What’s the best way to use Ansible to manage software updates where installer config files have the potential to overwrite the config settings you currently have in place? I’m trying to see if there’s a way for Ansible to apply software upgrades on all my *NIX machines but notify me when it runs into packages that require config file replacements so that I can take a look at the changes and see how best to apply my current settings to meet the new ones. Curious to see if anyone found an effective workaround to this problem.
Hi
The idea behind using Ansible is that you want to make sure a system
is configured the way you want it.
This works best if you use it to configure more (ideally, all) aspects
of a system.
Basically Ansible (or any other configuration management tool) is
designed to make sure you don't end up in the situation you're in.
That said, it can of course be used to bring existing systems closer
back to what you want, but as you already know hand crafted systems
can contain quite a lot of configuration drift.
You also seem to be looking for some sort of interactivity when
upgrading. What you describe is exactly how upgrades work in the
Debian based distros.
But really you should be looking at spending effort on ansible
playbooks that carefully set up configuration files the way you need
them.
If you do this right, it will cost you less work. Also you should
consider redeploying systems onto a new version of the base OS, rather
than upgrading them. IMHO upgrading an OS introduces a lot of subtle
configuration drift.
Dick
I’d say, just run your update. If you suspect a configuration file has changed, just run your original script that set up the configuration file. If it was changed, it will be changed back to your original configuration. If it was not changed, then nothing will happen.