I'd suggest automating stuff for any environments you have control over (say development or just virtualization running on your machine if necessary). You can give other teams the ability to control password access (probably lots of ways to do this - keep inventory in separate repo and let other teams manage vault passwords, for example). If its automated you can at least make use of that and there's code ready to go when it makes sense for other teams to use it. I guess I'm saying go for a 'lead by example' approach. Its always better when people can choose change and showing tangible benefits is going to make it easier to choose to change.
Otherwise I'd suggest you look for another gig, sounds like your current organisation is taking the wind out of your sails. Hope this helps, Jon On Friday, August 25, 2017 at 8:23:09 PM UTC+1, Adam Shantz wrote: > > I agree, they shouldn't be in power. Alas, it's the situation I'm in, and > I'm not a Director/VP. The people I refer to are system engineers. My > thought is they are comfortable being the only people with root access > (even though I've managed to get Ansible setup with some level of root > privileges), and see it as a job security threat to allow other people such > access. The other "reason" I've received is that any mature organization > has "division of duties" to ensure no one person has too much power. Which > is true, but I'm trying to ensure business continuity without having to > remember (and make manual changes) to systems that have special > customizations. I've tried to explain that as the platform & business > owner, I'm the one that has to answer when things go wrong. I also have a > proven track record of including people in decisions, but it seems like a > control thing. I just want consistent, reliable, repeatable upgrades. > > Adam > > > > > On Friday, August 25, 2017 at 3:06:45 PM UTC-4, Karl Jorgensen wrote: >> >> On Fri, 2017-08-25 at 11:08 -0700, Adam Shantz wrote: >> >> Hi all - >> >> I have some difficult people in my organization that are in positions of >> power that think that just because doing something manually "isn't very >> hard", it shouldn't be automated. For example, clone of VMs from >> templates, setting up sshd_config, etc. >> >> >> Hm... such people should *not* be in power - perhaps if we knew more >> about their reasoning for this attitude then the list may be useful in >> proposing lines of arguments to convince them? >> >> Is there anyone out there that would be willing to exchange emails (so >> I'm not airing dirty laundry publicly) to trade ideas on how to deal with >> these difficult situations? Bonus if you're in/near the DC or Virginia, >> USA area. >> >> >> By the little you have revealed, I doubt they would be receptive from >> advice from a random stranger :-| >> >> >> >> -- >> >> Karl E. Jorgensen <[email protected]> >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8a297224-5c9c-4aeb-ad02-007faa6348e9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
