aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-12-14 17:52:36 +0100
committerAlex Auvolat <alex@adnab.me>2022-12-14 17:52:36 +0100
commitcc70cdc660ff648772eda78cfd3bfb766b3fa5b3 (patch)
tree58c904c0ef76fb14c66fadecdb43621af8de7eb9
parent85130033883bd9ceb61b2b1d7a9b085b273c7d8d (diff)
downloadnixcfg-cc70cdc660ff648772eda78cfd3bfb766b3fa5b3.tar.gz
nixcfg-cc70cdc660ff648772eda78cfd3bfb766b3fa5b3.zip
write about why not ansible
-rw-r--r--README.md38
1 files changed, 38 insertions, 0 deletions
diff --git a/README.md b/README.md
index 7dac27b..412ee46 100644
--- a/README.md
+++ b/README.md
@@ -81,6 +81,44 @@ Finally you should see be able to access the production Nomad and Consul by brow
- Nomad: http://localhost:4646
+## Why not Ansible?
+
+I often get asked why not use Ansible to deploy to remote machines, as this
+would look like a typical use case. There are many reasons, which basically
+boil down to "I really don't like Ansible":
+
+- Ansible tries to do declarative system configuration, but doesn't do it
+ correctly at all, like Nix does. Example: in NixOS, to undo something you've
+ done, just comment the corresponding lines and redeploy.
+
+- Ansible is massive overkill for what we're trying to do here, we're just
+ copying a few small files and running some basic commands, leaving the rest
+ to NixOS.
+
+- YAML is a pain to manipulate as soon as you have more than two or three
+ indentation levels. Also, why in hell would you want to write loops and
+ conditions in YAML when you could use a proper expression language?
+
+- Ansible's vocabulary is not ours, and it imposes a rigid hierarchy of
+ directories and files which I don't want.
+
+- Ansible is probably not flexible enough to do what we want, at least not
+ without getting a migraine when trying. For example, it's inventory
+ management is too simple to account for the heterogeneity of our cluster
+ nodes while still retaining a level of organization (some configuration
+ options are defined cluster-wide, some are defined for each site - physical
+ location - we deploy on, and some are specific to each node).
+
+- I never remember Ansible's command line flags.
+
+- My distribution's package for Ansible takes almost 400MB once installed,
+ WTF??? By not depending on it, we're reducing the set of tools we need to
+ deploy to a bare minimum: Git, OpenSSH, OpenSSL, socat,
+ [pass](https://www.passwordstore.org/) (and the Consul and Nomad binaries
+ which are, I'll admit, not small).
+
+
## More
Please read README.more.md for more detailed information
+