Delegation of plays

[Tony Yarusso]

So, for both security and other management reasons, we have several (currently 12) separate "environments", firewalled off from each other, each with their own Ansible server.  That's fine for most things, but certain one-off tasks (eg. changing my password) are a pain, since I have to do it 12 times.  I'm wondering what the best way would be to execute a play on one machine and have all 12 Ansible servers run it against their respective inventories.  So far what I've come up with is I could create the playbook on the "master" machine, have a task using the copy module to send it out to the 12 environment deploy servers, then another task using the command module with delegate_to with a list of those servers to run ansible-playbook with it on each of them.  Is that the best route, or is there something more direct?

[Brian Coca]

it seems you should be able to still run directly by using each
ansible host as a jumphost. If not, ansible-pull might be a better
option here.


--
Brian Coca

[Tony Yarusso]

Sounds like we'll need to a) rework our inventory a bit, and b) wait
for v2.0 for that to work, but could be an option.

[Joanna Delaporte]

Hi Tony,

If I understand correctly, the issue is that the master server cannot connect to the inventoried hosts on each 'slave' host, and possibly is not aware they exist. In that case, it sounds like your solution is pretty solid.

Joanna