Feedback on my playbook

This is not a problem but rather a nice question.
I am very new to Ansible and want to automate my parts of my online business.
I just developed this playbook (all variables are highly dynamic and get set via the cli).
It is used to open and close ports for firewalls at a digital hosting provider:

---
- name: Open/Close Port in Hetzner Cloud Firewall
  hosts: localhost
  gather_facts: no
  vars:
    HCLOUD_TOKEN: stored in ansible_vault
  tasks:
    - name: Obtain Existing Rules
      hetzner.hcloud.firewall_info:
        api_token: "{{ HCLOUD_TOKEN }}"
        name: "{{ xserver | mandatory }}"
      register: fw_info
      failed_when: fw_info.hcloud_firewall_info == []

    - name: Save New Rule
      set_fact:
        new_rule:
          - "description": null
            "destination_ips": []
            "direction": "in"
            "port": "{{ xport | mandatory }}" # port is a reserved variable
            "protocol": "{{ xprotocol | mandatory }}" # could default to tcp but that will probably cause more errors
            "source_ips": ["0.0.0.0/0","::/0"]
      when: xaction is undefined or xaction == "add" # action is a reserved variable so we stick to the x<variable> scheme

    - name: Merge to Final Ruleset (Add)
      set_fact:
        ruleset: "{{ fw_info.hcloud_firewall_info[0].rules + new_rule }}"
      when: xaction is undefined or xaction == "add"

    - name: Merge to Final Ruleset (Remove)
      set_fact:
        ruleset: "{{ fw_info.hcloud_firewall_info[0].rules | rejectattr('port', 'eq', xport) }}" # protocol will probably not matter
      when: xaction == "remove"

    - name: Apply Ruleset
      hetzner.hcloud.firewall:
        api_token: "{{ HCLOUD_TOKEN }}"
        name: "{{ xserver | mandatory }}" # naming scheme for firewalls is important!
        rules: "{{ ruleset | mandatory }}"
        state: present

I tried my best with error handling but in the end the module catches everything anyway. What do you think? Is this production-ready or am I missing some best-practices or crucial techniques?

Thanks a lot in advance!

Personally, I like to add a comment right after the --- line that is just the name of the file. In this case,

# maxbrc_01.yml

Otherwise, you should get into the habit of running ansible-lint on everything, and have good reasons for justifying not taking whatever advice it gives. In the case of this file (with the added line 2 comment) it yields this:

WARNING  Listing 7 violation(s) that are fatal
yaml[truthy]: Truthy value should be one of [false, true]
maxbrc_01.yml:5

var-naming[pattern]: Variables names should match ^[a-z_][a-z0-9_]*$ regex. (HCLOUD_TOKEN)
maxbrc_01.yml:7

fqcn[action-core]: Use FQCN for builtin module actions (set_fact).
maxbrc_01.yml:16 Use `ansible.builtin.set_fact` or `ansible.legacy.set_fact` instead.

yaml[commas]: Too few spaces after comma
maxbrc_01.yml:24

fqcn[action-core]: Use FQCN for builtin module actions (set_fact).
maxbrc_01.yml:27 Use `ansible.builtin.set_fact` or `ansible.legacy.set_fact` instead.

fqcn[action-core]: Use FQCN for builtin module actions (set_fact).
maxbrc_01.yml:32 Use `ansible.builtin.set_fact` or `ansible.legacy.set_fact` instead.

yaml[new-line-at-end-of-file]: No new line character at the end of file
maxbrc_01.yml:42

Read documentation for instructions on how to ignore specific rule violations.

                       Rule Violation Summary                        
 count tag                           profile    rule associated tags 
     1 var-naming[pattern]           basic      idiom                
     1 yaml[commas]                  basic      formatting, yaml     
     1 yaml[new-line-at-end-of-file] basic      formatting, yaml     
     1 yaml[truthy]                  basic      formatting, yaml     
     3 fqcn[action-core]             production formatting           

Failed: 7 failure(s), 0 warning(s) on 1 files. Last profile that met the validation criteria was 'min'.
1 Like

Wow, I didn’t know there was such a practical tool.
Definitely going to run through all of my playbooks.
Thanks @utoddl !