misc / centos / centos-infra-docs

Forked from centos/centos-infra-docs 2 years ago
Clone
Source Code
GIT

Files

  1.   a194fba2ecd0252733c88b84ea0c795753a9543b
  2.   docs
  3.   ansible
  4.   ara.md
Blob Blame History Raw 
# ARA and central mgmt node

While `sysadmins` having ssh/sudo rights on servers can trigger themselves remotely ad-hoc or role tasks through ansible from their main station, that's *not* the best practice.

Based on the Env, we have usually (can depend on ENV requirements), one [host](https://github.com/CentOS/ansible-role-ansible-host) that is used to control the whole Infra/ENV.

On that host, we use [ARA](https://ara.recordsansible.org/) to keep track of playbooks execution on that host, while we also have `log_path` set to also log to on-disk log files (rotated)

So the workflow goes like this : 

  * sysadmin with RWC rights pushes needed change[s] to either `inventory`, `filestore` or `pkistore` git repo
  * two cases :
    * it can wait next automatic execution: do nothing and ansible will deploy your change (like for example a simple TLS cert replace and reload) when the next (cron) "play all roles on all nodes" task will run
    * it has to be done `now` : you kick the role task from the central ansible host to be ran directly

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation