The document outlines Viresh Doshi's top 10 Ansible tips based on his experience as a DevOps engineer. The tips include: adding a README to repositories to document purpose; unit testing roles with Molecule; using name and debug modules for readability and troubleshooting; connecting roles to Jenkins CI; using Python virtual environments; templating with Jinja2; ensuring idempotency; using variables consistently; splitting tasks across files; and sharing roles openly. Additional tips are to write modules, use filters, leverage Ansible Galaxy, manage inventories, and enjoy Python and coffee.

1. Top 10 Ansible Tips – Jan 2018
Viresh Doshi’s top tips based on 1
year working as an DevOps Engineer
for a container shipping company.

2. About me
• Over 20 years IT experience
• Started my career working on Air Traffic Systems
with Lockheed Martin
• I have three young kids who hopefully have no
interest in computing!
• I remember life when social meant going down
the pub with your mates
• I love the challenge of making a positive change
• Enjoy getting muddy

3. Recent work history
Maersk Schlumberger ARM
Grass Valley

4. What is Ansible?
• Ansible is a tool that works over SSH to
configure servers and software in a reliable
and repeatable way.
• It satisfies the principle DevOps practice of
Infrastructure as Code (IaC)

5. Other IT automation tools?
• Puppet
• Chef
• Salt
• DSC ( on windows)

6. The top 10 list
Add a README.md
Unit test your Ansible Role using Molecule
Use name and debug modules
Connect your roles to a Jenkins CI server
Use python virtualenv
Use Jina2 templates
Abide by idempotent state
Use variables for everything
Split your tasks up into individual files
Share with the open source community

7. TOP 10
Lets go through the top 10 in some more detail

8. 10

9. README
• Scenario: you have a repository in github that
you have knocked up quickly to satisfy your
immediate goal that is wired into your CD tool
• Problem: you come back to that repo or a
team member has to modify it but they don’t
know what it does because there isn’t the
basic README.

10. README
• README.md files are like the index.html files
of a website.
• It’s the first landing page for a repo
• It uses markup language for annotation
• Add images/diagrams
• Improves the overall quality
• Makes you look like a devops professional

11. 9

12. UNIT TEST USING MOLECULE
• Scenario: when we write code, we always (
cough, cough) create an associated unit test.
• Problem: Where is your unittest for your
ansible role?

13. UNIT TEST USING MOLECULE
What is molecule?
• https://molecule.readthedocs.io/en/latest/
• A framework that helps with the development
and test of ansible roles
• Works really well with testinfra which is a python
module that helps test software and services on
servers.
• https://testinfra.readthedocs.io/en/latest/index.h
tml

14. UNIT TEST USING MOLECULE
Benefits:
• Assert that the service is started
• Assert that the configuration file is created
• Assert that the permissions are correct
• Assert that the version installed is correct
• Assert that the network interfaces are correct
• …

15. UNIT TEST USING MOLECULE
• How to use molecule with testinfra and docker
• $ pip install molecule
• $ pip install testinfra
• $ pip install docker
• $ molecule –init –role ansible_role –driver
docker –verifier testinfra

16. UNIT TEST USING MOLECULE
• What is covered?
• Ansible linting
• Flake 8 and pep8
• Idempotence
• Unit test through testinfra

17. 8

18. Use name and debug modules
Don’t do this:
Do this:
- name: install unzip
package:
name: "{{ item }}"
with_items:
- unzip
- vim
- package:
name: "{{ item }}"
with_items:
- unzip
- vim
Add the name
section for better
readability

19. Use name and debug modules
• Debug statements are harmless and can
improve the confidence in execution
-name:Display all variables/facts known for a host
debug:
var:hostvars[inventory_hostname]
verbosity:4

20. 7

21. Connect your roles to a Jenkins CI
server
• Your role will likely sit inside a git repository.
• Consider connecting the role to Jenkins CI and
run molecule test and assert on the successful
execution

22. 6

23. Use python virtualenv
• You can install Ansible simply by running a couple
of commands in your Bash shell but how can you
be sure that the versions, packages,
dependencies are correct for when you want to
reliably repeat the execution?
• $ pip install virtualenv
• $ virtualenv env1 – will create a new env
• $ source env1/bin/activate
• $ pip install ansible==2.4.3
• $ which ansible

24. 5

25. Use Jina2 templates
• Dynamic settings files using variables
tasks/main.yml
- name: template test
template:
src=myTemplateFile.j2
dest={{ item }}
with_dict: some_dict
vars/main.yml
some_dict:
/path/to/dest1:
var1: 1
var2: 2
/path/to/dest2:
var1: 3
var2: 4
templates/myTemplateFile.j2
test_variable = {{ item.value.var1 }}
test_var_2= {{ item.value.var2 }}

26. 4

27. Abide by idempotent state
An operation is idempotent if the result of
performing it once is exactly the same as the
result of performing it repeatedly without any
intervening actions.
• specify a final state
• Command or shell module
• Molecule will test for idempotency

28. 3

29. Use variables for everything
• Simple advice
• Don’t hardcode variables
• Split out variables that contain say versions
• program_linux_version_1.3.1.rpm
• Extract {{platform}} , {{version_num}}

30. 2

31. Split your tasks up into individual files
• Very long playbooks are a bad practice
• Consider splitting up common tasks into
separate files and use the include module to
slurp them in

32. 1

33. Share with the open source
community
• Upload your role to github
• Share on ansible-galaxy
• Create a README
• Hook up to Travis CI

34. Bonus list
1. Write your own Ansible module
2. Explore the usage of filters
3. Use galaxy Ansible
4. Use inventories
5. love Python
6. Drink coffee