[PLUG] Ansible for updating in the field

JP Vossen on 25 Jun 2016 11:39:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Ansible for updating in the field

From: JP Vossen <jp@jpsdomain.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Ansible for updating in the field
Date: Sat, 25 Jun 2016 14:39:51 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2

Goal:

I have 500+ CentOS-5 and 6 servers to manage in the field and I need tofind the best Ansible way to maintain and update about 120 customscripts and configs, but also a few binary library files.



Background:
I have SSH connectivity as a non-root user who does have `sudo` access.

By my design, all my 120+ files can be arbitrarily overwritten, anyspecial snowflakes are handled via *.local files that are per-device andonly ever touched manually. (The nodes are mostly cattle, not pets, butthere are some "special" ones.)

I already have a `setup.sh` that can install missing RPMs, createsymlinks, fix permissions/owner, etc. It is idempotent and designed tobe run any time just for the hell of it to make sure stuff is correct.There were Good Reasons to start that way instead of Ansible fromscratch, but now I'm torn. The tier1/tier2 folks working on thesedevices will not have Ansible access, nor do they have strong Linuxskills, so having a local "just make it right" script is very handy.OTOH, it duplicates the hell out of Ansible's domain.

All the code is in a tree in Subversion (don't ask) and the way we'vedeployed up to now is rsync from a sandbox or a tarball from an export,depending on some connectivity details, plus `setup.sh` either way.Again, there are Good reasons for that, but it's not sustainable orscalable for in-life management; Ansible is.



Problem:
I can think of two basic ways to handle on-going updates via Ansible:

1) Use Ansible rsync to upload the tree, with a handler of the existing`setup.sh` script. This is simple, but blunt force. It's also probablyfast to get working since it's just Ansiblizing what we do now.

2) List every single file, where it goes, owner, perms, etc. This istedious, but surgical and would certainly involve double-entry with the`setup.sh` script, until/unless I can do away with that.

It feels like #2 is more "correct" but #1 is faster to develop and abetter fit with current practice, though I control practice and canslowly change or evolve it as needed.


Am I missing any better ways?  Am I over-thinking this?

Thoughts and clues?

Thanks,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Ansible for updating in the field
  - From: brent timothy saner <brent.saner@gmail.com>

Prev by Date: [PLUG] OT: Amateur Radio Field Day Weekend This Saturday June 25th 2PM
Next by Date: Re: [PLUG] Ansible for updating in the field
Previous by thread: [PLUG] OT: Amateur Radio Field Day Weekend This Saturday June 25th 2PM
Next by thread: Re: [PLUG] Ansible for updating in the field
Index(es):
- Date
- Thread