Ansible vs Fabric

Ben Sturmfels at 2017-05-08T07:24:25Z

I'm trying to love Ansible, but ansible-playbook -i inventory.ini --sudo -v certbot-renew.yml is just messy compared to say fab certbot-renew.

uıɐɾ ʞ ʇɐɯɐs likes this.

Show all 6 replies

@Adam Bolte it certainly could, and for renewing certificates it probably should, so perhaps not the best example. I really like using Fabric as a way to put a really simple interface over a sequence of hard to remember commands, that I might only run now and again.

Ben Sturmfels at 2017-05-08T07:53:06Z

>> Ben Sturmfels:

“>that I might only run now and again.”

Fair enough. In salt, you would put your host-specific states in top.sls. Then you can just run salt '*' state.highstate when you need to redeploy/update/whatever and forget about running any certbot-related commands, states or playbooks directly ever again. :)

Adam Bolte at 2017-05-08T08:06:50Z

If there's an "ansible.cfg" file in the current directory, you can put "inventory=inventory.ini" in the "[defaults]" section and not have to mention it on the command-line.

Instead of saying "--sudo", you can put "become: true" into your playbook file.

That makes the Ansible command-line a bit simpler, but still not quite as simple as Fabric.

In my experience, Ansible really shines when you have modular configuration, where these hosts need this subset of configuration applied to them, but those hosts need that overlapping-but-not-identical subset of configuration applied. Using Ansible for configuring a single thing on a single host is overkill for production, although it's a good way to learn about it.

Screwtape at 2017-05-08T08:45:09Z