Join Log in
Score:1
corvus-migratorius avatar Server

Practice of high frequency scheduled Ansible playbook runs

dz flag
corvus-migratorius

I'm fairly new to administrating servers with configuration managers such as Ansible. I plan on running playbooks automatically on a schedule (via something like Ansible Semaphore, or even just Cron) with high frequency (like every 30 minutes or so).

I'm hoping to achieve two goals with this approach:

  1. Enforce configuration (so I can be confident that no deviation from the expected configuration exists for long);
  2. Detect any such deviation and investigate it (since Ansible reports changes for each task).

Is this a normal and/or recommended approach (I wasn't able to find authoritative sources on the best practices in this regard)?

If not, why, — and what would be a better way to achieve my goals?

Thank you!

118
1 + 2
br flag
Vladimir Botka
See [UBUNTU20-CIS](https://github.com/ansible-lockdown/UBUNTU20-CIS) for an example of configuring and auditing systems. Use [ansible-runner](https://ansible.readthedocs.io/projects/runner/en/stable/) to schedule the playbooks on your own. See the [example](https://ansible-runner-role.readthedocs.io/en/latest/example1-cron.html).
1
Reply
corvus-migratorius avatar
dz flag
corvus-migratorius
@VladimirBotka, thanks a lot for the helpful recommendations. Especially for mentioning CIS configuration. Now I know what my next project will be =)
0
Reply
Score:0
U880D avatar Server
ca flag
U880D

Ansible AWX and Ansible Tower, both have the capability to Schedule Job Templates.

Since Ansible Managed Nodes are agent-less, Ansible pushes the configuration which is described with a playbook from the Control Node onto the Remote Nodes. Therefore you need at least to consider

  • How long will the runtime for my playbook be?
  • How many nodes should become configured and the configuration enforced?
  • What could be resource constrains like network bandwith, hops, latency, utilization, etc.?

but that should be the same for any other product.

You could start with reviewing Task engine built on top of Ansible (AWX) and read further about Ansible Tower for Configuration Drift or Control with Ansible Tower. And also do not miss the comment from Vladimir Botka about

UBUNTU20-CIS for an example of configuring and auditing systems. Use ansible-runner to schedule the playbooks on your own. See the Example.

+ 5
FiftiN avatar
re flag
FiftiN
AWX too complex for this task, Semaphore better choice.
0
Reply
Semicolon avatar
jo flag
Semicolon
Agree - the runtime of the playbook in question is usually the biggest limiting factor for determining how frequently the playbook can be re-run.
0
Reply
corvus-migratorius avatar
dz flag
corvus-migratorius
Thanks a lot! So, just to clarify, in a server environment, it's A-okay to run playbooks as often as possible based on the observed execution time (plus some margin, of course)?
0
Reply
U880D avatar
ca flag
U880D
Yes, of course. See in example [Control with Ansible Tower](https://www.ansible.com/blog/control-with-ansible-tower-part-1) to prevent Configuration Drift or [Ansible Tower for Configuration Drift](https://stackoverflow.com/a/71251713/6771046).
0
Reply
corvus-migratorius avatar
dz flag
corvus-migratorius
@U880D Don't have enough reputation to upvote anything, but I'm certainly grateful for your help! Cheers!
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.