How Spotter helps Systems Architects reach trustable automation

9. maj 2023 - Avtor The Spotter team

9. maj 2023
Avtor The Spotter team

This post was originally published on the XLAB Steampunk blog.

We talked with Sebastian Gumprich, a Systems Architect and DevOps enthusiast, who was one of the first early adopters of Steampunk Spotter and provided us with valuable insights for improvements.

Sebastian works at Telekom MMS GmbH, which offers a broad scope of IT services to its customers. In his role within the operations department, which provides infrastructure, management and hosting of customer’s applications, Sebastian is responsible for developing solutions to improve and automate the work of all operations teams. The company relies heavily on automation, especially Red Hat Ansible, to ensure the best possible quality of services.

How does Sebastian do automation with Ansible, what tools does he use along the way and how does Spotter enlighten his way towards trustable automation? Read on to find out.

DevOps process and automation tools

One tool that is essential to Sebastian’s work is Ansible. And since most of the tools he uses are open source, he tries to release all of their tools as open source as well. These tools are designed for a wide range of customer configurations, which can make the code quite complex. Hence, he relies on contributions from colleagues and outside contributions and to make it easier, all the code is hosted on GitHub.

To test the new contributions, bug fixes and support for new operating systems or tools, Sebastian and the team rely heavily on standardization and automation.

Maintaining code quality

In the Ansible world, there is a wide range of tools to test changes and ensure code quality.

Ansible Lint

“The first tool we use is Ansible Lint, a command-line tool for linting playbooks, roles and collections.” The tool aims to promote best practices, patterns, and behaviors while avoiding common pitfalls that easily lead to bugs or make code maintenance difficult. Ansible Lint can be run from the command line, but also integrates with most IDEs via the Language Server Protocol (LPS), providing features such as autocompletion and code hints directly in the IDE. LPSs are supported by IDEs like VSCode, IntelliJ, but also Neovim.

“I’m a fan of Neovim! So, when I open a file with Ansible code, the LSP automatically provides hints from ansible-lint to help me improve my code. It looks like this: When I write new Ansible code, the LSP helpfully auto-completes Ansible parameters and their values so I don’t have to guess which parameters are supported by the module,” says Sebastian.

Steampunk Spotter

Sebastian was one of the first people to test and use Spotter, our Ansible Playbook scanning tool that scans, analyzes, and provides recommendations for your playbooks to help you increase the reliablity and security of your automation. He quickly realized Spotter is a perfect addition to existing tools like Ansible Lint, since it provides special checks for more complex scenarios such as upgrading to newer Ansible versions.

“Spotter may not have as many rules as ansible-lint, but one thing I already love about Spotter is its handling of the dreaded Fully Qualified Collection Names (FQCNs). In the past you could write a file as the module name, nowadays you should use the FQCN ansible.builtin.file. When working with older codebases where FQCNs aren’t used, I could just ignore this rule. However, I prefer to fix things up and that is where Spotter shines. It provides an option to fix some errors and can replace legacy module-names with their FQCNs.”

According to Sebastian, one of the standout features is its ability to automatically fix certain problems and save time with convenience features, such as generating a requirements.yml file or referencing the module documentation of a specific version. Sebastian also appreciates Spotter’s ability to provide hints for best practices, such as setting the mode when using the file module.

Molecule

Once the code changes are complete or the contributed code looks good, it needs to be tested. This is where Molecule comes in, providing support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios.

“My playbooks and roles have to work on multiple operating systems. To test this, I use Molecule in combination with Docker. Molecule automatically starts containers with the operating systems I specify and executes my Ansible code in them. I do this on my local machine for at least one operating system. If the test succeeds, I push the code to GitHub where all other operating systems are automatically tested. I mainly use GitHub Actions for CI/CD pipelines. In this pipeline, Molecule gets executed for every supported operating system. This way testing locally and in the build pipeline uses the same tools.”

Other automation tools

Sebastian and his team don’t just rely on Ansible to verify that the code changes are correct. They use Chef Inspec, an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security, and policy requirements.

“We define the desired state of our automation in “baselines”, which are test cases that check if the server or application is configured the way we want it. These tests run after executing our Ansible code. Only when these tests pass, the changes will be accepted and merged.”

How does the release pipeline work?

Once the code is merged into master, it’s ready for release. This process is mostly automated using GitHub Actions and involves several steps, including the creation of a changelog based on the pull requests and their labels. A new release draft is then created in the GitHub repository, containing the changes. The release draft is published manually to ensure that only meaningful changes are included. After the release is published, another automation process is triggered to deploy the code to Ansible Galaxy.

Streamline your automation processes

A combination of the right tools simplifies Sebastian’s daily work and guarantees that his Ansible Playbooks are high-quality, secure, and reliable, resulting in streamlined automation processes he can trust.

Wondering what Spotter can do for you? Schedule a demo with one of our experts and discover how Spotter can take your workflow to the next level.


Družbena omrežja

Ostanite v stiku z nami.