I really like the push aspect of Ansible for those times when a change needs to happen immediately. I would like to also ensure compliance across system without having to manually push all the time. What are others doing for this scenario? ansible-pull looks interesting and I’ll be investigating it, but it seems on the surface that you’d end up maintaining a large number of .yml playbooks. I could also run ansible-playbook on a cron on a “master” server.
Any thoughts on how others have approached this? Is this why some are still using puppet or chef in addition to Ansible?
For ansible-pull, the file can be named local.yml or localhost.yml
which does not represent the targeted hosts, that is in the - hosts:
clause of each play (which ansible-pull will limit to the current host
by matching 'localhost' or the 'fqdn'.
This allows you to have a single file and then run it against all
hosts, which will run the plays into which the host matches
name/groups as defined in inventory.