I am learning Cloud-Init and Ansible. I am wondering, where is the best place to put the user configs, packages to install, etc? into Cloud-init or in the ansible playbooks?
Is it best to have minimal config in the cloud-init, just enough to get and run the ansible playbook? Or, have the base package set and base user config in Cloud-init and have ansible issue the changes, based on the roll for the VM?
Can’t say either way, since I use neither. I’d personally avoid cloud-init, but then, even ansible needs some kind of golden image to apply all the playbooks properly. As far as users are concerned, it shouldn’t be too much of a problem.
I personally really hate ansible (I can’t really say I used it), because of its limitation of loosing state (and the reason I love nixOS). Along years of using it, you’ll realize you either have to do a huge ansible playbook that does redundant steps (add user, delete the same user, set this password, set this new password etc.), or try to crunch it down to the minimum, but then some servers might have missed to states getting applied to them and now you have e.g. a user on a system that should have been deleted, or a password that was not changed to the new one.
I do not really want to discourage you from learning with my pessimism on modern automation tools. They’re still paying good money if you are going to work for a huge enterprise that doesn’t change things often (you’ll rarely see people move away from RHEL, SLES or VMWare). But if you manage to get in a place that’s smaller and flexible, make a move to something more innovative and develop good infrastructure (and document everything, don’t skimp on documentation - and don’t skimp on backups either).
I’d say go with the minimal cloud-init and have ansible set it up. You really don’t want to have to ever modify cloud-init, just make it so ansible can get into it and use ansible to automate everything. I’d also look into a way to detect a new deployment and force an ansible play on the new deployed box (can’t really say how, maybe a snmp trap, an agent that registers with something, or even a bare basic script that runs only once when the system first boots up and gets an ip address - maybe configured in cloud-init).
Cloud-init should be minimal in general, because it’s way more of a PITA to deal with it, than to just run a playbook.
Thank you. I was thinking the same thing, I just wanted to be sure.