messages:

24. • Heed [DEPRECATION WARNING]s
• Read through porting guides
• Disable annoying WARN messages:
- name: Check if firewalld is installed.
command: yum list installed firewalld
args:
warn: no
register: firewalld_installed

25. • Target latest Ansible release
• Keep CI environment updated

26. S I M P L I F Y, O P T I M I Z E

27. S I M P L I F Y, O P T I M I Z E

28. – J E F F G E E R L I N G
“YAML is not a
programming language.”

30. • Prefer simple, flat variables over dicts

31. • Prefer simple, flat variables over dicts
apache:
startservers: 2
maxclients: 2!

32. • Prefer simple, flat variables over dicts
apache:
startservers: 2
maxclients: 2!
apache_startservers: 2
apache_maxclients: 250
✅

33. • Prefer simple, flat variables over dicts
apache:
startservers: 2
maxclients: 2!
apache_startservers: 2
apache_maxclients: 250
✅

34. S P E E D

35. • CI is useless if slow
S P E E D

36. • CI is useless if slow
• Disable gather_facts if not needed
• forks config - fully utilize resources
S P E E D

37. M O D U L E S
• package - pass list to name instead of a loop
• copy - only for single files or small dirs
• lineinfile - try to switch to template
instead of looping on one file

38. [defaults]
callback_whitelist = profile_roles, profile_tasks, timer

39. Monday 10 September 22:31:08 -0500 (0:00:00.851) 0:01:08.824 ******
===============================================================================
geerlingguy.docker ------------------------------------------------------ 9.65s
geerlingguy.security ---------------------------------------------------- 9.33s
geerlingguy.nginx ------------------------------------------------------- 6.65s
geerlingguy.firewall ---------------------------------------------------- 5.39s
geerlingguy.munin-node -------------------------------------------------- 4.51s
copy -------------------------------------------------------------------- 4.34s
geerlingguy.backup ------------------------------------------------------ 4.14s
geerlingguy.htpasswd ---------------------------------------------------- 4.13s
geerlingguy.ntp --------------------------------------------------------- 3.94s
geerlingguy.swap -------------------------------------------------------- 2.71s
template ---------------------------------------------------------------- 2.64s
...
[defaults]
callback_whitelist = profile_roles, profile_tasks, timer

40. Try other callback plugins!
(my fave: yaml)

41. L E S S O N S L E A R N E D
1. Stay organized
2. Test early and often
3. Simplify, optimize

42. T H A N K Y O U !
# A N S I B L E FEST