
Puppet 4 is now production-ready - crypt1d
https://puppetlabs.com/blog/say-hello-open-source-puppet-4
======
smegel
Sorry, switched to Ansible last month and haven't looked back.

Edit: Actually I have looked back, in horror and disbelief that I put up with
Puppet for so long.

~~~
WestCoastJustin
For anyone wondering what Ansible is, or what is allows you to do, here's a
basic overview screencast I put together [1]. Cannot recommend it enough, as
the barrier to entry is simply so small, that you can get up and running in no
time. The 250+ built in modules are also a killer feature, no hunting around
for added logic to make things "just work" off the starting line. I kind of
think Ansible hit a sweet spot, coming to market after Puppet/Chef, in that
they learned from the ecosystem, and adapted their tool for the pain points.
There is also no reason you could not use Puppet with Ansible (rolling
upgrades, quick patches, etc).

Happy to answer any questions too.

PS. Bit of a disclaimer: The screencast is a four part series, the first
episode is free, and the remain three parts require a subscription. Did not
want to bait and switch you. The first episode will give you enough to know
what Ansible is all about though.

[1] [https://sysadmincasts.com/episodes/43-19-minutes-with-
ansibl...](https://sysadmincasts.com/episodes/43-19-minutes-with-ansible-
part-1-4)

~~~
smegel
If you are an Ansible dev, I actually do have a question.

I am a bit stumped as to how to "call" a role from other roles with different
variables, so as to deploy the same template with different parameters.

Currently I am putting the template in a separate role (with a task to deploy
it), and then including it several times from other roles, e.g.

# role X

\- include: ../../common/tasks/foo.yml # deploys
../../common/templates/my.conf.j2

    
    
      - vars: x=33
    

# role Y

\- include: ../../common/tasks/foo.yml # deploys
../../common/templates/my.conf.j2

    
    
      - vars: x=42
    

Is there a better way to do this? It would be nice to be able to "call" a
role/task with parameters, to be able to reuse common elements like templates
and task logic.

~~~
BadassFractal
You can pass parameters to roles:
[http://docs.ansible.com/playbooks_roles.html#role-
dependenci...](http://docs.ansible.com/playbooks_roles.html#role-dependencies)

~~~
smegel
I was somewhat aware of dependencies, but they don't really do what I want.

I want to be able to execute a role (or task within a role), much like calling
a function, that will be executed at the point it is called (dependencies are
all executed before the role executes.

I may also want to call the "function" multiple times within a role, with
different parameters, to, for example, deploy a template several times to
different named files. And yes, dependencies can execute roles multiple times,
but this is business logic that belongs in the main role file, not in a meta
file. And from what I can see, dependencies can only call a role as a whole,
not a part (or task) therein.

Basically what I have with "include" does exactly what I want, but it would be
nice if it was a bit more explicit that I was calling a role component,
something like:

# Role X

\- name: deploy conf files

    
    
      callrole: common::deployconf
    
      args: name={{ item.name }} val={{ item.val }}
    
      with_items:
    
        - { name: 'conf1', val: 33 }
    
        - { name: 'conf2', val: 42 }
    

Where callrole::conf corresponds to roles/common/tasks/deployconf.yml. This
might allow for more powerful constructs than is available by simply using
include.

~~~
skywhopper
IIRC, they specifically removed this functionality a few versions ago. Their
stated reasoning was never clear to me. Something about a lack of clarity
regarding which variables passed through how.

It might be possible to write a plugin of some sort that adds the
functionality you want.

------
hanlec
I've kept an eye on this space---automation is not my day job--and I have to
say that I still cannot put my finger on Puppet or Chef or Salt or Ansible.

~~~
duggan
Automation _is_ my day job and I'm still not convinced any of them is a
significant improvement over a well maintained set of shell scripts and
Makefiles.

~~~
crdoconnor
IMHO puppet isn't significantly better than bash scripts. There are some
improvements, but it has significant drawbacks too.

Ansible is way better though, mainly due to:

* Idempotence

* Templating

* Being declarative (turing completeness in a language = more likely to be buggy)

~~~
e12e
I agree with you, but re: templating: if you're using shell scripts, why not
use m4 as well?

Shell of course has templating -- but it's a little dangerous...:

    
    
      template=teapot size=short build=stout \
      cat <<eof > teapot.conf
      I'm a $template - $size and $build. I live at $(hostname).
      eof
    

[ed: m4 is a little like cpp (the c pre-prosessor) on steroids (or acid). To
get a feel for how it relates to templating for config files etc, see eg:

[http://box.matto.nl/m4.html](http://box.matto.nl/m4.html) ]

~~~
mercurial
At first glance, I don't see that m4 does anything jinja2 (Ansible's
templating system) doesn't do better.

~~~
23david
If we're discussing templating languages, I definitely prefer Mako over Jinja2
and think it's much more appropriate for devops templating. But Jinja2 is the
default in a lot of projects, including Saltstack and Ansible, and it's hard
to fight the currents all the time.

~~~
mercurial
What do you like more about Mako? I haven't used it in years, but I remember
it being fairly similar in capabilities to Jinja2.

~~~
23david
Not sure if it's a good idea for me to wade into that particular religious
war... :-)

Some good comments on both sides here:

[http://www.quora.com/Python-Web-Frameworks/What-are-the-
adva...](http://www.quora.com/Python-Web-Frameworks/What-are-the-advantages-
and-disadvantages-of-using-Mako-vs-Jinja2)

[http://www.reddit.com/r/Python/comments/ktjm2/jinja2_or_mako...](http://www.reddit.com/r/Python/comments/ktjm2/jinja2_or_mako_templating/)

[http://stackoverflow.com/questions/3435972/mako-or-
jinja2](http://stackoverflow.com/questions/3435972/mako-or-jinja2)

------
girvo
Is it weird that I've basically replaced Puppet/Chef/Ansible with Dockerfiles
and Docker Compose?

~~~
Nux
Not necessarily weird, but docker will not give you the same coverage and
capabilities, we could invoke the "apples and oranges" comparison here.

~~~
Gigablah
I'm wondering about a possible execution mode for Ansible where instead of
connecting via SSH and uploading/running each task, you dump each task in a
shared volume and run them in a container with docker exec. Then you can
commit the final result to an image.

~~~
Terretta
Like Packer?

[https://www.packer.io/intro/getting-
started/provision.html](https://www.packer.io/intro/getting-
started/provision.html)

~~~
Gigablah
I was under the impression that Packer was used to create machine images for
EC2 and DigitalOcean, but apparently it supports building Docker images now.
That's perfect!

I'll have to make some changes to my pipeline :)

------
gog
I moved most of my projects to Ansible, but I have a project that is still on
Puppet and I really would like to move on.

The reason is that I need a centrally managed server where clients pull for
changes because the clients are not online all of the time.

Does anybody have experience with Ansibles pull model explained here
[http://jpmens.net/2012/07/14/ansible-pull-instead-of-
push/](http://jpmens.net/2012/07/14/ansible-pull-instead-of-push/) ?

