ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Ansible Agent Option?

    Scheduled Pinned Locked Moved IT Discussion
    ansible
    163 Posts 11 Posters 28.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ObsolesceO
      Obsolesce @coliver
      last edited by

      @coliver said in Ansible Agent Option?:

      @Obsolesce said in Ansible Agent Option?:

      @scottalanmiller said in Ansible Agent Option?:

      A simple test would be this.... if MDM is the right tool for your laptops, then it would also be the right tool for your servers.

      Servers are not mobile devices.

      Nor are Desktops but it would be nice to manage them with the same tool. Intune comes to mind it will do some state management and is getting better with time...

      Nobody is managing servers with Intune. They are using SaltStack/Ansible/Chef/Puppet/DSC/SCCM for servers. NOT Intune. Also, Intune doesn't even support Server OSs.

      scottalanmillerS 1 Reply Last reply Reply Quote 1
      • ObsolesceO
        Obsolesce @DustinB3403
        last edited by Obsolesce

        @DustinB3403 said in Ansible Agent Option?:

        @Obsolesce said in Ansible Agent Option?:

        @DustinB3403 said in Ansible Agent Option?:

        @Obsolesce said in Ansible Agent Option?:

        @coliver said in Ansible Agent Option?:

        @Obsolesce said in Ansible Agent Option?:

        Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

        From an MSP perspective that can get pretty inefficient and heavy.

        Why is an MSP wanting to manage client user Windows devices with Ansible? That doesn't make much sense and not really what it's for.

        Because they're being paid to manage them.

        Then they should manage them with MDM software.

        And which MDM would recommend?

        How the hell do I recommend MDM software based solely on the fact he wants some unknown to me configuration on some unknown to me devices in unknown environments?

        @scottalanmiller said in Ansible Agent Option?:

        Salt will allow for essentially unlimited system management, with state which is absolutely critical, with monitoring and reporting, with LAN or without LAN, and doesn't need anything installed that can't be found in Chocolatey (not as good as needing nothing at all, but close.)

        SO why are you not using SaltStack then? SaltStack and do ANYTHING to a Windows device. How? It can run PowerShell, and it can run scheduled tasks with any configuration. I can think of no case SaltStack wouldn't work for some configuration on a Windows device. SaltStack is like the only exception to the rule, so why not use it?

        scottalanmillerS JaredBuschJ 3 Replies Last reply Reply Quote 0
        • DashrenderD
          Dashrender @scottalanmiller
          last edited by

          @scottalanmiller said in Ansible Agent Option?:

          @Obsolesce said in Ansible Agent Option?:

          @coliver said in Ansible Agent Option?:

          @Obsolesce said in Ansible Agent Option?:

          Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

          From an MSP perspective that can get pretty inefficient and heavy.

          Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

          Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

          This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • DashrenderD
            Dashrender @Obsolesce
            last edited by

            @Obsolesce said in Ansible Agent Option?:

            @scottalanmiller said in Ansible Agent Option?:

            @Obsolesce said in Ansible Agent Option?:

            @scottalanmiller said in Ansible Agent Option?:

            A simple test would be this.... if MDM is the right tool for your laptops, then it would also be the right tool for your servers.

            Servers are not mobile devices.

            Nor are desktops. They are all the same. Everything is somewhat mobile, nothing is totally stationary or totally mobile. They are just "computing devices". Needing to define their rate of mobility as a part of their ability to be managed would be a failure of any solution.

            That's not the whole point. It's Device management versus configuration / state management.

            I'm late to this game - what is the difference here?

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Obsolesce
              last edited by

              @Obsolesce said in Ansible Agent Option?:

              I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.

              I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.

              MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.

              DashrenderD 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Dashrender
                last edited by

                @Dashrender said in Ansible Agent Option?:

                @scottalanmiller said in Ansible Agent Option?:

                @Obsolesce said in Ansible Agent Option?:

                @coliver said in Ansible Agent Option?:

                @Obsolesce said in Ansible Agent Option?:

                Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                From an MSP perspective that can get pretty inefficient and heavy.

                Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  @scottalanmiller I assume that Salt/Ansible have some way of removing software from a computer that you don't is not part of what you have in the state?

                  Same goes for user accounts on the machine. Let's assume the user has local admin rights - they create more accounts - I assume that Salt/Ansible have ways to remove those accounts when their refresh period takes place?

                  scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Obsolesce
                    last edited by

                    @Obsolesce said in Ansible Agent Option?:

                    SO why are you not using SaltStack then? SaltStack and do ANYTHING to a Windows device. How? It can run PowerShell, and it can run scheduled tasks with any configuration. I can think of no case SaltStack wouldn't work for some configuration on a Windows device. SaltStack is like the only exception to the rule, so why not use it?

                    We are, but I want to give Ansible a fair shake and am asking if or how anyone is getting it to overcome this agentless limitation for accessing other machines.

                    From what I've seen Ansible has more momentum and support (IBM bought them now) and more robust Windows handling. So it would be great if I am just missing a way to add an agent to it. That it is agentless by default is great, it's that it would be wonderful if it had an optional agent (native or third party) that is currently supported.

                    Salt does both, but no one talks about the agentless method as the agent is so awesome. I was hoping the inverse was happening here.

                    ObsolesceO 2 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @Dashrender
                      last edited by

                      @Dashrender said in Ansible Agent Option?:

                      I assume that Salt/Ansible have some way of removing software from a computer that you don't is not part of what you have in the state?

                      Absolutely, yes. That's very core to their functionality.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said in Ansible Agent Option?:

                        Same goes for user accounts on the machine. Let's assume the user has local admin rights - they create more accounts - I assume that Salt/Ansible have ways to remove those accounts when their refresh period takes place?

