> Use python over SSH. Super fast to begin, if you can ssh into the server, you can run the equivalent of shell commands (subprocess calls in python) remotely.
This literally describes ansible. In fact, ansible one-ups this because you can specify raw commands if python is not installed remotely [1].
Ansible provides lots of modules, you don't have to use any of them. I have plenty of 1-off ansible playbooks that I don't care about idempotency that are just a bunch of 'cmd' statements. It's a very flexible tool.
Can't say I've ever really thought of YAML as complex. Especially when the Ansible modules are translating things so you can just define the action you want to take, and each module is very well documented.
Embedding python in yaml has a ton of gotchas for cases where string processing doesn't quite line up with the way yaml wants things. Variable interpolation is also a real mess.
Typically the recommendation is to write your own python plugin/filter/test if you find yourself writing a lot of python in yaml, that way the yaml stays sane and readable, and just has some light Jinja.
This is my main issue with Ansible: as soon as you run a single raw shell command, haven't the main benefits of Ansible just disappeared? And wouldn't it be likely that you'll probably need to do this pretty regularly?
Some of the modules seem pretty pointless as well, like the synchronize files one; why not just use rsync directly? And while you're at it, just SSH to servers from shell! Sure, you would need something similar to the inventory, but that wouldn't be too difficult to come up with...
I think investing time in building a library of idempotent shell scripts instead is the way to go personally.
You can have your shell commands be idempotent. For instance, I have a number of places where I trigger a shell command only if an Ansible managed file changes.
It's only non-idempotent if the shell command runs every time, and the shell command itself isn't idempotent.
The reason for some of the "pointless" modules is that they integrate into Ansible better. I.e. for synchronize, you can run Ansible with the "--check" option, which won't change anything, but will report back what would be changed if you actually executed it. Running rsync in a shell command doesn't have that option because Ansible has no idea what that command does.
My bigger issue with Ansible is that the YAML is annoying. The looping behavior is frustrating, variable precedence is weird, IDE autocompletion is generally lacking. I wish they had designed a sane way to just write Python code.
> In fact, ansible one-ups this because you can specify raw commands if python is not installed remotely
GP's description of fabric is slightly wrong - it's not python over ssh, it's ssh in python. You only need python locally, fabric runs shell commands remotely.
This literally describes ansible. In fact, ansible one-ups this because you can specify raw commands if python is not installed remotely [1].
Ansible provides lots of modules, you don't have to use any of them. I have plenty of 1-off ansible playbooks that I don't care about idempotency that are just a bunch of 'cmd' statements. It's a very flexible tool.
1: https://docs.ansible.com/ansible/latest/modules/raw_module.h...