[openstack-dev] [TripleO] Forming our plans around Ansible

Lars Kellogg-Stedman lars at redhat.com
Mon Jul 10 15:37:40 UTC 2017

On Fri, Jul 7, 2017 at 1:50 PM, James Slagle <james.slagle at gmail.com> wrote:

> There are also some ideas forming around pulling the Ansible playbooks
and vars out of Heat so that they can be rerun (or run initially)
> independently from the Heat SoftwareDeployment delivery mechanism:

I think the closer we can come to "the operator runs ansible-playbook to
configure the overcloud" the better, but not because I think Ansible is
inherently a great tool: rather, I think the many layers of indirection in
our existing model make error reporting and diagnosis much more complicated
that it needs to be.  Combined with Puppet's "fail as late as possible"
model, this means that (a) operators waste time waiting for a deployment
that is ultimately going to fail but hasn't yet, and (b) when it does fail,
they need relatively intimate knowledge of our deployment tools to
backtrack through logs and find the root cause of the failure.

If we can offer a deployment mode that reduces the number of layers between
the operator and the actions being performed on the hosts I think we would
win on both fronts: faster failures and reporting errors as close as
possible to the actual problem will result in less frustration across the

I do like Steve's suggestion of a split model where Heat is responsible for
instantiating OpenStack resources while Ansible is used to perform host
configuration tasks.  Despite all the work done on Ansible's OpenStack
modules, they feel inflexible and frustrating to work with when compared to
Heat's state-aware, dependency ordered deployments.  A solution that allows
Heat to output configuration that can subsequently be consumed by Ansible
-- either running manually or perhaps via Mistral for
API-driven-deployments -- seems like an excellent goal.  Using Heat as a
"front-end" to the process means that we get to keep the parameter
validation and documentation that is missing in Ansible, while still
following the Unix philosophy of giving you enough rope to hang yourself if
you really want it.

Lars Kellogg-Stedman <lars at redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20170710/33221f48/attachment.html>

More information about the OpenStack-dev mailing list