On Thursday 05 August 2021 at 14:27:00, 'Andreas Hubert' via Ansible Project
wrote:
> Dear Ansible Community,
>
> having your Infrastructure in Code, means you manage the code with a
> version control system (e.g. git). I have a case where I also configure the
> application we deploy with Ansible with various XML configuration files.
>
> Parts of this application configuration should not be touched by others,
> only by my code. But other parts of it should also be configured by others
> as well, outside of my code, to provide them with Self-Service.
I understand so far.
> So parameters should come from an outside source and not be under
> version control.
I don't get this bit - just because things are external, why would they not be
version-controlled?
> In Ansible this could come from a dynamic inventory.
It could, yes, but why not simply give these "others" who need Self-Service
write access to selected parts of the git repository, and then get ansible to
pull everything in from a version-controlled and documented source?
I would in fact suggest that it is *more* important to have these Self-Service
inputs under a version control system, because sooner or later someone is
going to say "why is this machine doing that?" and you can point to the update
they made to the configuration which made it do it.
If ansible just pulls in non-versioned XML files from somewhere, you have no
way of telling when a certain change got made, by whom (or why), nor even what
it was changed from.
Regards,
Antony.
--
"Life is just a lot better if you feel you're having 10 [small] wins a day
rather than a [big] win every 10 years or so."
- Chris Hadfield, former skiing (and ski racing) instructor
Please reply to the list;
please *don't* CC me.
