We only use Ansible for some limited cluster-management, irregular maintenance tasks and low-level docker debugging and re-configuration on the individual servers, as we chose CoreOS (Fedora CoreOS) as our operating system and setup is done with an ignition-configuration. That is why we don't need to have a playbook for setting up servers or individual services. The servers boot up, completely initialized and ready to use.
Setting up a personal website, consisting of statically generated html files.
OpenBSD @httpd Hugo Ansible
Rely on the simplicity and security record of OpenBSD to keep my deployments easy to manage and run. Ansible playbooks for easily provisioning copies of the same setup. Using the httpd daemon provided by OpenBSD as it's full featured and included in the base operating system. Hugo creates static html based on markdown files that live in my home directory, and they are copied up to the server using scp.
We use both these tools and are relatively new to them. We have a few questions:
- With Terraform, how are you handling changes done outside of Terraform in the Infrastructure?
- Are there any limitations or features that we miss in Ansible that Terraform can do? What are those?
By policy, don't make changes outside of Terraform. This will slow you down a little to start with, but developing the culture of infrastructure via terraform pushes is part of what makes IaC successful. Obviously you should maintain break-glass capability, but doing all changes via Terraform will get you what you want.
Its much better to think of them as two tools that complement each other. In Void Linux we use terraform for setting up resources on clouds and setting up SDN links between them. Provisioning hosts on the other hand is best left to a tool that is designed for that, and Ansible is a good tool for this. There are certainly points where I would rather have a single tool to rule them all, but I suspect in that case it wouldn't do either task particularly well.
If you absolutely had to pick one tool to do both use cases, I'd go with Terraform and have it invoke an ansible-like provisioning process.
While Ansible CAN do the stuff terraform does, it cant do it very well. But thats not its primary purpose. Ansible is for configuration management, but can do some orchestration, terraform is all about orchestration. Use the right tool for the job. Re changes outside of terraform, there should be none. Set up reporting to highlight these resources and highlight the need & advantages for using terraform to stake holders.
We have a lot of operations running using Rundeck (including deployments) and we also have various roles created in Ansible for infrastructure creation, which we execute using Rundeck. Rundeck we are using a community edition. Since we are already using Rundeck for executing the Ansible role, need an advice. What difference will it make if we replace Rundeck with Ansible Tower? Advantages and Disadvantages? We are using Jenkins to call Rundeck Job, same will be used for Ansible Tower if we replace Rundeck.
What about using Ansible w/CodeBuild and an assume role if there are multiple AWS accounts? Or having Jenkins jobs that run the Ansible playbook / roles you need?