I’m pretty sure my understanding of ansible push mode is correct in that since you are pushing from a central location you have all facts available to you. Therefore, all those facts are inherently available to all nodes’ playbooks.
But what about if you use ansible in pull mode? It seems to me that since each node is running it’s own separate instance of ansible you inherently lose awareness of surrounding nodes and their facts. Is that true?
Thanks,
Jeremiah
That is mostly how pull seems to be intended to be used. But we have had the case in which someone cloned the full config, which ‘worked’. You have to carefully setup playbooks then or you can get unintended actions being run, either on other hosts or multiple times locally.
Brian Coca
Ansible pull does not contain the orchestration features of regular ansible.
If you are merely looking for speed and scaling, fireball mode is a
better choice.
Ansible-pull is a great choice for where you want periodic
host-initiated remediation or *extremely large scale*, though I
believe it would still be useful to write an extremely basic cron
script that periodically runs ansible across hosts in classic form.
Thanks Michael, that confirms my understanding then. I figured fireball would be your suggestion. Seems like the best way to maintain both speed as well as full features of ansible.
Your last suggestion “I believe it would still be useful to write an extremely basic cron script that periodically runs ansible across hosts in classic form”.
You mean running cron’d ansible on the central machine for central-initiated periodic remediation right? That makes sense to me also.
Thanks Michael, that confirms my understanding then. I figured fireball
would be your suggestion. Seems like the best way to maintain both speed as
well as full features of ansible.Your last suggestion "I believe it would still be useful to write an
extremely basic cron script that periodically runs ansible across hosts in
classic form".
You mean running cron'd ansible on the central machine for central-initiated
periodic remediation right? That makes sense to me also.
Yes.
Maybe there's a bit of a useful wrapper around that which we could
deliver with ansible, and maybe that cron is all that's needed.
(It should probably need to run under ssh-agent.)