Does Ansible prevent 2 Tasks from modifying the same part of a system?(thus, Task 2 undoing what Task 1 did)
20 views
Skip to first unread message
Sylvain Martel
Jan 25, 2019, 9:23:24 AM1/25/19
to Ansible Project
Hi,
We are new to using ansible, and I saw something while going through our early code that had me worried. I have CoderA and CoderB that are starting to create roles and tasks. In one Task, coderA adds IIS features, but coderB, in another role , also adds some IIS features in a Task, and also make sure other features are absent, but some of those features are installed by CoderA role. You can see the problem when both roles will be applied to the same machine.
In powershell DSC, there are failsafe in place to prevent this: When code tries to change something that was defined somewhere else, powershell will raise an error at the mof creation and prevent this. Is there some failsafe n Ansible too to prevent a task from undoing what another does? If not, what is the best way to avoid this?(code review won't catch them all)
Thanks :)
Kai Stian Olstad
Feb 2, 2019, 7:16:00 AM2/2/19
to ansible...@googlegroups.com
On 25.01.2019 15:23, Sylvain Martel wrote:
> Hi,
>
> We are new to using ansible, and I saw something while going
> through
> our early code that had me worried. I have CoderA and CoderB that are
> starting to create roles and tasks. In one Task, coderA adds IIS
> features,
> but coderB, in another role , also adds some IIS features in a Task,
> and
> also make sure other features are absent, but some of those features
> are
> installed by CoderA role. You can see the problem when both roles
> will
> be applied to the same machine.
This is easily solved by having the code one place, many people uses a
> Hi,
>
> We are new to using ansible, and I saw something while going
> through
> our early code that had me worried. I have CoderA and CoderB that are
> starting to create roles and tasks. In one Task, coderA adds IIS
> features,
> but coderB, in another role , also adds some IIS features in a Task,
> and
> also make sure other features are absent, but some of those features
> are
> installed by CoderA role. You can see the problem when both roles
> will
> be applied to the same machine.
git repository for that job.
And to add more security you can have code review before it get into
production.
> In powershell DSC, there are failsafe in place to prevent this: When
> code
> tries to change something that was defined somewhere else, powershell
> will
> raise an error at the mof creation and prevent this. Is there some
> failsafe n Ansible too to prevent a task from undoing what another
> does?
> If not, what is the best way to avoid this?(code review won't catch
> them
> all)
configure like this and Ansible does what it's told and make the
configuration that way.
So you need something outside of Ansible to make sure this doesn't
happens.
Code review and testing in different stages should catch this, if not
you have some improvements to do in the work flow.
--
Kai Stian Olstad
Sylvain Martel
Feb 2, 2019, 8:27:38 AM2/2/19
to Ansible Project
Hi, thanks for the reply.
What you describe will help a bit, but is not error proof when you have
thousands of line of code(and any infrastructure will reach that point
quickly). Human make mistake, or are lazy, so eventually, 2 pieces of
code that change the same setting will happen. One really nice thing
about Powershell DSC is that it balks when you try to do something like
that, so I was hoping it would be the same with ansible.
Reply all
Reply to author
Forward
0 new messages