Re: [ansible-project] What are the possible setups for ansible in the cloud to configure on premise devices?

[David Foley]

>
>
>>- What is your Cloud Service Provider that this PoC will take place ? 
>>   - Using just "OpenVPN" Soultion on a cloud provider isn't best 
>>   practice when it comes to Security you can download an OpenVPN 
>> instance on 
>>   EC2 market, but you may have better option using the AWS offering for 
>>   better Routing and Security options:  I haven't seen companies using 
>>   OpenVPN as a soultion to make a connection from On-prem to Cloud
>>
>>
I don't think the Cloud had your use case in mind when it was first 
offered, a better PoC would be how to use Terraform / Ansible / Packer for 
a Multi-Cloud Hybrid Solution: if you are Studying in the Cloud Field a 
better PoC would be a Multi-Cloud Environment as a HA Setup.

For Example: 

If you are Running an Application on AWS how can we have a Fault Torelance 
Solution on GCP within the Same Region for GDPR: If you have German 
Customer their Data needs to have jurisdiction within Germany. With this in 
mind if your AWS Region in Germany goes down how do we make sure Fault 
Torelance is in place and Traffic is routed to a Secondary Cloud Provider 
(Azure / GCP) Similar to an On-Prem Solution were a Company would have 2 
Datacenters in within the Same Country but in different locations 
(Availability Zones).
 
 
 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/b0d7cdef-8c25-4333-8a67-c86b6fa3ebc1%40googlegroups.com.

Re: [ansible-project] What are the possible setups for ansible in the cloud to configure on premise devices?

[Nicolas Charalambous]

Hello Dick,

Thank you for your reply, I know the setup is a bit atypical but the 
"question" came from the university. So I had to find a solution to set it 
up and I know it wasn't the most optimal solution that I did.
If the ansible server was also on premise it would have been a piece of 
cake.
Do you know any other possibilities for a solution? is a pfsense a solution 
maybe?

Kind regards,
Nicolas

On Sunday, May 17, 2020 at 7:25:02 PM UTC+2, Dick Visser wrote:
>
> Hi
>
> This sounds a bit atypical tbh. It's more common (and useful imho) to do 
> it the other way around. You have an "on-prem" ansible control node, which 
> is used to configure cloud based VMs. 
>
> I wonder what the usecase for your setup is?
> As you already found out, you will have to set up and manage Vpn solutions 
> to reach your on-prem stuff. The nice thing of ansible is it's simplicity. 
>
> I guess I don't see why you'd want your control node to be "in the cloud". 
> If that sat next/close to the on-prem devices then you can skip the vpn 
> complexity. 
>
> Dick 
>
> On Sun, 17 May 2020 at 17:13, Nicolas Charalambous  > wrote:
>
>> Hello guys, I'm in the last year of my studies and the question in the 
>> title is to help me write my bachelor thesis.
>>
>> My bachelor thesis is part a technical research(make a proof of concept.) 
>> and literature study. 
>>
>> The research that I did was based around 1 question: "How do I use 
>> Ansible in a production environment to configure a large number of 
>> on-premise devices via a cloud environment?"
>>
>> So the following was what I did for the proof of concept:
>>
>> I installed ansible in a cloud environment (google cloud) and created 3 
>> VM's in VMware workstation.
>>
>> To be able to configure those 3 VM's, I set up an OpenVPN connection.The 
>> ansible server in the cloud also became an OpenVPN server. I also created a 
>> new local VM that acted as an OpenVPN client that then routed all the 
>> traffic to the other local VM's using iptables rules.
>>
>> I now realize that the setup of the VPN needed to be the other way around 
>> (the ansible server should have been the VPN client).
>>
>> I was wondering what other setups are possible in this scenario and what 
>> other hardware or software would be necessary (for example: is pfsense an 
>> option? or a proxy?).
>>
>> Say for example I have ansible installed in the cloud on a VM and I want 
>> to configure devices at the office, how would you do it?
>>
>> Would really appreciate your feedback!
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ansible...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/ansible-project/02f78734-b06c-46f4-a638-44c7e1c7e148%40googlegroups.com
>>  
>> 
>> .
>>
> -- 
> Sent from a mobile device - please excuse the brevity, spelling and 
> punctuation.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/f43e2f35-a6c8-4843-b2c8-765d87b8c94a%40googlegroups.com.

Re: [ansible-project] What are the possible setups for ansible in the cloud to configure on premise devices?

