No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 59: | Line 59: | ||
The following roles don't seems to be used : | The following roles don't seems to be used : | ||
ansible-ansible-awx | ansible-ansible-awx | ||
bugyou | autocloud | ||
fas3_server | <del>bugyou</del> | ||
<del> fas3_server</del> | |||
fedora-docs-old (might still use it) | fedora-docs-old (might still use it) | ||
graphite | <del>graphite</del> | ||
hotness (now in openshift ? double check prod) | hotness (now in openshift ? double check prod) | ||
hubs | <del>hubs</del> | ||
mariadb_server (beaker is going away, so we can remove at the same time) needed by wiki | mariadb_server (beaker is going away, so we can remove at the same time) needed by wiki | ||
nginx | nginx |
Latest revision as of 10:44, 23 April 2019
This is a shorthand list of items we could focus on to improve the shape of our ansible repository.
Point of contact: Clément Verna
Why?
Our ansible repository has accumulated technical debt and it is sometime quite difficult to know what is good and what is not.
What?
There are a few things we could do to improve our ansible repo :
- run ansible-lint on the repo and go through the issues
- run a yaml formatter on the repo
- go through our playbooks and role to see if there anything that is not used anymore
- seek opportunity to refactor, make more generic some roles.
- fix failing hosts. We have a small list of hosts from my last master run where they don't complete. Figure out why and fix it.
- check/diff fixing, We have ansible run a --check --diff job every nigh, and it finds changes. So these are idempotency issues. Either check does something different, real run does something different, or real runs change something then change it back. Ideally it would be nice to do this after a mass update/reboot cycle to also fix all the changes that appear after reboot.
More ?
When?
It would be good to make a sprint cleaning pass. That can be a good thing to do to before or just after moving our repo to be hosted on pagure.io so we can use PR workflow and make it easy for new contributor to help.
Who?
Volonteers ? maybe we can involved community members and run a apprentice day ?
ansible-lint
ansible-lint detects behaviors and practices that could potentially be improved.
- Benefits:
The main benefit is to help keeping our ansible code consistent, there is also possibility to add custom rules so if we feel that we want to enforce certain practices that would be a good place.
- Implementation:
I think the best would be to set this as a pre-commit hook, the other possibility is to hook that to a CI pipeline and run it on PR's but that will not be run against the commit that are directly pushed to the repo.
yaml-lint
yamllint checks for syntax validity, but for weirdnesses like key repetition and cosmetic problems such as lines length, trailing spaces, indentation, etc.
- Benefits:
Similar to ansible-lint, this will insure we stay consistent in the our yaml styling, also yaml is quite picky on whitespace and syntax so that would help not committing invalid syntax.
- Implementation:
Similar to ansible-lint, either a pre-commit hook, or a CI pipeline.
Unused playbooks or roles
I am not sure if there would be an easy way to check for unused playbooks or roles, other than going through them one by one. Ideas ?
- Benefits:
Makes the repository simpler to navigate.
- Implementation:
The following roles don't seems to be used :
ansible-ansible-awx autocloudbugyoufas3_serverfedora-docs-old (might still use it)graphitehotness (now in openshift ? double check prod)hubsmariadb_server (beaker is going away, so we can remove at the same time) needed by wiki nginx paste (we use modernpaste now ?) plus-plus-service (check with pingou) redis ( ansible galaxy ?) regcfp ? summershum
Role Refactoring
Again here, we should look at roles that are similar and see if we can make them more generic. Also not sure how to identify these roles.
- Benefits:
Makes the repository simpler to navigate.
- Implementation:
TBD
Fix Failing hosts
- Benefits:
Makes sure we are in a position to rebuild all the hosts.
- Implementation:
We have a small list of hosts from the last master run where they don't complete. Figure out why and fix it.
Check/diff fixing
- Benefits:
Makes sure that we do not loose important configuration or patch if we need to rebuild the hosts.
- implementation:
Go through the diff and fix it when needed.