[traverseda]

One example where I personally ran into trouble with ansible was in dealing with SSL certificates. In production we use letsencrypt to generate SSL certificates as you'd expect, but for testing we were using self-signed certificates. This was surprisingly complicated under the ansible model, basically I ended up writing a reusable playbook that worked more or less as a function, and running a hook at the end to actually create the keys. Due to the specifics of our app depending on what kind you needed the actual certificate paths got the certificates were different.

So I ended up doing some crazy hacks passing around state instead of just writing a function.

[Terretta]

Feels as though perhaps this should have dropped from playbook into a module?

https://docs.ansible.com/ansible/latest/dev_guide/developing...

Then just writing a function.

[senorsmile]

It should have at least become a role that could be called in the different contexts of the environment it was targetting. Ansible's real power is in the hierarchical inventory, which can be used to efficiently describe the state of all of the things (I use it for everything from cloud things to specific machine things).

[traverseda]

Sure, but there's something to be said for locality of behavior.