DevOps Asked by Amit Yadav on January 10, 2021
I understand how Ansible works and what it is used for.
However, I was wondering if there is a way or feature (in open-source or enterprise edition) in Ansible using which, we can make sure that the configuration of a VM instance or server is always in sync with Ansible?
For example:
I used Ansible to install a few things (like MySQL server, spin up some docker containers etc.) on a Google Compute Instance. Now after some time I manually SSH into this VM and stop the docker container created by Ansible. Can Ansible be notified of this in order to create the container again?
So if Ansible sets configuration of a VM in state A and another user manually changes the state to state B, is there a way that Ansible can be notified of this change and runs the playbooks again to set the configuration back to state A?
The simple answer is "yes" you can use Ansible for monitoring configuration, but you will have to do some extra work. As Vasily stated in their answer, Ansible does not have a built in triggering mechanism, so you need something to trigger the convergence of state. This can be done in several ways, the easiest being probably ansible-pull
. As the docs state, ansible-pull
... inverts the default push architecture of ansible into a pull architecture, which has near-limitless scaling potential. The setup playbook can be tuned to change the cron frequency, logging locations, and parameters to ansible-pull. This is useful both for extreme scale-out as well as periodic remediation.
emphasis added.
Ansible is idempotent, so it does know about the state of target machines, contrary to what Vasily's answer states - it just doesn't persist it in the same way as Terraform does.
Your real problem does not sound like the question you are posing ("Can Ansible be used to ensure the state of a machine?"), but rather "how can I detect configuration drift and trigger a remediation?"
If you think of this as a monitoring problem, you can reframe the question as "how should I monitor my services in production?". Monitoring implies alarms on changes in state, which trigger actions to remediate. In your case, you would define an alarm on the health check of the service, when that is triggered, execute the playbook which converges to the desired state.
Since you have already invested time in writing the Ansible playbook, it would make sense to re-use it. The simplest would be to use that same playbook to invoke a cron which runs ansible-pull
every 5 minutes or so, depending on your particular case.
Correct answer by Bruce Becker on January 10, 2021
Ansible is not state manager like Terraform but just automation tool. I think the only way to keep state A configuration is run ansible in cron. I saw such use case with chef automation tool.
Answered by Vasiliy Shakhunov on January 10, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP