Thanks for spreading Ansible, though there are a lot of things in here I want to correct.
I do wish you wouldn’t spread things like “requires homogeneity” as that’s not true at all.
Group_by and when exist for dealing with those things, and just abstracting the choice of package manager never solves the need for different package names of the way apps are managed differently in Ubuntu and Red Hat (see Apache for a great example). Lots of folks do that, including the main AWX setup playbooks which you can take a look at.
The convergence stuff is also pretty well wrong, in fact, all the modules are very resource based, with a model copied directly from Puppet. Order matters, just like Chef – however, unlike either, the language is MUCH simpler and you can more easily decide how to do things. Is it true that it doesn’t build a model of what that system does up front? Yes, it’s resource-by-resource based so one result is allowed to influence another, which is how it makes most of the IT orchestration possible.
Installing logstash could also be done in a role prior to role deps
The easiest way to handle secret data is just have it in a different repo. IIRC, Ansible-vault isn’t so much a work in progress as something that needs to be designed, which is on the list, but not always the most pressing thing to tackle
No, there aren’t frameworks like cucumber for Ansible. There shouldn’t be, because these suck (once again, you’re going down the Infrastructure-as-Code route, which is NOT US), and I will throw big heavy rocks at them. However, its super easy to call any kind of unit test you want in your main playbook.
I also disagree that any abstractions to allow for reuse are missing.