[ale] Thank you guys

Kyle Brieden kyle at txmoose.com
Wed Apr 19 10:17:38 EDT 2017 

Chuck - Thanks for the presentation! I really enjoy seeing how other 
orgs work.  I've used Ansible at two different orgs, and it's been very 
different beasts at both.  Looks like you use it the way I feel it was 
meant to be used.

To James' point, my current org does use it from a central server so as 
to have as few "keys to the kingdom" as necessary floating around.  It 
SSH's as root from a centrally managed server, using that server's root 
keys.  On top of that, everyone is expected (and I guess instructed) to 
work on new playbooks in their home dir, then, when the playbook is 
ready, drop it into the central location for "safe" books for group use. 
  My last job, however, maintained a much different workflow.

We had a central "Config Management (CM)" box.  That box did many 
things, automated tasks, cron jobs, etc... and we were able to use it 
for one-off jobs and such across the farm, as well.  We could also have 
Ansible on our local machine and still operate against the farm if we 
needed.  We used LDAP for central auth with our own pubkey stored in an 
LDAP object.  Those of us on the engineering and operations teams had 
full sudo privileges, so we could have Ansible reach out from our local 
machine as our user and then sudo up.  With this, we had a central 
"repository" for the "hey, that's a really useful playbook, would you 
mind sharing it with me?" books, but everyone kinda had their own stock 
of one-off, audit, "this job" kind of playbooks.


tl;dr - Ansible is an interesting tool that can be used for large scale 
orchestration or simply large scale administration.

---
Very respectfully,
Kyle Brieden

On 19-04-2017 09:37, James Sumners wrote:
> On Wed, Apr 19, 2017 at 9:10 AM, Raj Wurttemberg <rajaw at c64.us> wrote:
> 
>> I use Ansible in a multi-tenant VMware architecture to..
>> 
>> - Trigger RHEL patching
>> 
>> - Update .conf files
>> 
>> - Take inventory
>> 
>> - Validate configuration
>> 
>> I used to use Ansible to help me configure VMs storage after
>> deployment but I discovered that VMware can execute commands on VMs
>> natively (Invoke-VMScript) and faster that I could do it with
>> Ansible.
> 
> Yeah, that's a good list of stuff it is meant to do. I was speaking
> about setup and organization. Chuck's company seems to use a central
> server where multiple people work within a single "project" that has
> multiple playbooks. Whereas I currently have 60 projects in my GitLab
> Ansible group (https://db.tt/7VZAYCHanN). These projects range from
> base OS standardization playbooks to playbooks for specific
> application deployments to roles used by the others. But I'm the lone
> Linux admin where I work, so I make up all of my own rules and
> practices. It's interesting to me to see how other institutions
> accomplish the same things that I do.
> 
> --
> James Sumners
> http://james.sumners.info/ (technical profile)
> http://jrfom.com/ (personal site)
> http://haplo.bandcamp.com/ (music)
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x89C9D831.asc
Type: application/pgp-keys
Size: 3071 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20170419/403b2b5f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20170419/403b2b5f/attachment.sig>

More information about the Ale mailing list