From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Thompson, David" <dthompson2@worcester.edu>
Subject: Re: Ansible and GuixOps questions
Date: Thu, 19 Dec 2019 16:13:18 -0500
Message-ID: <CAJ=RwfYEKNHNRrqTGT4pvhLoBqbiAOLPvDcWTiYLT2Up+ALzGw@mail.gmail.com>
References: <ZUFSga_zeFw9Ocgn20Jof32QGv0ZmgmgvGyJ6Nb39o9K9CL-1o_fEghS9fdkpvao7qC7KysCgW6ZrcbG_NTfuNANrL_-MVRrFJpNYzX0wwg=@protonmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:38039)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <dthompson2@worcester.edu>) id 1ii36y-00010T-M0
 for guix-devel@gnu.org; Thu, 19 Dec 2019 16:13:34 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <dthompson2@worcester.edu>) id 1ii36x-0007ng-3q
 for guix-devel@gnu.org; Thu, 19 Dec 2019 16:13:32 -0500
Received: from mail-vs1-xe2a.google.com ([2607:f8b0:4864:20::e2a]:41259)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <dthompson2@worcester.edu>)
 id 1ii36w-0007g3-Gt
 for guix-devel@gnu.org; Thu, 19 Dec 2019 16:13:30 -0500
Received: by mail-vs1-xe2a.google.com with SMTP id f8so4679878vsq.8
 for <guix-devel@gnu.org>; Thu, 19 Dec 2019 13:13:29 -0800 (PST)
In-Reply-To: <ZUFSga_zeFw9Ocgn20Jof32QGv0ZmgmgvGyJ6Nb39o9K9CL-1o_fEghS9fdkpvao7qC7KysCgW6ZrcbG_NTfuNANrL_-MVRrFJpNYzX0wwg=@protonmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: rchar01 <rchar01@protonmail.com>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>

Hello Robert,

On Mon, Dec 16, 2019 at 6:57 AM rchar01 <rchar01@protonmail.com> wrote:
>
> Probably many admins / DevOps are heavily using Ansible. I also use this solution to configure systems and services (on Debian and CentOS).
> I would like to transfer infrastructure to the Guix System and some questions arose:
>
> - is there any way to combine Ansible and GuixOps?

In short, no.  I'm assuming that "GuixOps" means 'guix deploy', which
is its own special tool that would take the place of Ansible if you
choose to use it.

> - is there any way to continue using Ansible to configure Guix (some in guile script and some in ansible)?

In the past I've used Chef (very similar to Ansible) to install Guix
on Ubuntu machines.  You could do the same with Ansible.  If you wish
to deploy systems running Guix System proper, I think that's possible,
too, but you'd have to do some work on your own.  You would have to
build yourself a base image of a barebones Guix system and run your
Ansible scripts from that base.  I imagine that Ansible would be
little more than a thin layer for running 'guix system reconfigure
system.scm' on a remote machine at that point.

> - would it be possible to generate a guile script (for GuixOps) from Ansible?

Sorry, I don't quite understand this.  Maybe?

> - would it be possible to change the Ansible to talk to the Guix (or GuixOps) system?

Need more clarity here as well.  Seems like a duplicate of your second
question??

> Rewriting to Guile (Guix config files):
> * Against:
> ** time consuming
> ** may require new skills
> ** only for Guix, Ansible can configure other GNU / Linux systems

If you're already using Ansible for everything, then yes it would be a
hard sell to switch to something Guix specific, but Guix tools offer
features that no mainstream tools could ever hope to offer.  As I said
earlier, though, you could make a Guix + Ansible mix work if you want.

> * What might the benefits be?

One of the big benefits is getting to use the Guix tooling and
libraries for system deployment in addition to packaging and system
configuration which many people already use.  For people who are used
to Guix, it's relatively easy to use 'guix deploy' whereas it would be
very difficult to use something else.  Another reason is that Ansible
is, frankly, not a very good tool from our point of view.  Ansible's
model is "start from a base image and mutate it into the system you
want."  If you're into reproducibility, this isn't great.  How was the
base image created?  Will running the same Ansible scripts a day from
now produce the exact same image, bit for bit?  Almost certainly not.
Ansible is already mostly redundant with 'guix system' because that
tool takes care of all the configuration management chores.  What is
*not* covered by 'guix system' is remote system management, thus 'guix
deploy' was created. It takes things further by helping you deploy the
same system configurations you use with 'guix system' to many remote
systems.  'guix deploy' is still very new and doesn't have a lot of
features, but it's built on the right foundation to avoid the big
issues with mainstream devops tools.

Hope this helps,

- Dave