SlideShare a Scribd company logo

Make your Ansible playbooks maintainable, flexible, and scalable

Jeff Geerling, profile picture
Jeff Geerling

The document discusses how to make Ansible playbooks flexible, maintainable, and scalable. It recommends staying organized by keeping playbooks in source control and including documentation. It also stresses the importance of testing playbooks early and often using tools like YAML linting, Ansible syntax checks, Ansible lint, and test environments. Finally, it suggests simplifying playbooks by using flat variables instead of nested dictionaries, optimizing tasks to disable facts gathering when unnecessary, and using templates instead of lineinfile modules.

Software
1 of 42
Downloaded 45 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Make your Ansible playbooks flexible / maintainable / scalable J E F F G E E R L I N G ( @ G E E R L I N G G U Y) # A N S I B L E FEST
D E V E L O P E R A U T H O R P H O T O G R A P H E R
H O S T E D A PA C H E S O L R
D R U PA L V M & M A C D E V P L AY B O O K
M E D I A E C O M M E R C E P L AT F O R M
L E S S O N S L E A R N E D 1. Stay organized 2. Test early and often 3. Simplify, optimize
Make your Ansible playbooks maintainable, flexible, and scalable
S TAY O R G A N I Z E D
Make your Ansible playbooks maintainable, flexible, and scalable
• Playbooks always run from build server
 
 
 
 
 
 
 

– J E F F G E E R L I N G “If it's important, it will be forgotten.”
R E A D M E 1. Purpose 2. Links (CI, docs, issue tracking) 3. Instructions for local testing
S M A L L F I L E S • < 100 lines per file • Start by splitting out related tasks with include_* • Progress to single-responsibility roles
R O L E S • Make roles generic • Share roles among projects • Contribute to / use from Galaxy?
Make your Ansible playbooks maintainable, flexible, and scalable
Make your Ansible playbooks maintainable, flexible, and scalable
T E S T E A R LY A N D O F T E N
Make your Ansible playbooks maintainable, flexible, and scalable
The Ansible CI Spectrum
• yamllint • ansible-playbook --syntax-check • ansible-lint • molecule test (integration) • ansible-playbook --check (against prod) • Parallel infrastructure
• yamllint • ansible-playbook --syntax-check • ansible-lint • molecule test (integration) • ansible-playbook --check (against prod) • Parallel infrastructure increasing complexity
Make your Ansible playbooks maintainable, flexible, and scalable
• Heed [DEPRECATION WARNING]s • Read through porting guides • Disable annoying WARN messages:
• Heed [DEPRECATION WARNING]s • Read through porting guides • Disable annoying WARN messages: - name: Check if firewalld is installed.
 command: yum list installed firewalld
 args:
 warn: no
 register: firewalld_installed
• Target latest Ansible release • Keep CI environment updated
S I M P L I F Y, O P T I M I Z E
S I M P L I F Y, O P T I M I Z E
– J E F F G E E R L I N G “YAML is not a programming language.”
Make your Ansible playbooks maintainable, flexible, and scalable
• Prefer simple, flat variables over dicts
• Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2!
• Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2! apache_startservers: 2
 apache_maxclients: 250 ✅
• Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2! apache_startservers: 2
 apache_maxclients: 250 ✅
S P E E D
• CI is useless if slow S P E E D
• CI is useless if slow • Disable gather_facts if not needed • forks config - fully utilize resources S P E E D
M O D U L E S • package - pass list to name instead of a loop • copy - only for single files or small dirs • lineinfile - try to switch to template instead of looping on one file
[defaults]
 callback_whitelist = profile_roles, profile_tasks, timer
Monday 10 September 22:31:08 -0500 (0:00:00.851) 0:01:08.824 ****** =============================================================================== geerlingguy.docker ------------------------------------------------------ 9.65s geerlingguy.security ---------------------------------------------------- 9.33s geerlingguy.nginx ------------------------------------------------------- 6.65s geerlingguy.firewall ---------------------------------------------------- 5.39s geerlingguy.munin-node -------------------------------------------------- 4.51s copy -------------------------------------------------------------------- 4.34s geerlingguy.backup ------------------------------------------------------ 4.14s geerlingguy.htpasswd ---------------------------------------------------- 4.13s geerlingguy.ntp --------------------------------------------------------- 3.94s geerlingguy.swap -------------------------------------------------------- 2.71s template ---------------------------------------------------------------- 2.64s ... [defaults]
 callback_whitelist = profile_roles, profile_tasks, timer
Try other callback plugins! (my fave: yaml)
L E S S O N S L E A R N E D 1. Stay organized 2. Test early and often 3. Simplify, optimize
T H A N K Y O U ! # A N S I B L E FEST

