Separating code and data
The real magic of infrastructure as code tools, such as Ansible, lies in its ability to separate data and code. In our example, the default.conf file is a configuration file that is specific to an Nginx web server. The configuration parameters, such as ports, users, paths, and so on, remain generic and constant at all times, no matter who installs and configures them. What is not constant are the values those parameters take. That's what is specific to our organization. So, for this, we would decide the following:
- Which port should Nginx run on?
- Which user should own the web server process?
- Where should the log files go?
- How many worker processes should be run?
Our organization-specific policies may also require us to pass different values to these parameters based on the environment or geography the hosts run in.
Ansible splits these in to two parts:
- The code that is generic
- The data that is specific to an organization
This has two advantages; one advantage is that...
