ansible central-authority automated runs
33 views
Skip to first unread message
Seth Vidal
Oct 9, 2012, 4:05:36 PM10/9/12
to ansible...@googlegroups.com
Hi,
I'm working on the mechanism and process I'm going to use for running
ansible, regularly from a central admin host against a bunch of diverse
hosts.
Here's the basic idea I've come up with - I'd like to know if anyone else
is doing something similar and/or might have any thoughts of better ways
to do this:
1. an ssh agent will exist with the common ssh key enabled in it - so we
can automate runs w/o needing someone to do them. The agent will have the
key added to it by someone who knows the key password and then left. If
the box reboots and the agent is missing an admin will be notified to fix
it. This is, ultimately, just like our disk-encrypted hosts needing a
password - so no difference to our infrastructure.
2. hosts will either have a host-specific playbook, with their tasks
included appropriately or they will be one host in a group which has a
group-specific playbook
3. every 6 hours all of the above will be executed (some in serial, some
in parallel)
4. Admins will be able to commit a 'runansible' file to the inventory for
any specific host or group. - a cron job running once an hour will check
for those files and run ansible on that host or group and then unset
'runansible' for that host and/or group.
All of our repos are managed in git so committing as above is not a
difficulty.
So my questions are:
a. is anyone else doing something similar?
b. I need to write some tools for traversing the inventory in this way -
is anyone interested in something like this?
c. can anyone see a problem with this plan, anything I've missed?
Thanks,
-sv
I'm working on the mechanism and process I'm going to use for running
ansible, regularly from a central admin host against a bunch of diverse
hosts.
Here's the basic idea I've come up with - I'd like to know if anyone else
is doing something similar and/or might have any thoughts of better ways
to do this:
1. an ssh agent will exist with the common ssh key enabled in it - so we
can automate runs w/o needing someone to do them. The agent will have the
key added to it by someone who knows the key password and then left. If
the box reboots and the agent is missing an admin will be notified to fix
it. This is, ultimately, just like our disk-encrypted hosts needing a
password - so no difference to our infrastructure.
2. hosts will either have a host-specific playbook, with their tasks
included appropriately or they will be one host in a group which has a
group-specific playbook
3. every 6 hours all of the above will be executed (some in serial, some
in parallel)
4. Admins will be able to commit a 'runansible' file to the inventory for
any specific host or group. - a cron job running once an hour will check
for those files and run ansible on that host or group and then unset
'runansible' for that host and/or group.
All of our repos are managed in git so committing as above is not a
difficulty.
So my questions are:
a. is anyone else doing something similar?
b. I need to write some tools for traversing the inventory in this way -
is anyone interested in something like this?
c. can anyone see a problem with this plan, anything I've missed?
Thanks,
-sv
Michael DeHaan
Oct 9, 2012, 4:52:48 PM10/9/12
to ansible...@googlegroups.com
This sounds /kind of/ similar to what I was suggesting about making
playbooks REST triggerable last night (ignorning the ideas behind
inventory and storage, maybe this is even a fleet of services with
their own REST APIs... hmmm).
There are lots of good ideas. I am wanting for a whiteboard.
--Michael
playbooks REST triggerable last night (ignorning the ideas behind
inventory and storage, maybe this is even a fleet of services with
their own REST APIs... hmmm).
There are lots of good ideas. I am wanting for a whiteboard.
--Michael
Reply all
Reply to author
Forward
0 new messages