In my experience, there are at least 3 types of users when it comes to Ansible:
1.) Users who execute playbooks.
2.) Users who write/modify playbooks for playbook executors.
3.) Users who write/modify Ansible roles for other playbook writers.
As users gain more experience, they generally move from 1 to 3. A variety of tradecraft best practices surround each of these 3 distinct types of users. Having a clear understanding of the "roles" and responsibilities of each user type helps make for a more effective Ansible ecosystem.
At the same time, writing a new role using playbook writing best practices can result in a frustrating experience with Ansible.
So to start: What sorts of competencys and tradecraft do you think should be demonstrated by someone who executes (already written) playbooks?
I'll post a few of my thoughts below.
There are likely others; these are just a few off the top of my head.
Sandra - I agree using roles is a competency - but I see this a competency if you are writing a new playbook. I was trying to draw out better practices in people who will only be running playbooks, and not able to edit or make changes to the playbook. Was hoping to see the creative and interesting ways people can utilize playbooks without having to make changes to a playbook itself.
You're right however- using roles, and finding roles, is a tradecraft in and of itself. There are definitely better practices regarding their use. Do you have any thing you'd like to share?
An example of tradecraft for a playbook executor: You are responsible for enabling access to all the machines for SSH. This can be done with arguments passed to the ansible commands, or by defining default behavior in the ansible.cfg, or by defining appropriate variables in group/host variables (and likely others).
What other things "best practices" are there for running playbooks? How, for example, do you handle sensitive variables (passwords) when running your playbook?
Another really interesting use of ansible-playbook is the use of the "--list-tags", "--skip-tags", "--tags", and "--limit" options.
THis allows the person running the playbook to skip certain tasks, only execute certain tasks, and to skip certain hosts during playbook execution.