Hi all,
I have two questions related to Ansible (I just learn a bit about it):
How do you compare a status of a deployed system with the "latest standard"
and upgrade when needed?
E.g. you have a line added for Ciphers in ssh.config and have to make sure
all already deployed systems have this check applied.
Even if there are local changes in this config (let's say, for the sake of
demonstration, every VM has the IP Address somewhere mentioned in this
config) so it is more than just a simple diff between standard and config
on a deployed system.
In "my former life" I used a very much Ansible-like approach for FreeBSD
systems (templates, well-defined package lists, configuration scripts for
deployed packages, and access via ssh) But it all was done via shell
scripts.
I used svn to update configurations(svn mainly because it is part of the
FreeBSD base system). If there were no local changes, the config would be a
symlink to the svn version, otherwise I would have a script which would
write the local config from a template (which may have a ${IP} in it, e.g.)
The check would be done via svn revision number.
Puppet has the ability to detect necessary changes but it is running a
local agent.
I cannot find the "Ansible way" of doing this.
[But, actually, I tend more and more to "throw away" containers when
upgrading. Installing a new version side by side and then replace the old
with the new container.]
Second, has Ansible a way of replacing ssh by something else (e.g. to
access a FreeBSD jail from the host system via jexec)?
Regards
Peter
_______________________________________________
luv-main mailing list
[email protected]
https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
