Thanks! Some of those are somewhat embarrassing, especially for something that's meant to be software used in secure environments. Why does a client need to specify an interpreter to run on the master host? Or changing the template brackets to escape quoting? I'm also thinking that maybe Python might be a bit too dynamic – allowing anything by design – bringing its own share of problems to developing security-conscious software.
> Why does a client need to specify an interpreter to run on the master host?
Some system have Python installed in a rather uncommon location. For example, Python is not part of FreeBSD base system, so Python is installed at /usr/local/bin/python instead of the expected /usr/bin/python, or Arch has Python 2 installed at /usr/bin/python2 rather than /usr/bin/python.
Note that Ansible doesn't require itself to be installed on the remote host (and IMHO is one of its biggest selling point) and execute tasks by sending a packed version of a task to the remote host and execute it using `ansible_python_interpreter` (e.g. `/usr/bin/python /tmp/ansible-tmp-a43bf412.py`)
Even if you don't have to install a client you have at least to authorize a ssh key and somehow express your intent to add an ansible client.. When in the case of some other solution the installation amounts to one package to deploy (with no dependency) and one command line to issue, installation is a false problem..
actually, the 'controller' specifies the interpreter to be used at the client, there can be more than 1 and the '1st one in path' is not always the correct one.
Imagine you're in a large enterprise environment, and need to deploy something to lots of different servers that were created by lots of different people (your company bought 3 others and each used different software/linux versions/servers). Some have python in the path, some have different pythons in the path, etc. You can't immediately throw away all these servers and rebuild them - some probably have 10 year old bits of software on them where the original author has moved away. Ansible might be one of the tools you use to start fixing this chaotic situation, and having per-host configurations for things like python path is essential.
Python is not just a single executable. It takes a little more work than one would want. And for what gain? Would you be fine with other software also requiring a custom interpreter to function? It gets cumbersome.
because it uses existing interpreters on the target host, fixed locations only happen in a homogeneous environment. Most IT shops commonly have to deal different OS/Distrbutions/Versions so the same way you cannot have just 1 tshirt size for everyone you cannot have 1 interpreter path.
I'm saying 'interpreter' instead of Python because you can create modules in any language, Ansible only ships with Python ones, but Perl, Ruby, etc modules exist also and usable by Ansible.