                        Yes, again very core. These are specifically some of the functions that we expect to use (and most everyone does.) Nothing weird here, just part of the power that state machines intrinsically provide.

                        1 Reply Last reply Reply Quote 0
                        • DashrenderD
                          Dashrender @scottalanmiller
                          last edited by

                          @scottalanmiller said in Ansible Agent Option?:

                          @Obsolesce said in Ansible Agent Option?:

                          I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.

                          I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.

                          MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.

                          In user land there are almost always special cases and exceptions - how do you deal with those with Salt?

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Obsolesce
                            last edited by

                            @Obsolesce said in Ansible Agent Option?:

                            @coliver said in Ansible Agent Option?:

                            @Obsolesce said in Ansible Agent Option?:

                            @scottalanmiller said in Ansible Agent Option?:

                            A simple test would be this.... if MDM is the right tool for your laptops, then it would also be the right tool for your servers.

                            Servers are not mobile devices.

                            Nor are Desktops but it would be nice to manage them with the same tool. Intune comes to mind it will do some state management and is getting better with time...

                            Nobody is managing servers with Intune. They are using SaltStack/Ansible/Chef/Puppet/DSC/SCCM for servers. NOT Intune. Also, Intune doesn't even support Server OSs.

                            True. And having tried it some time ago, at least then, it was horribly anemic. Just no power. I'm sure it has improved, but even rudimentary RMM platforms had more configuration management for machines.

                            1 Reply Last reply Reply Quote 0
                            • DashrenderD
                              Dashrender @scottalanmiller
                              last edited by

                              @scottalanmiller said in Ansible Agent Option?:

                              @Dashrender said in Ansible Agent Option?:

                              @scottalanmiller said in Ansible Agent Option?:

                              @Obsolesce said in Ansible Agent Option?:

                              @coliver said in Ansible Agent Option?:

                              @Obsolesce said in Ansible Agent Option?:

                              Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                              From an MSP perspective that can get pretty inefficient and heavy.

                              Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                              Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                              This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                              DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                              By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Dashrender
                                last edited by

                                @Dashrender said in Ansible Agent Option?:

                                @scottalanmiller said in Ansible Agent Option?:

                                @Obsolesce said in Ansible Agent Option?:

                                I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.

                                I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.

                                MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.

                                In user land there are almost always special cases and exceptions - how do you deal with those with Salt?

                                That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @Dashrender said in Ansible Agent Option?:

                                  @scottalanmiller said in Ansible Agent Option?:

                                  @Dashrender said in Ansible Agent Option?:

                                  @scottalanmiller said in Ansible Agent Option?:

                                  @Obsolesce said in Ansible Agent Option?:

                                  @coliver said in Ansible Agent Option?:

                                  @Obsolesce said in Ansible Agent Option?:

                                  Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                                  From an MSP perspective that can get pretty inefficient and heavy.

                                  Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                                  Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                                  This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                                  DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                                  By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                                  That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    One of the goals with Salt, Ansible, or presumably an MDM is to manage the machines without ever needing to log in and touch them.

                                    1 Reply Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Ansible Agent Option?:

                                      @Dashrender said in Ansible Agent Option?:

                                      @scottalanmiller said in Ansible Agent Option?:

                                      @Obsolesce said in Ansible Agent Option?:

                                      I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.

                                      I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.

                                      MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.

                                      In user land there are almost always special cases and exceptions - how do you deal with those with Salt?

                                      That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.

                                      OK I guess I see that.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in Ansible Agent Option?:

                                        @scottalanmiller said in Ansible Agent Option?:

                                        @Dashrender said in Ansible Agent Option?:

                                        @scottalanmiller said in Ansible Agent Option?:

                                        @Obsolesce said in Ansible Agent Option?:

                                        I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.

                                        I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.

                                        MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.

                                        In user land there are almost always special cases and exceptions - how do you deal with those with Salt?

                                        That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.

                                        OK I guess I see that.

                                        One hammer, one kind of nail, but you can build many different houses.

                                        1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Ansible Agent Option?:

                                          @Dashrender said in Ansible Agent Option?:

                                          @scottalanmiller said in Ansible Agent Option?:

                                          @Dashrender said in Ansible Agent Option?:

                                          @scottalanmiller said in Ansible Agent Option?:

                                          @Obsolesce said in Ansible Agent Option?:

                                          @coliver said in Ansible Agent Option?:

                                          @Obsolesce said in Ansible Agent Option?:

                                          Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                                          From an MSP perspective that can get pretty inefficient and heavy.

                                          Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                                          Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                                          This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                                          DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                                          By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                                          That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                                          Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                                          DustinB3403D JaredBuschJ 2 Replies Last reply Reply Quote 0
                                          • DustinB3403D
                                            DustinB3403 @Dashrender
                                            last edited by

                                            @Dashrender said in Ansible Agent Option?:

                                            @scottalanmiller said in Ansible Agent Option?:

                                            @Dashrender said in Ansible Agent Option?:

                                            @scottalanmiller said in Ansible Agent Option?:

                                            @Dashrender said in Ansible Agent Option?:

                                            @scottalanmiller said in Ansible Agent Option?:

                                            @Obsolesce said in Ansible Agent Option?:

                                            @coliver said in Ansible Agent Option?:

                                            @Obsolesce said in Ansible Agent Option?:

                                            Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                                            From an MSP perspective that can get pretty inefficient and heavy.

                                            Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                                            Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                                            This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                                            DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                                            By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                                            That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                                            Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                                            That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

                                            DashrenderD 1 Reply Last reply Reply Quote 2
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 8
                                            • 9
                                            • 2 / 9
                                            • First post
                                              Last post