0

My apologies if this question has been asked before, but I may not be using the correct terminology in my searches...

In my spare time I'm managing a limited amount of hosts (desktops and laptops running Debian Stretch) with Ansible. My 'installer playbook' creates a single configuration on all those hosts with different hardware to make management much easier. I'm now manually running an updater role from time to time and every once in a while I find a useful tweak that I then deploy to those hosts that are online. But: some of them rarely come to the office, and if they are available for an update, it's always a hassle to determine which tweaks I still have to deploy on that machine...

Sure, I can:

  • write an epoch timestamp ({{ ansible_date_time.epoch }}) to a file on each host that can be retrieved and set as a fact
  • create a new task for each new tweak, adding a tag with the epoch timestamp and a conditional to check whether the epoch-fact > epoch-tag
  • update the epoch timestamp on the host after a successful playbook run

Is this how it should be done?

zenlord
  • 197
  • 1
  • 8

2 Answers2

3

if they are available for an update, it's always a hassle to determine which tweaks I still have to deploy on that machine...

That is not the way to use Ansible. Your playbooks should be written in a way that it doesn't matter if you have applied a configuration set before ("idempotence"). If they are, you just can apply the latest version of the playbook and your systems should end up in the correct state.

Sven
  • 97,248
  • 13
  • 177
  • 225
  • Hi, thank you for your answer. I know the concept, and I believe my tasks are idempotent, but if I have to run the entire playbook each time, it doesn't strike me as efficient... If this is the correct way to do it in Ansible, then ok. – zenlord Dec 23 '18 at 16:40
  • In daily operations, I often use the different selectors (tags, hosts etc.) Ansible offers, but for machines I don't see regularly, I would just apply the full playbook. – Sven Dec 23 '18 at 16:54
2

This might be a good use-case for ansible-pull. Hosts which are not permanent online could be configured to run ansible-pull when connected to the office network.

However that doesn't change the need to create idempotent playbook and roles. If the running time of a playbook is a issue there is the option to use stat module to set conditions to skip longer running tasks.

Selectors are a option here, but those require manual management. So it might be better to speed up the execution time of playbook itself.

Henrik Pingel
  • 8,676
  • 2
  • 24
  • 38