More Related Content

PDF
HTTPS and Ansible
Jeff Geerling
 
PPTX
Using ansible vault to protect your secrets
Excella
 
PDF
How Ansible Makes Automation Easy
Peter Sankauskas
 
PDF
Managing sensitive data with Ansible vault
Pascal Stauffer
 
PDF
Testing servers like software
Peter Souter
 
PPTX
Ansible Best Practices - July 30
tylerturk
 
PDF
Compliance as Code
Matt Ray
 
PDF
Ansible Case Studies
Greg DeKoenigsberg
 
HTTPS and Ansible
Jeff Geerling
 
Using ansible vault to protect your secrets
Excella
 
How Ansible Makes Automation Easy
Peter Sankauskas
 
Managing sensitive data with Ansible vault
Pascal Stauffer
 
Testing servers like software
Peter Souter
 
Ansible Best Practices - July 30
tylerturk
 
Compliance as Code
Matt Ray
 
Ansible Case Studies
Greg DeKoenigsberg
 

What's hot (20)

PPTX
Introduction to Ansible - Jan 28 - Austin MeetUp
tylerturk
 
PDF
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
PDF
Ansible Crash Course
Peter Sankauskas
 
PPTX
Serverspec and Sensu - Testing and Monitoring collide
m_richardson
 
PDF
Kernelci.org needs you!
Mark Brown
 
PPTX
Monitor-Driven Development Using Ansible
Itamar Hassin
 
PPTX
OSDC2014: Testing Server Infrastructure with #serverspec
Andreas Schmidt
 
PDF
CI/CD Using Ansible and Jenkins for Infrastructure
Faisal Shaikh
 
PDF
Continuous Updating with VersionEye at code.talks 2014
Robert Reiz
 
PPTX
Go Faster with Ansible (PHP meetup)
Richard Donkin
 
PPTX
Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec
Edmund Dipple
 
PDF
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
PPTX
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
PDF
Investigation of testing with ansible
Dennis Rowe
 
PPTX
Ansible for large scale deployment
Karthik .P.R
 
PDF
Hacking on WildFly 9
Virtual JBoss User Group
 
PDF
Inside the Chef Push Jobs Service - ChefConf 2015
Chef
 
PPTX
Monitoring Open Source Databases with Icinga
Icinga
 
PDF
High Available Drupal
Bram Vogelaar
 
PDF
Ansible 101 - Presentation at Ansible STL Meetup
Jeff Geerling
 
Introduction to Ansible - Jan 28 - Austin MeetUp
tylerturk
 
DevOps in a Regulated World - aka 'Ansible, AWS, and Jenkins'
rmcleay
 
Ansible Crash Course
Peter Sankauskas
 
Serverspec and Sensu - Testing and Monitoring collide
m_richardson
 
Kernelci.org needs you!
Mark Brown
 
Monitor-Driven Development Using Ansible
Itamar Hassin
 
OSDC2014: Testing Server Infrastructure with #serverspec
Andreas Schmidt
 
CI/CD Using Ansible and Jenkins for Infrastructure
Faisal Shaikh
 
Continuous Updating with VersionEye at code.talks 2014
Robert Reiz
 
Go Faster with Ansible (PHP meetup)
Richard Donkin
 
Verifying your Ansible Roles using Docker, Test Kitchen and Serverspec
Edmund Dipple
 
