Hi,
I'm working on the mechanism and process I'm going to use for running ansible, regularly from a central admin host against a bunch of diverse hosts.
Here's the basic idea I've come up with - I'd like to know if anyone else is doing something similar and/or might have any thoughts of better ways to do this:
1. an ssh agent will exist with the common ssh key enabled in it - so we can automate runs w/o needing someone to do them. The agent will have the key added to it by someone who knows the key password and then left. If the box reboots and the agent is missing an admin will be notified to fix it. This is, ultimately, just like our disk-encrypted hosts needing a password - so no difference to our infrastructure.
2. hosts will either have a host-specific playbook, with their tasks included appropriately or they will be one host in a group which has a group-specific playbook
3. every 6 hours all of the above will be executed (some in serial, some in parallel)
4. Admins will be able to commit a 'runansible' file to the inventory for any specific host or group. - a cron job running once an hour will check for those files and run ansible on that host or group and then unset 'runansible' for that host and/or group.
All of our repos are managed in git so committing as above is not a difficulty.
So my questions are:
a. is anyone else doing something similar?
b. I need to write some tools for traversing the inventory in this way - is anyone interested in something like this?
c. can anyone see a problem with this plan, anything I've missed?
Thanks,
-sv