Ansible Client Side

First, forgive me if my terminology is imprecise… I’m new to these tools.
Second, I work in a heavily regulated industry, and the limitations of the design are not my doing… I’m just stuck in them. While I really understand the urge, recommendations to alter this or that in our Enterprise design simply won’t be helpful.
Third, thanks in advance for your help.

I am on a team evaluating orchestration tools. We want automated, consistent builds and the ability to update, test and deploy new code. I’ve read a lot of good things about Ansible, and wanted to dig a bit deeper. My immediate concern is that it appears Ansible is strictly run with no client side agent, and all updates are pushed from the server. In my environment, this makes Ansible a non starter. All communication must be initiated by the client first. Our Firewall would drop any traffic that is not initiated by the client.

So, is Ansible just not a practical choice for me, or is there a client side agent/script that can be used to initiate updates from the server?

Thanks again.

You can install Ansible on your systems and run it in pull mode. Check the documentation for details.

​You have several options to get around that limitation, Ansible sells an enteprise product called Tower, which allows for callbacks from the clients and then is able to push changes to them.

Another option is using ansible-pull, you can install on each client and invoke it to pull the plays from a remote git repo and then update them locally.​

Thanks to all that replied. Looks like I have some more documentation to read.
Mike