Ansible introduction - XX Betabeers Galicia
Juan Diego Pereiro Arean
 
What Is Ansible? | How Ansible Works? | Ansible Tutorial For Beginners | DevO...
Simplilearn
 
Investigation of testing with ansible
Dennis Rowe
 
Ansible for large scale deployment
Karthik .P.R
 
Hacking on WildFly 9
Virtual JBoss User Group
 
Inside the Chef Push Jobs Service - ChefConf 2015
Chef
 
Monitoring Open Source Databases with Icinga
Icinga
 
High Available Drupal
Bram Vogelaar
 
Ansible 101 - Presentation at Ansible STL Meetup
Jeff Geerling
 
Ad

Similar to Make your Ansible playbooks maintainable, flexible, and scalable (20)

PDF
Linux Shell Scripting Craftsmanship
bokonen
 
PPTX
InSpec For DevOpsDays Amsterdam 2017
Mandi Walls
 
PDF
Common Challenges in DevOps Change Management
Matt Ray
 
PPTX
Adding Security to Your Workflow With InSpec - SCaLE17x
Mandi Walls
 
PPTX
Ansible as configuration management tool for devops
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
PPTX
DevSecCon London 2017: Inspec workshop by Mandi Walls
DevSecCon
 
PPTX
InSpec Workshop DevSecCon 2017
Mandi Walls
 
PPTX
DevOpsDays InSpec Workshop
Mandi Walls
 
PPTX
Ingite Slides for InSpec
Mandi Walls
 
PPTX
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDays Riga
 
PDF
Ansible - A 'crowd' introduction
Manuel de la Peña Peña
 
PDF
Prescriptive System Security with InSpec
All Things Open
 
PPTX
Prescriptive Security with InSpec - All Things Open 2019
Mandi Walls
 
PPTX
DevOps for database
Osama Mustafa
 
PPTX
Ceph Deployment at Target: Customer Spotlight
Colleen Corrice
 
PPTX
Ceph Deployment at Target: Customer Spotlight
Red_Hat_Storage
 
PDF
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 
PPTX
InSpec - June 2018 at Open28.be
Mandi Walls
 
PPTX
InSpec Workflow for DevOpsDays Riga 2017
Mandi Walls
 
PDF
Ansible, best practices
Bas Meijer
 
Linux Shell Scripting Craftsmanship
bokonen
 
InSpec For DevOpsDays Amsterdam 2017
Mandi Walls
 
Common Challenges in DevOps Change Management
Matt Ray
 
Adding Security to Your Workflow With InSpec - SCaLE17x
Mandi Walls
 
Ansible as configuration management tool for devops
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
DevSecCon London 2017: Inspec workshop by Mandi Walls
DevSecCon
 
InSpec Workshop DevSecCon 2017
Mandi Walls
 
DevOpsDays InSpec Workshop
Mandi Walls
 
Ingite Slides for InSpec
Mandi Walls
 
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDays Riga
 
Ansible - A 'crowd' introduction
Manuel de la Peña Peña
 
Prescriptive System Security with InSpec
All Things Open
 
Prescriptive Security with InSpec - All Things Open 2019
Mandi Walls
 
DevOps for database
Osama Mustafa
 
Ceph Deployment at Target: Customer Spotlight
Colleen Corrice
 
Ceph Deployment at Target: Customer Spotlight
Red_Hat_Storage
 
Inspec: Turn your compliance, security, and other policy requirements into au...
Kangaroot
 
InSpec - June 2018 at Open28.be
Mandi Walls
 
InSpec Workflow for DevOpsDays Riga 2017
Mandi Walls
 
Ansible, best practices
Bas Meijer
 
Ad

More from Jeff Geerling (20)

