Exploring Ansible-Lint Profiles: A Comprehensive Guide

Discover how to use Ansible-lint profiles to manage linting rules, ensure compliance with best practices, and enhance the quality of your Ansible automation scripts.

Introduction

Ansible is a powerful automation tool that simplifies configuration management, application deployment, and task automation. Ensuring the quality and consistency of Ansible content is crucial for effective automation. Ansible-lint is a popular linting tool that helps identify issues and enforce best practices in Ansible playbooks, roles, and collections. Ansible-lint introduces the concept of profiles to gradually increase rule strictness throughout the content lifecycle.

Understanding Ansible-Lint Profiles

Ansible-lint profiles provide a structured way to manage linting rules based on the desired level of strictness. As your Ansible content evolves, you can apply different profiles to catch potential issues early in development and ensure compliance with best practices. Let's explore the available profiles and their purposes:

1. Min Profile

The min profile serves as the foundation, ensuring Ansible can load content without fatal errors. Rules in this profile are mandatory and include:

internal-error: Prevent internal errors.

load-failure: Ensure content can be loaded.

parser-error: Identify parsing errors.

syntax-check: Verify syntax correctness.

Developers can customize the profile by excluding specific files or providing dependencies to load the correct files.

2. Basic Profile

Building upon the min profile, the basic profile addresses common coding issues and enforces standard styles and formatting. Key rules in this profile include:

command-instead-of-module: Detect the use of command instead of module.

deprecated-bare-vars: Identify deprecated bare variables.

key-order: Enforce key order.

no-tabs: Prevent the use of tabs.

3. Moderate Profile

The moderate profile focuses on improving code readability and maintainability. It extends the basic profile with rules such as:

name[template]: Enforce template naming conventions.

name[casing]: Ensure consistent naming conventions.

jinja: Check for Jinja-related issues.

4. Safety Profile

The safety profile addresses non-determinant outcomes and security concerns. It extends the moderate profile with rules like:

avoid-implicit: Avoid implicit behaviors.

risky-file-permissions: Identify risky file permissions.

risky-shell-pipe: Detect risky shell pipe operations.

5. Shared Profile

The shared profile is designed for content creators who want to publish their Ansible content. It builds upon the safety profile and includes rules like:

galaxy: Ensure compliance with Galaxy best practices.

layout: Enforce a standardized directory layout.

meta-incorrect: Identify incorrect metadata.

6. Production Profile

The production profile sets the highest level of strictness, ensuring content meets the requirements for inclusion in Ansible Automation Platform (AAP). Rules include:

avoid-dot-notation: Discourage the use of dot notation.

sanity: Ensure overall code