This email is about some really nice work done by Stephen Fromm. You should be TREMENDOUSLY excited about his work here, because it means Ansible now scales like a fish, and supports some pretty amazing self-remediation features, all while maintaining the same daemonless-only, SSH-only properties that has got it 250+ github followers in just 2 months. While no other config system on the planet can do this that easily, folks. I think this is definitely one of the most interesting features we've had in a long time.
So… details:
So first off, push mode is very capable. This is not a retraction from the idea that there are many reasons to be able to push. Push mode means you can do very detailed multi-node deployment ops where you can do THIS on that machine, hop over there and do THAT, and hop back and do THAT back over there. I designed Ansible for deploying multi-tier web applications, more or less. This is where pull based tools typically break down. This is why pull based tools need a push component to back them up -- often, you need to do stuff NOW and can't wait. Push remains good for now, and good for inter-machine ordering.
But assume you don't have multi-tier deployment problems so much, but instead have 10,000 systems where you must make sure they stay configured in a certain way. SSHing to them doesn't work, but it would be GREAT to bootstrap them over SSH when they are new. You may also want to periodically assure the configuration of those systems without tapping them on the shoulder, and you have too many now to do that. Ansible normally would have been fine for when rolling them out, but now doesn't fit that level of scale. No longer!
This introduces how to use Ansible in PULL based mode, taking advantage of our git module and local connection support.
Most pull based systems have suckage in that they run expensive daemons that occasionally chew up hundreds of MB of RAM, fall over, or require their own network and security systems. We don't.
This idea is not new, I owe Stephen Nelson Smith some credit for the original post that inspired this:
http://bitfieldconsulting.com/scaling-puppet-with-distributed-version-control
Although here we've upgraded things in unique ways for Ansible -- Ansible can install Ansible!
See relevant details here:
https://github.com/ansible/ansible/blob/devel/examples/playbooks/ansible_pull.yml
https://github.com/ansible/ansible/blob/devel/bin/ansible-pull
So basically, to summarize, you run the ansible_pull playbook to set up ansible on each NODE to periodically do a git checkout of a particular public repo.
Most likely you will host this yourself and make it available over git:// or http:// protocols.
Cron runs ansible every (configurable) number of minutes, and runs the latest in the git repo (by tag).
I imagine some logging improvements are very much due for this, and there are also ways people will want to upgrade it (I have heard at least one request for NFS support vs git -- I definitely prefer git but can see it -- et's get a mount module first and then do it), but please help test and let us know what you think. And if anybody says Ansible won't scale, you know have a very good example of how it can!
--Michael