Ansible continues to frustrate. It’s one of those tools that looks good at the outset but as you use it more, you begin to question its fundamentals.
Here’s a simple example of an Ansible design decision that is both deeply embedded and probably deeply wrong. (This comes courtesy of my partner Peter, who did the spelunking under Ansible’s hood.)
Ansible consumes YAML that defines a configuration. YAML values can be Jinja2 template strings, if desired. (Apparently, Ansible merely sniffs for telltale opening double braces to decide whether to send a string through Jinja.) That’s useful as far as it goes.
But after rendering these mini-templates, Ansible next calls Python’s
eval(...) on the resultant string. If this happens not to blow up, Ansible tosses the python instance that results down the chain rather than the rendered string. Yet there are many configuration strings that you might want to keep as strings that nevertheless happen to
eval(...) successfully. For example: JSON literals, certain RabbitMQ configuration syntax, etc.
There’s no facility to be selective here. Just another day of software.