Hi,
We are new to using ansible, and I saw something while going through our early code that had me worried. I have CoderA and CoderB that are starting to create roles and tasks. In one Task, coderA adds IIS features, but coderB, in another role , also adds some IIS features in a Task, and also make sure other features are absent, but some of those features are installed by CoderA role. You can see the problem when both roles will be applied to the same machine.
In powershell DSC, there are failsafe in place to prevent this: When code tries to change something that was defined somewhere else, powershell will raise an error at the mof creation and prevent this. Is there some failsafe n Ansible too to prevent a task from undoing what another does? If not, what is the best way to avoid this?(code review won’t catch them all)
Thanks 
Hi,
We are new to using ansible, and I saw something while going through
our early code that had me worried. I have CoderA and CoderB that are
starting to create roles and tasks. In one Task, coderA adds IIS features,
but coderB, in another role , also adds some IIS features in a Task, and
also make sure other features are absent, but some of those features are
installed by CoderA role. You can see the problem when both roles will
be applied to the same machine.
This is easily solved by having the code one place, many people uses a git repository for that job.
And to add more security you can have code review before it get into production.
In powershell DSC, there are failsafe in place to prevent this: When code
tries to change something that was defined somewhere else, powershell will
raise an error at the mof creation and prevent this. Is there some
failsafe n Ansible too to prevent a task from undoing what another does?
If not, what is the best way to avoid this?(code review won't catch them
all)
Ansible is declarative so the code you run says I want is to be configure like this and Ansible does what it's told and make the configuration that way.
So you need something outside of Ansible to make sure this doesn't happens.
Code review and testing in different stages should catch this, if not you have some improvements to do in the work flow.
Hi, thanks for the reply.
What you describe will help a bit, but is not error proof when you have thousands of line of code(and any infrastructure will reach that point quickly). Human make mistake, or are lazy, so eventually, 2 pieces of code that change the same setting will happen. One really nice thing about Powershell DSC is that it balks when you try to do something like that, so I was hoping it would be the same with ansible.