scy
#Ansible's decision to use Jinja in values only, and not render the YAML itself through Jinja (like Salt does) might make some things a bit more clean, but it also makes a _lot_ of things significantly more difficult. 😩
Mar 31, 2025 at 6:22pmWeb
Show threadscyMar 31, 2025

Hot take: Infrastructure as Code should mean actual _code_, not YAML.

Don't get me wrong: I'm one of the few people who actually like YAML. But trying to express actual _logic_ in YAML, like conditions, or value lookups, or loops, gets really messy really fast.

Just let me write my infrastructure in actual Python (or whatever). It can still be declarative, with all the state comparison and dependency resolving going on in the background.

But YAML is not the way.

Show threadscyApr 11, 2025

Wait, neither #pyinfra nor #BundleWrap run actual Python code on the remote hosts, right? They're apparently both basically just fancy wrappers for running shell commands, mainly via SSH.

In contrast, #Ansible _does_ run Python on the remote side. Which means that Python is required to be installed, but also means that you can do more sophisticated stuff than parsing CLI tool output. πŸ€”

Show threadFranziskaApr 11, 2025
@scy No. Atleast bundlewrap is designed to run on very minimal base images which probably don't have a lot of tooling installed.
Show threadjan-erikMar 31, 2025
@scy that's why I like https://pyinfra.com/, at least for some (small) things.
pyinfra - Fast Python Infrastructure Automation Tool

Fast, Python-based infrastructure automation. Deploy to SSH servers, Docker, and local machines. 10x faster than Ansible.

pyinfra
Show threadscyMar 31, 2025

@jer I will stop what I'm trying to build with Ansible right now and evaluate pyinfra.

Thanks for the suggestion!

Show threadjan-erikMar 31, 2025
@scy note that I've been running 2.x, which had its own oddities due to how it analyzes the Python code.
3.x changed some of that, so double-check the docs!
Show threadMarco "Ocramius" PivettaMar 31, 2025
@scy similar opinion, but also, please no Turing completeness :D
Show threadrwdfMar 31, 2025

@scy Yoke* might be for you, then.

*) https://yokecd.github.io/docs/

Show threadscyMar 31, 2025
@rwdf Except I'm not using k8s, but thanks anyway :)
Show threadJulianMar 31, 2025
@scy I mean there is nix, but you can't use it as widely as Ansible...
Show threadFranziskaMar 31, 2025
@scy may i talk to you about our lord and saviour, https://docs.bundlewrap.org/?
BundleWrap

None

Show threadscyApr 9, 2025

@kunsi Have you also tried pyinfra? It seems to be more popular than BundleWrap.

If you have some experience with both, I'd be very interested in your opinion on the pros and cons of both.

(Feel free to switch to German if you like.)

Show threadFranziskaApr 11, 2025

@scy No, never heard of pyinfra before. Since i'm a maintainer for bundlewrap, chances are low i'd switch over.

(Also, we use bundlewrap at work, so having common knowledge and being able to copy bundles over is nice)

Show threadscyApr 11, 2025

@kunsi Oh, I didn't know you're a maintainer!

Well, I'm currently comparing the two and I'm still undecided.

The way it seems to me, compared to pyinfra, BundleWrap
β€’ only works via SSH (pyinfra has "connectors" for Docker, chroot, local, etc.)
β€’ requires passwordless sudo
β€’ relies more on plain dicts instead of classes
β€’ allows more explicit dependencies between actions
β€’ does less magic
β€’ appears to be even more bare-bones
β€’ comes with helpers to compare desired and actual state

Show threadFranziskaApr 11, 2025
@scy I don't know what pyinfra supports, but your list seems about right.
Show threadscyApr 11, 2025

@kunsi Not gonna lie, I'm kinda turned off by pyinfra using an example like `"rm -f {0}".format(name)` without quoting anything.

https://docs.pyinfra.com/en/3.x/api/operations.html#example-managing-files

(At least they're quoting it in the actual project source code.)

Also, using one operation's output in another operation is implemented in kind of a strange way:

https://docs.pyinfra.com/en/3.x/api/operations.html#example-managing-files

But, how would I pass information from one item to another at runtime in BundleWrap at all? Is that supported? Would it even make sense?

Writing Operations β€” pyinfra documentation

Show threadFranziskaApr 11, 2025

@scy i don't think that is supported, since that would mean an itrm is dependent on another items output.

What's your specific usecase?

Show threadscyApr 11, 2025
@kunsi I β€¦ I'm not quite sure yet. I'll get back to you once I thought a bit more about this, I guess. Thanks!
Show threadTrolli Schmittlauch πŸ¦₯Mar 31, 2025
@scy $dayjob uses https://batou.readthedocs.io/en/stable/ to write deployments as components that fractally consist of other components. In python.
Similarly old as Ansible, less widespread, fewer documentation.
batou β€” batou 2.5.4 documentation

Show threadFionaApr 1, 2025

@scy agreed. I belong with the yaml hating kind though πŸ˜…

My impression has been that IaC not being code seems to lead to a lot of issues from missing out on tests and type checking.

It seems rare enough that checks against a schema and linting happen. In my mind this easily results in putting more importance on correct indentation than on working deployments.

Especially with json being valid yaml I don't get why not more of it is done by executing scripts instead of running helm and the like.

Show threadericApr 2, 2025
@scy maybe Pulumi is what you’re looking for?
https://www.pulumi.com/
Infrastructure as Code Platform with Agentic AI – Pulumi

Pulumi is an infrastructure management platform to automate through infrastructure as code, secure with secrets management, and manage infrastructure with AI.

pulumi
Show threadderaffeMar 31, 2025
@scy At some point I found that a custom (filter/test/task) module shipped with the roles was often more maintainable than the Jinja hacks.
But it's a fine line and not easy to decide until you've already invested considerable time into a different solution.
Show threadHannes DeekenApr 1, 2025
@scy Does Ansible support multiple renderers like Salt does? I.e. you could write your salt states directly in Python πŸ˜‰