Hi All,
Thanks for taking the time to read this.
I’m a developer within a pretty large research university. My unit has been using Ansible for about a year now and were the first team to do so on campus so we’ve already built up a substantial Git repo with playbooks, etc.
The organization as a whole is moving in to AWS and I’m being forced to justify to one of our architects why I think that our team should be allowed to have its own Ansible control server in AWS (really, by extension, why we should have just one for the entire organization). Here are my thoughts, but I’d really appreciate anyone else’s feedback… including if you think I’m totally wrong!
- A team/unit manages the full dev-ops cycle for a fleet of servers. Even if these servers share a data center with other machines, they are fully under the ownership of a given team.
- To use the ‘central’ control server would require extra coordination (merge Git repos, coordinating playbook runs) across team lines and the cost of having a separate control machine is minimal.
- Having a separate control server prevents accidental access/munging of a units servers by other teams (since separate control servers would not have SSH keys - or equivalent access methods - to other teams servers).
Any additional thoughts would be greatly appreciated!
Mike Dunn