Coding Guidelines

Reserved Words

The following variable names will conflict with Ansible internals, when used as role variables. I found no trace or mention of these in the docs, this only comes from experience. Sometimes Ansible throws an error when used, other times it silently overrides the value with its own. Avoid them.

• except
• update

Shell Commands

Specify the command as an argument instead of inline.

Have spaces around pipes.

• Bad:

- name: Check if release upgrader is installed
  shell: apt list --installed|grep ubuntu-release-upgrader-core

• Good:

- name: Check if release upgrader is installed
  shell:
    cmd: apt list --installed | grep ubuntu-release-upgrader-core

Ignoring Failures

Use failed_when instead of ignore_errors.

• Bad:

  ignore_errors: false

• Good:

  failed_when: false

Booleans

Use true and false instead of yes and no. Also don't capitalize them.

• Bad:

  failed_when: no

  failed_when: False

• Good:

  failed_when: false

File Mode

Use explicit leading zero and enclose in apostrophes.

• Bad:

mode: 644

mode: 0644

• Good:

mode: '0644'

OS Detection

Only DNF-based EL distros are supported.
Don't rely on distro name, to maximize possible compatibility.
Don't use package manager either, because it may be yum or dnf. Even among DNF-based distros, it's dnf for Fedora 40 or older, and dnf5 for 41 and up.
Use OS family unless absolutely necessary. One example is when the package / repo names differ between Fedora and Rocky.

• Bad:

when: ansible_distribution == 'Ubuntu'

when: (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat')

when: ansible_pkg_mgr == 'dnf'

when: ansible_pkg_mgr == 'apt'

• Good:

when: ansible_os_family == 'RedHat'

when: ansible_os_family == 'Debian'

Loops

Use loop instead of with_items.

• Bad

  with_items:
    - item1
    - item2

• Good

  loop:
    - item1
    - item2