Saturday, January 7, 2017

Ansible philosophy for AWS

A devops guy recommended Musashi's book "Five Rings". Musashi was a Samurai who lived long - a rare event, apparently. It is a book on strategy. The book is very short but he explains that this is fine. The phrase "from one thing flows a thousand things" appears repeatedly. Learn one thing well and many things will flow from it.

I will go a step further and say that if many things flow from learning something, it is a good investment, and apply these two phrases to AWS and Ansible.

AWS is fundamentally programmable infrastructure. Study aws help on the command line and you will be able to do everything that is worth doing in AWS. The quality of an API often depends on the number of users and the level of support. There are tens of thousands of certified AWS developers and many more uncertified ones and most of those use the AWS cli for at least some of their work. And the cli is maintained by Amazon itself. That indicates a pretty reliable and well maintained API. It is good.

Ansible fundamentally describes the desired state of infrastructure and has a command to make reality correspond to the desired state. Ansible scripts are structured data, which aligns well with defining machine-readable state. It is promising.

Now for combining Ansible with AWS. Ansible has many modules that replicate part of the AWS API. That already tells you that you probably don't want to go anywhere near those modules. Unsurprisingly many of them are broken or incomplete. Furthermore their language doesn't correspond cleanly to the AWS API.

Happily there is a clean alternative. All the data sent and returned by the AWS cli comes as JSON blobs; structured data that can be compared easily with state defined in Ansible. By focusing on manipulating structured data in Ansible you can find clean and compact ways of testing whether the real AWS state corresponds to your intended state.  The json_query filter that implements JMESpath is your friend. Likewise when theory != reality you will be able to make theory == reality. The only two phrases that matter in Ansible are "Is it so?" and "Make it so!".

Thank you, Musashi.

No comments:

Post a Comment