idempotency in 11 and fix submodule

hjwp · hjwp · commit a0ea1ce77e7f · 2024-02-28T21:45:03.000Z
diff --git a/chapter_11_ansible.asciidoc b/chapter_11_ansible.asciidoc
@@ -541,8 +541,9 @@ This means we don't have a dependency on having run `docker build` locally.
         source: build
         state: present
         build:
-          path: ../Dockerfile
+          path: ..
           platform: linux/amd64  # <1>
+        force_source: true
       delegate_to: 127.0.0.1
 
     - name: Export container image locally
@@ -668,17 +669,37 @@ And here's how we use it in the provisioning script:
     but I'm renaming it for clarity.
 
 
-.Idempotency
-*******************************************************************************
-* TODO: explain idempotency
-
-*******************************************************************************
-
 NOTE: Using an env file to store secrets is definitely better than committing
     it to version control, but it's maybe not the state of the art either.
     TODO: mention other secret management tools. vault
 
 
+.Idempotency and Declarative Configuration
+*******************************************************************************
+
+Infrastucture-as-code tools like Ansible aim to be "declarative",
+meaning that, as much as possible, you specify the desired state that you want,
+rather than specifying a series of steps to get there.
+
+This concept goes along with the idea of "idempotency",
+which means that you get the same result when you run something once,
+as when you run it multiple times.
+
+An example is the `apt` module that we used to install docker.
+It doesn't crash if docker is already installed, and in fact,
+Ansible is smart enough to check first before trying to install anything.
+
+There is some subtlety here, for example, our templated env file
+will only be writen once, so the step is idempotent in the sense
+that it doesn't overwrite the file with a new random secret key every time you run it.
+But that does come with the downside that you can't easily add new variables to the file.
+
+Probably a more sophisticated solution involving separate files for the secret
+and other parts of the config would be better,
+but I wanted to keep this (already long) chapter as simple as possible.
+
+*******************************************************************************
+
 
 ==== More debugging
 
diff --git a/source/chapter_11_ansible/superlists b/source/chapter_11_ansible/superlists
@@ -1 +1 @@
-Subproject commit a4bdebabd3b66c03cb8ac6a3c4764c4d38aa2b72
+Subproject commit ef3ca68d667533f2d6d9ae23e378f4b4b44679f2
