On Mon, Nov 12, 2012 at 8:53 AM, Benno Rice <[email protected]> wrote: > Another one to look at is Ansible. You really, really don't want to use its > paramiko-based connection stuff if you're talking over any kind of latency > though. Switch to "real" ssh and make sure ControlMaster/ControlPersist is > enabled.
Thanks. Ansible looks good, and it's good that it uses ssh for transport. One of the factors that will influence our choice is how easy/simple it is for the default system to go through a firewall. We'll have some machines co-located with clients, in their internal networks, and their IT depts are adamantly against anything beyond outgoing http/https connections. One feels that they would be happy to stop traffic accidents by not allowing cars on roads. I guess we can run ssh on port 443 and pray they don't timeout long connections. So Ansible would help here, though apparently it only works by pushing, so we would have to do reverse ssh. Or we could run ssh on port 443, tunnel Salt's ZeroMQ connection over that, and hope it's not too brittle; there are some recent threads about connection woes on the Salt mailing list. By the way, Martin Krafft (Debian Developer and overall smart person) doesn't like Ansible too much. Here's his survey of the field. Spoiler alert: he ended up picking Salt: http://madduck.net/blog/2012.10.19:configuration-management/ Cheers, J _______________________________________________ melbourne-pug mailing list [email protected] http://mail.python.org/mailman/listinfo/melbourne-pug
