General talk

Ansible

Bad

I have mentioned, that I do not like Ansible, now I remember why: it has push based architecture, which means:

1. Ansible management host must have an extra piece of information (,- how to access each and every server. This is not a problem when there is a management VLAN that can access port 22 on every host. It becomes quite a task when managed services run in a service bubbles and Ansible job has to use ssh ProxyCommand to jump through bastion hosts.
2. Push architecture present a challenge when it comes to scaling: in a situation with N management hosts, there shall be an additional entity that would synchronize jobs between Ansible masters.
3. From what I see in 1.9 Ansible, it does at least 3 separate ssh connections to a single server to manage one particular item. From my experience, fully configured server has around 500 (give or take, in server farm i manage now, average is 900), which means 1500 connection to a single server. This is some serious trade-off for Ansible being agent less.
4. to mitigate points above Ansible provides and pull architecture with agent and all, but that diminishes whole beauty of it in my opinion (also both alternatives look like dodgy hacks): - Accelerated mode - installs temporary agent every time there is a need to do something on the server (this requires an extra port open, and will not work in service bubbles) - install Ansible everywhere and have nodes get playbooks from git (which would required powerful git server for starters)

Good

Now I have tried this and that with Ansible, and here's why I like it

It is actually very good tool to help with tediuos things like release, where one needs to do load of tasks in a particular order every now an then. Playbook shine here, I'm actually considering using it as an orchestration tool alongside MCollective. MCollective is great when it comes to discovery, or executing a simple task or two on serious amount of servers, but it's nowhere near Ansible when task becomes somewhat complicated.