[Vladimir Botka]

On Sun, 17 May 2020 08:13:16 -0700 (PDT)
Nicolas Charalambous  wrote:

> "How do I use Ansible in a production environment to configure a large
> number of on-premise devices via a cloud environment?"

An elegant and flexible solution would be to build the architecture on
"ansible-pull" (similar to the PXE concept)
https://docs.ansible.com/ansible/latest/cli/ansible-pull.html#ansible-pull

Pre-configured ansible-pull on the on-premise device downloads 1st stage
playbook let's say firstboot.yml. This playbook reads the HW of the device
and decides how to proceed, e.g. configure network, security, cron, which
playbook to download next etc.

The centralised repository in the Cloud serves the purpose of providing the
content (collections, playbooks, roles, modules, plugins) and the
configuration data. Create local proxy to make the solution more secure and
robust.

HTH,

-vlado

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20200517195339.3326a953%40gmail.com.


pgpZSpP28Sc2f.pgp
Description: OpenPGP digital signature

Re: [ansible-project] What are the possible setups for ansible in the cloud to configure on premise devices?

[Dick Visser]

Hi

This sounds a bit atypical tbh. It's more common (and useful imho) to do it
the other way around. You have an "on-prem" ansible control node, which is
used to configure cloud based VMs.

I wonder what the usecase for your setup is?
As you already found out, you will have to set up and manage Vpn solutions
to reach your on-prem stuff. The nice thing of ansible is it's simplicity.

I guess I don't see why you'd want your control node to be "in the cloud".
If that sat next/close to the on-prem devices then you can skip the vpn
complexity.

Dick

On Sun, 17 May 2020 at 17:13, Nicolas Charalambous 
wrote:

> Hello guys, I'm in the last year of my studies and the question in the
> title is to help me write my bachelor thesis.
>
> My bachelor thesis is part a technical research(make a proof of concept.)
> and literature study.
>
> The research that I did was based around 1 question: "How do I use
> Ansible in a production environment to configure a large number of
> on-premise devices via a cloud environment?"
>
> So the following was what I did for the proof of concept:
>
> I installed ansible in a cloud environment (google cloud) and created 3
> VM's in VMware workstation.
>
> To be able to configure those 3 VM's, I set up an OpenVPN connection.The
> ansible server in the cloud also became an OpenVPN server. I also created a
> new local VM that acted as an OpenVPN client that then routed all the
> traffic to the other local VM's using iptables rules.
>
> I now realize that the setup of the VPN needed to be the other way around
> (the ansible server should have been the VPN client).
>
> I was wondering what other setups are possible in this scenario and what
> other hardware or software would be necessary (for example: is pfsense an
> option? or a proxy?).
>
> Say for example I have ansible installed in the cloud on a VM and I want
> to configure devices at the office, how would you do it?
>
> Would really appreciate your feedback!
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/02f78734-b06c-46f4-a638-44c7e1c7e148%40googlegroups.com
> 
> .
>
-- 
Sent from a mobile device - please excuse the brevity, spelling and
punctuation.

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAL8fbwN9Pm3m%2BuF19dYRm0m3qMSFhO_wPu_y%3DuJ0tTdG7TN-hg%40mail.gmail.com.

[ansible-project] What are the possible setups for ansible in the cloud to configure on premise devices?

[Nicolas Charalambous]

Hello guys, I'm in the last year of my studies and the question in the 
title is to help me write my bachelor thesis.

My bachelor thesis is part a technical research(make a proof of concept.) 
and literature study. 

The research that I did was based around 1 question: "How do I use Ansible 
in a production environment to configure a large number of on-premise 
devices via a cloud environment?"

So the following was what I did for the proof of concept:

I installed ansible in a cloud environment (google cloud) and created 3 
VM's in VMware workstation.

To be able to configure those 3 VM's, I set up an OpenVPN connection.The 
ansible server in the cloud also became an OpenVPN server. I also created a 
new local VM that acted as an OpenVPN client that then routed all the 
traffic to the other local VM's using iptables rules.

I now realize that the setup of the VPN needed to be the other way around 
(the ansible server should have been the VPN client).

I was wondering what other setups are possible in this scenario and what 
other hardware or software would be necessary (for example: is pfsense an 
option? or a proxy?).

Say for example I have ansible installed in the cloud on a VM and I want to 
configure devices at the office, how would you do it?

Would really appreciate your feedback!

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/02f78734-b06c-46f4-a638-44c7e1c7e148%40googlegroups.com.