ARA and central mgmt node
ARA and central mgmt node¶
sysadmins having ssh/sudo rights on servers can trigger themselves remotely ad-hoc or role tasks through ansible from their main station, that's not the best practice.
Based on the Env, we have usually (can depend on ENV requirements), one host that is used to control the whole Infra/ENV.
On that host, we use ARA to keep track of playbooks execution on that host, while we also have
log_path set to also log to on-disk log files (rotated)
So the workflow goes like this :
- sysadmin with RWC rights pushes needed change[s] to either
- two cases :
- it can wait next automatic execution: do nothing and ansible will deploy your change (like for example a simple TLS cert replace and reload) when the next (cron) "play all roles on all nodes" task will run
- it has to be done
now: you kick the role task from the central ansible host to be ran directly