PDF
Continuous Testing with Molecule, Ansible, and GitHub Actions
Jeff Geerling
 
PDF
2020 Drupal Local Development Tools Survey - CMS Philly
Jeff Geerling
 
PDF
There's a role for that! (AnsibleFest 2019)
Jeff Geerling
 
PDF
Everything I know about Kubernetes I learned from a Raspberry Pi cluster
Jeff Geerling
 
PDF
Real World DevOps - Jeff Geerling's NEDCamp 2018 Keynote
Jeff Geerling
 
PDF
Ansible and Kubernetes
Jeff Geerling
 
PDF
Drupal VM for Drupal 8 Dev - Drupal Camp STL 2017
Jeff Geerling
 
PDF
Drupal VM for Drupal 8 Dev - MidCamp 2017
Jeff Geerling
 
PDF
ProTips for Staying Sane while Working from Home
Jeff Geerling
 
PDF
Highly available Drupal on a Raspberry Pi cluster
Jeff Geerling
 
PDF
Ansible 2 and Ansible Galaxy 2
Jeff Geerling
 
PDF
High Performance Drupal
Jeff Geerling
 
PDF
Ansible for Drupal infrastructure and deployments
Jeff Geerling
 
PDF
Ansible + Drupal: A Fortuitous DevOps Match
Jeff Geerling
 
PDF
DevOps for Humans - Ansible for Drupal Deployment Victory!
Jeff Geerling
 
PDF
Drupal 8 - A Brief Introduction
Jeff Geerling
 
PDF
Server Check.in case study - Drupal and Node.js
Jeff Geerling
 
PPT
Local Dev on Virtual Machines - Vagrant, VirtualBox and Ansible
Jeff Geerling
 
PPT
Florissant TIF - Cross Keys Redevelopment
Jeff Geerling
 
PDF
How to Build a Drupal Module
Jeff Geerling
 
Continuous Testing with Molecule, Ansible, and GitHub Actions
Jeff Geerling
 
2020 Drupal Local Development Tools Survey - CMS Philly
Jeff Geerling
 
There's a role for that! (AnsibleFest 2019)
Jeff Geerling
 
Everything I know about Kubernetes I learned from a Raspberry Pi cluster
Jeff Geerling
 
Real World DevOps - Jeff Geerling's NEDCamp 2018 Keynote
Jeff Geerling
 
Ansible and Kubernetes
Jeff Geerling
 
Drupal VM for Drupal 8 Dev - Drupal Camp STL 2017
Jeff Geerling
 
Drupal VM for Drupal 8 Dev - MidCamp 2017
Jeff Geerling
 
ProTips for Staying Sane while Working from Home
Jeff Geerling
 
Highly available Drupal on a Raspberry Pi cluster
Jeff Geerling
 
Ansible 2 and Ansible Galaxy 2
Jeff Geerling
 
High Performance Drupal
Jeff Geerling
 
Ansible for Drupal infrastructure and deployments
Jeff Geerling
 
Ansible + Drupal: A Fortuitous DevOps Match
Jeff Geerling
 
DevOps for Humans - Ansible for Drupal Deployment Victory!
Jeff Geerling
 
Drupal 8 - A Brief Introduction
Jeff Geerling
 
Server Check.in case study - Drupal and Node.js
Jeff Geerling
 
Local Dev on Virtual Machines - Vagrant, VirtualBox and Ansible
Jeff Geerling
 
Florissant TIF - Cross Keys Redevelopment
Jeff Geerling
 
How to Build a Drupal Module
Jeff Geerling
 

Recently uploaded (20)

PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PPTX
Introduction to Artificial Intelligence
lohedi9363
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Introduction Database Management System for Course Database
ReinertYosua
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Introduction to Artificial Intelligence
lohedi9363
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
AI in Product Development-omnex systems
omnex systems
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 

Make your Ansible playbooks maintainable, flexible, and scalable

  • 1. Make your Ansible playbooks flexible / maintainable / scalable J E F F G E E R L I N G ( @ G E E R L I N G G U Y) # A N S I B L E FEST
  • 2. D E V E L O P E R A U T H O R P H O T O G R A P H E R
  • 3. H O S T E D A PA C H E S O L R
  • 4. D R U PA L V M & M A C D E V P L AY B O O K
  • 5. M E D I A E C O M M E R C E P L AT F O R M
  • 6. L E S S O N S L E A R N E D 1. Stay organized 2. Test early and often 3. Simplify, optimize
  • 8. S TAY O R G A N I Z E D
  • 10. • Playbooks always run from build server
 
 
 
 
 
 
 

  • 11. – J E F F G E E R L I N G “If it's important, it will be forgotten.”
  • 12. R E A D M E 1. Purpose 2. Links (CI, docs, issue tracking) 3. Instructions for local testing
  • 13. S M A L L F I L E S • < 100 lines per file • Start by splitting out related tasks with include_* • Progress to single-responsibility roles
  • 14. R O L E S • Make roles generic • Share roles among projects • Contribute to / use from Galaxy?
  • 17. T E S T E A R LY A N D O F T E N
  • 19. The Ansible CI Spectrum
  • 20. • yamllint • ansible-playbook --syntax-check • ansible-lint • molecule test (integration) • ansible-playbook --check (against prod) • Parallel infrastructure
  • 21. • yamllint • ansible-playbook --syntax-check • ansible-lint • molecule test (integration) • ansible-playbook --check (against prod) • Parallel infrastructure increasing complexity
  • 23. • Heed [DEPRECATION WARNING]s • Read through porting guides • Disable annoying WARN messages:
  • 24. • Heed [DEPRECATION WARNING]s • Read through porting guides • Disable annoying WARN messages: - name: Check if firewalld is installed.
 command: yum list installed firewalld
 args:
 warn: no
 register: firewalld_installed
  • 25. • Target latest Ansible release • Keep CI environment updated
  • 26. S I M P L I F Y, O P T I M I Z E
  • 27. S I M P L I F Y, O P T I M I Z E
  • 28. – J E F F G E E R L I N G “YAML is not a programming language.”
  • 30. • Prefer simple, flat variables over dicts
  • 31. • Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2!
  • 32. • Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2! apache_startservers: 2
 apache_maxclients: 250 ✅
  • 33. • Prefer simple, flat variables over dicts apache:
 startservers: 2
 maxclients: 2! apache_startservers: 2
 apache_maxclients: 250 ✅
  • 34. S P E E D
  • 35. • CI is useless if slow S P E E D
  • 36. • CI is useless if slow • Disable gather_facts if not needed • forks config - fully utilize resources S P E E D
  • 37. M O D U L E S • package - pass list to name instead of a loop • copy - only for single files or small dirs • lineinfile - try to switch to template instead of looping on one file
  • 39. Monday 10 September 22:31:08 -0500 (0:00:00.851) 0:01:08.824 ****** =============================================================================== geerlingguy.docker ------------------------------------------------------ 9.65s geerlingguy.security ---------------------------------------------------- 9.33s geerlingguy.nginx ------------------------------------------------------- 6.65s geerlingguy.firewall ---------------------------------------------------- 5.39s geerlingguy.munin-node -------------------------------------------------- 4.51s copy -------------------------------------------------------------------- 4.34s geerlingguy.backup ------------------------------------------------------ 4.14s geerlingguy.htpasswd ---------------------------------------------------- 4.13s geerlingguy.ntp --------------------------------------------------------- 3.94s geerlingguy.swap -------------------------------------------------------- 2.71s template ---------------------------------------------------------------- 2.64s ... [defaults]
 callback_whitelist = profile_roles, profile_tasks, timer
  • 40. Try other callback plugins! (my fave: yaml)
  • 41. L E S S O N S L E A R N E D 1. Stay organized 2. Test early and often 3. Simplify, optimize
  • 42. T H A N K Y O U ! # A N S I B L E FEST