Ansible is a widely-used Infrastructure-as-Code (IaC) lan- guage for managing the configuration of machines in a digital infrastructure. The reliability of configuration definition files, which Ansible calls “playbooks”, is of the upmost importance. However, Ansible employs semantics unlike those found in traditional programming languages, the unexpected behaviour of which could surprise developers. Next to forming a steep learning curve for newcomers, this semantics also hinders both manual and mechanical verification. In this presentation, we will show a number of potential pitfalls caused by a combination of unconventional semantic properties of Ansible variables and template expressions. The purpose of this talk is three-fold:

1. To spread awareness of the unconventional semantics of Ansible and possible pitfalls to practitioners.
2. To entice tool builders to work on code analysers and bug detectors related to these pitfalls.
3. To stimulate language designers to address these pitfalls with safer alternatives.