Hello all,
I’m looking for some advice on “selling” Ansible to my boss, and I figured this would be a good place to bring this up.
I’m currently working at an MSP and would like to implement Ansible to help with system preps. Particularly for workstations prior to their deployment onsite. I think it could help with firewall (Sophos) and Cisco switch preps in much the same way through SSH access to them from the control system.
We’re running ConnectWise Automate currently, so the ability is already there to run PowerShell scripts on client systems that we push out, I’m just also looking to implement Ansible in house to help with some of our prep processes. ConnectWise can help with this but I find it a bit slow to develop / test scripts on.
Currently we have a PowerShell script we’ll run on systems where Techs are prompted for input along the way and the prep of the system changes depending on their input.
The problem I have with this particular script at the moment is it doesn’t scale well to doing multiple systems at once (although we can work around this and implement it with our ConnectWise solution to prep systems in bulk). It’s also a gigantic single script. Now, I can break it down into a more manageable module-type solution, but I’ve also recently begun learning Ansible and have converted about 90% of our workstation prep process to Ansible playbooks. I’m really happy with how it works too. Basically I have it reading a CSV file containing IPs of the systems its to prep, and from there it connects and does our entire prep process across multiple systems at once.
I brought up the idea of implementing this inhouse and my boss agreed I could take some time to put together a bit of a presentation to “sell” him on it, but he does have a few concerns he’d like me to look into:
Playbook Upkeep / Maintenance
This question I’d direct to those that have worked with Ansible for a few years, and I really do see his point in this: As you’ve developed scripts / begun to rely on them, how much have you had to go back and rework old scripts due to them no longer being compatible as Ansible itself is updated?
My boss’s concern here is that, say while now we can use something like the win_updates module to do our Windows updates for us during the prep, there’s no guarantee on how long this functionality will last as Ansible is updated or the Windows environment changes over time.
He’s basically concerned that we’ll run into a lot of issues of scripts / modules becoming obsolete because we’ve recently updated Ansible, or there’s a Windows Update that has come out that breaks some functionality of our scripts somewhere, and that we’re going to be spending a lot of time reworking playbooks and worrying about our Ansible versioning in terms of those playbooks as well over time.
I think there would be a little bit of this over time, sure, but I’m not sure how often something like this might come up, so it would be great if anyone can speak to their experiences on this end
Not Enough Who Know Ansible
I would essentially be the “Ansible guy”, and without me, the system itself would become useless to them. Personally, I’m ok with that, but that can be a bit selfish as well. I could make sure my documentation here is on point, but he’s right.
There’s a greater chance some of the others would have an easier time with PowerShell rather than something they haven’t really heard of, but at the same time, one of Ansible’s advantages is the readability of its playbooks. They’re pretty simple to look at and know what’s going on.
I’ve found the syntax to be a bit unforgivable, but for the most part that’s my own fault for jumping in and writing playbooks before reading too much about it first, but currently we don’t really have anyone with an interest other than myself in these areas so it would indeed be on me to manage this.
It Provides A Limited Service For Us
Yes, it provides system preps inhouse for us, but there are many times we need to prep onsite as well in client environments. It may solve the problem of inhouse preps, but outside of that it doesn’t really solve the problem of prepping systems onsite. I don’t think we’re about to NAT an Ansible control system through all our client firewalls either, and launching a control system in each environment seems like a manageability nightmare as well.
In this case, for my boss it’s another plus to just use our ConnectWise solution and push out PowerShell scripts to systems.
He’s not dismissing Ansible outright, just would like me to look into a few things, particularly the first section mentioned above. We have ConnectWise Automate, and can leverage that to help with system preps, but he could maybe see implementing Ansible for a part of our prep process, just not the entirety of it. He’s concerned with the time investment required to implement it and upkeep it vs. what we’ll actually end up getting out of it.
Again, he’s willing to let me put together something to show him. I’m going to finish what I’m working on already and make a short video of it in action / come up with some points about Ansible to bring up. I’d like to have some decent points to bring in addressing the above, but also some further advantages to using it.