ansible playbooks git module usage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings. 

In my continuing quest to get our daily ansible check/diff report to be
0 and all playbooks to be idempotent I have run into a case I would
like to ask everyone about. :) 

The ansible git module is in use in a number of playbooks/roles now. By
default (or if you specify update=yes) it will do a git pull to pull
the latest changes, so it's not idempotent (ie, when running --check it
always shows such tasks as changed because it cannot know if there's
going to be new data or not)

There's a number of ways we could handle this: 

1. Set all git: module usage to have 'update=no'. This means you would
need a manual playbook or 'git pull' to pick up changes in the repo(s).
Also, if there was an existing repo on an old commit that was working
and the machine was reprovisioned, it would have a different checkout
and could perhaps not work. 

2. Set all git: module usage to use 'version=SHA-1'. This means a
specific commit is checked out. There wouldn't be any changes normally
in check mode. Rebuilding a machine would mean you get the same exact
(hopefully working) SHA-1 you had before. Downside would be that you
would have to update this anytime you needed a new commit. 

3. Set all git: module usage to have 'changed_when: False' so they
would never show as changed. However, this would break places where
there's handlers that run when the git repo updates. 

4. Set all git: modules to when: not ansible_check_mode, so they don't
even run in check mode. However, this will break all the places that
register an output from the git module, so it won't work there. 

5. Weed out these git changes from our reports so they still are
changed, but don't annoy me. 

Personally, I am torn between 1 and 2 and dislike 3 and 4 and really
dislike 4. 

Any other ideas? Or opinions on which way to go?

kevin

Attachment: pgpJmi8lUrt1h.pgp
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux