ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Ansible Agent Option?

    Scheduled Pinned Locked Moved IT Discussion
    ansible
    163 Posts 11 Posters 28.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in Ansible Agent Option?:

      @Dashrender said in Ansible Agent Option?:

      @scottalanmiller said in Ansible Agent Option?:

      @Obsolesce said in Ansible Agent Option?:

      I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.

      I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.

      MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.

      In user land there are almost always special cases and exceptions - how do you deal with those with Salt?

      That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.

      OK I guess I see that.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said in Ansible Agent Option?:

        @scottalanmiller said in Ansible Agent Option?:

        @Dashrender said in Ansible Agent Option?:

        @scottalanmiller said in Ansible Agent Option?:

        @Obsolesce said in Ansible Agent Option?:

        I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.

        I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.

        MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.

        In user land there are almost always special cases and exceptions - how do you deal with those with Salt?

        That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.

        OK I guess I see that.

        One hammer, one kind of nail, but you can build many different houses.

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @scottalanmiller
          last edited by

          @scottalanmiller said in Ansible Agent Option?:

          @Dashrender said in Ansible Agent Option?:

          @scottalanmiller said in Ansible Agent Option?:

          @Dashrender said in Ansible Agent Option?:

          @scottalanmiller said in Ansible Agent Option?:

          @Obsolesce said in Ansible Agent Option?:

          @coliver said in Ansible Agent Option?:

          @Obsolesce said in Ansible Agent Option?:

          Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

          From an MSP perspective that can get pretty inefficient and heavy.

          Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

          Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

          This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

          DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

          By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

          That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

          Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

          DustinB3403D JaredBuschJ 2 Replies Last reply Reply Quote 0
          • DustinB3403D
            DustinB3403 @Dashrender
            last edited by

            @Dashrender said in Ansible Agent Option?:

            @scottalanmiller said in Ansible Agent Option?:

            @Dashrender said in Ansible Agent Option?:

            @scottalanmiller said in Ansible Agent Option?:

            @Dashrender said in Ansible Agent Option?:

            @scottalanmiller said in Ansible Agent Option?:

            @Obsolesce said in Ansible Agent Option?:

            @coliver said in Ansible Agent Option?:

            @Obsolesce said in Ansible Agent Option?:

            Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

            From an MSP perspective that can get pretty inefficient and heavy.

            Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

            Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

            This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

            DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

            By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

            That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

            Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

            That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

            DashrenderD 1 Reply Last reply Reply Quote 2
            • DashrenderD
              Dashrender @DustinB3403
              last edited by

              @DustinB3403 said in Ansible Agent Option?:

              @Dashrender said in Ansible Agent Option?:

              @scottalanmiller said in Ansible Agent Option?:

              @Dashrender said in Ansible Agent Option?:

              @scottalanmiller said in Ansible Agent Option?:

              @Dashrender said in Ansible Agent Option?:

              @scottalanmiller said in Ansible Agent Option?:

              @Obsolesce said in Ansible Agent Option?:

              @coliver said in Ansible Agent Option?:

              @Obsolesce said in Ansible Agent Option?:

              Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

              From an MSP perspective that can get pretty inefficient and heavy.

              Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

              Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

              This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

              DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

              By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

              That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

              Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

              That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

              You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.

              I think the last 'new' software I deployed was Citrix-workspace.

              DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 0
              • DustinB3403D
                DustinB3403 @Dashrender
                last edited by

                @Dashrender said in Ansible Agent Option?:

                @DustinB3403 said in Ansible Agent Option?:

                @Dashrender said in Ansible Agent Option?:

                @scottalanmiller said in Ansible Agent Option?:

                @Dashrender said in Ansible Agent Option?:

                @scottalanmiller said in Ansible Agent Option?:

                @Dashrender said in Ansible Agent Option?:

                @scottalanmiller said in Ansible Agent Option?:

                @Obsolesce said in Ansible Agent Option?:

                @coliver said in Ansible Agent Option?:

                @Obsolesce said in Ansible Agent Option?:

                Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                From an MSP perspective that can get pretty inefficient and heavy.

                Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

                You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.

                I think the last 'new' software I deployed was Citrix-workspace.

                I have people who need things changed daily, yes.

                DashrenderD 1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender @DustinB3403
                  last edited by Dashrender

                  @DustinB3403 said in Ansible Agent Option?:

                  @Dashrender said in Ansible Agent Option?:

                  @DustinB3403 said in Ansible Agent Option?:

                  @Dashrender said in Ansible Agent Option?:

                  @scottalanmiller said in Ansible Agent Option?:

                  @Dashrender said in Ansible Agent Option?:

                  @scottalanmiller said in Ansible Agent Option?:

                  @Dashrender said in Ansible Agent Option?:

                  @scottalanmiller said in Ansible Agent Option?:

                  @Obsolesce said in Ansible Agent Option?:

                  @coliver said in Ansible Agent Option?:

                  @Obsolesce said in Ansible Agent Option?:

                  Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                  From an MSP perspective that can get pretty inefficient and heavy.

                  Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                  Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                  This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                  DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                  By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                  That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                  Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                  That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

                  You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.

                  I think the last 'new' software I deployed was Citrix-workspace.

                  I have people who need things changed daily, yes.

                  I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment.

                  DustinB3403D scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • DustinB3403D
                    DustinB3403 @Dashrender
                    last edited by

                    @Dashrender said in Ansible Agent Option?:

                    @DustinB3403 said in Ansible Agent Option?:

                    @Dashrender said in Ansible Agent Option?:

                    @DustinB3403 said in Ansible Agent Option?:

                    @Dashrender said in Ansible Agent Option?:

                    @scottalanmiller said in Ansible Agent Option?:

                    @Dashrender said in Ansible Agent Option?:

                    @scottalanmiller said in Ansible Agent Option?:

                    @Dashrender said in Ansible Agent Option?:

                    @scottalanmiller said in Ansible Agent Option?:

                    @Obsolesce said in Ansible Agent Option?:

                    @coliver said in Ansible Agent Option?:

                    @Obsolesce said in Ansible Agent Option?:

                    Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                    From an MSP perspective that can get pretty inefficient and heavy.

                    Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                    Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                    This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                    DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                    By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                    That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                    Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                    That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

                    You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.

                    I think the last 'new' software I deployed was Citrix-workspace.

                    I have people who need things changed daily, yes.

                    I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment.

                    On MAC GPO doesn't apply.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @DustinB3403
                      last edited by

                      @DustinB3403 said in Ansible Agent Option?:

                      @Dashrender said in Ansible Agent Option?:

                      @DustinB3403 said in Ansible Agent Option?:

                      @Dashrender said in Ansible Agent Option?:

                      @DustinB3403 said in Ansible Agent Option?:

                      @Dashrender said in Ansible Agent Option?:

                      @scottalanmiller said in Ansible Agent Option?:

                      @Dashrender said in Ansible Agent Option?:

                      @scottalanmiller said in Ansible Agent Option?:

                      @Dashrender said in Ansible Agent Option?:

                      @scottalanmiller said in Ansible Agent Option?:

                      @Obsolesce said in Ansible Agent Option?:

                      @coliver said in Ansible Agent Option?:

                      @Obsolesce said in Ansible Agent Option?:

                      Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                      From an MSP perspective that can get pretty inefficient and heavy.

                      Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                      Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                      This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                      DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                      By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                      That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                      Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                      That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

                      You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.

                      I think the last 'new' software I deployed was Citrix-workspace.

                      I have people who need things changed daily, yes.

                      I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment.

                      On MAC GPO doesn't apply.

                      Did I not mention "thousands of other tools"?

                      1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @Dashrender
                        last edited by JaredBusch

                        @Dashrender said in Ansible Agent Option?:

                        @scottalanmiller said in Ansible Agent Option?:

                        @Dashrender said in Ansible Agent Option?:

                        @scottalanmiller said in Ansible Agent Option?:

                        @Dashrender said in Ansible Agent Option?:

                        @scottalanmiller said in Ansible Agent Option?:

                        @Obsolesce said in Ansible Agent Option?:

                        @coliver said in Ansible Agent Option?:

                        @Obsolesce said in Ansible Agent Option?:

                        Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                        From an MSP perspective that can get pretty inefficient and heavy.

                        Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                        Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                        This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                        DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                        By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                        That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                        Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                        How in the hell is it a waste of time for the business to realign their people's tasks (and thus tools) with the business needs as they change?

                        Just because you are in a place where nothing has changed in 30 years does not mean the rest of us are.

                        1 Reply Last reply Reply Quote 2
                        • JaredBuschJ
                          JaredBusch @Obsolesce
                          last edited by JaredBusch

                          @Obsolesce said in Ansible Agent Option?:

                          @DustinB3403 said in Ansible Agent Option?:

                          @Obsolesce said in Ansible Agent Option?:

                          @DustinB3403 said in Ansible Agent Option?:

                          @Obsolesce said in Ansible Agent Option?:

                          @coliver said in Ansible Agent Option?:

                          @Obsolesce said in Ansible Agent Option?:

                          Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                          From an MSP perspective that can get pretty inefficient and heavy.

                          Why is an MSP wanting to manage client user Windows devices with Ansible? That doesn't make much sense and not really what it's for.

                          Because they're being paid to manage them.

                          Then they should manage them with MDM software.

                          And which MDM would recommend?

                          How the hell do I recommend MDM software based solely on the fact he wants some unknown to me configuration on some unknown to me devices in unknown environments?

                          FFS, pull your head out of your ass.

                          There was like 40 posts of nothing but you arguing something that no one fucking cared about.

                          MDM = Mobile Device Management.

                          @scottalanmiller does not want or need Mobile Device Management. He never asked for anything related to it.

                          He specifically asked if anyone knew about an agent or other method too use Ansible without a SDN/VPN/WTFEver LAN extension to allow roaming devices to still be managed by Ansible.

                          1 Reply Last reply Reply Quote 2
                          • JaredBuschJ
                            JaredBusch @Obsolesce
                            last edited by

                            @Obsolesce said in Ansible Agent Option?:

                            @scottalanmiller said in Ansible Agent Option?:

                            Salt will allow for essentially unlimited system management, with state which is absolutely critical, with monitoring and reporting, with LAN or without LAN, and doesn't need anything installed that can't be found in Chocolatey (not as good as needing nothing at all, but close.)

                            SO why are you not using SaltStack then? SaltStack and do ANYTHING to a Windows device. How? It can run PowerShell, and it can run scheduled tasks with any configuration. I can think of no case SaltStack wouldn't work for some configuration on a Windows device. SaltStack is like the only exception to the rule, so why not use it?

                            He is, and has for a long time. And it was even implied in an early post that you apparently didn't bother to read before you decided to go off on your little rant.

                            Post 11
                            Post 34

                            1 Reply Last reply Reply Quote 1
                            • ObsolesceO
                              Obsolesce @scottalanmiller
                              last edited by

                              @scottalanmiller said in Ansible Agent Option?:

                              We are, but I want to give Ansible a fair shake and am asking if or how anyone is getting it to overcome this agentless limitation for accessing other machines.

                              Then you will need to test them in a scenario that they both equally support, or take the limitation factor out of it.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • ObsolesceO
                                Obsolesce @scottalanmiller
                                last edited by

                                @scottalanmiller said in Ansible Agent Option?:

                                From what I've seen Ansible has more momentum and support (IBM bought them now) and more robust Windows handling. So it would be great if I am just missing a way to add an agent to it. That it is agentless by default is great, it's that it would be wonderful if it had an optional agent (native or third party) that is currently supported.

                                From what I seen,it's a totally different ballpark from what those who would use Ansible want to do,from what those who manage user devices want to do. Ansible works wonders in the area environment it's designed for... managing configurations of server farms, cloud resources, DevOps solutions,etc. That is big and the area of MDM and just regular ass user device management is already covered by agent based software.i mean when you think about it, there's no other way. It makes sense. That SaltStack is like Ansible and also uses an agent puts it above imo,and why that d8dnt take off better than Ansible is beyond me. I don't mind an agent,and I love SaltStack because it works so much easier. But that the big companies are more supporting Ansible for some reason we need to know both until i guess they either switch to SS, or they create a real native Ansible agent if nothing else.

                                Intune is all the way there now once you learn how it works and why it works the way it does. The absolute worst case scenario is that you have to do something through a powershell script on a device the same way you would using SS. That's about it,otherwise it's a built in functionality of Intune either right in the web GUI or API. That it uses Graph API is fantastic imo. This here was in reference to another reply,but too lazy to split this and find it.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • stacksofplatesS
                                  stacksofplates @scottalanmiller
                                  last edited by stacksofplates

                                  @scottalanmiller said in Ansible Agent Option?:

                                  @Obsolesce said in Ansible Agent Option?:

                                  @coliver said in Ansible Agent Option?:

                                  @Obsolesce said in Ansible Agent Option?:

                                  @scottalanmiller said in Ansible Agent Option?:

                                  A simple test would be this.... if MDM is the right tool for your laptops, then it would also be the right tool for your servers.

                                  Servers are not mobile devices.

                                  Nor are Desktops but it would be nice to manage them with the same tool. Intune comes to mind it will do some state management and is getting better with time...

                                  Intune only works because it's built to work that way. The operating systems and software that runs on them is built to work with intune so that the devices can be managed. Intune is (M)DM. Jamf is (M)DM. SaltStack, Ansible, etc is not device management. SaltStack has a big plus that it works well to manage devices due to the nature of agent based.

                                  SaltStack and Ansible are basically the same. But Ansible lacks an agent so access is less secure and way more complicated. You can layer SDN onto Ansible to achieve it, ZeroTier for example, but that carries complexity and problems. The agent nature is so superior, by such a staggering degree. In theory you can build an Ansible agent, that shouldn't be that hard. The problem is that no one seems to have made and maintained one, it's just a theory that you could do, but beyond that, if someone made an agent it seems like it would be perfect.

                                  I didn't read through everything yet but these kind of statements are ridiculous, so I'm hoping you're hyperbolizing.

                                  lacks an agent so access is less secure

                                  That's 100% false.

                                  The agent nature is so superior, by such a staggering degree.

                                  This is also 100% false.

                                  but that carries complexity and problems

                                  Care to explain the "complexity" or "problems"?

                                  scottalanmillerS 2 Replies Last reply Reply Quote 0
                                  • stacksofplatesS
                                    stacksofplates
                                    last edited by stacksofplates

                                    It's not necessarily built for that use case. I think Salt (with agents) is a step backwards when doing immutable infrastructure because you're tying things such as certificates to systems whereas with Ansible, I can build the image and either leave only SSH access if I need it, or completely disable SSH and deploy the servers from the template with no logins at all.

                                    Each tool has it's own purpose. Ansible and Terraform overlap in areas, but that doesn't negate the fact that either should exist.

                                    1 Reply Last reply Reply Quote 0
                                    • stacksofplatesS
                                      stacksofplates
                                      last edited by

                                      There are ways to do a remote trigger which is like an agent, but it still uses SSH. https://hooks.technology/2019/06/ansible-and-jenkins-remote-triggers/ https://hooks.technology/2017/08/ansible-tower-provisioning-callbacks/

                                      Ansible is more of a distributed configuration management tool. It doesn't have to be run from a single source. You obviously can from either cli or tools like Tower/AWX, Jenkins, Rundeck, Semaphore, etc. However it's not limited to that. You can run it from your laptop and control the same systems from a central Ansible server also. You lose that ability with agents.

                                      D 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in Ansible Agent Option?:

                                        @DustinB3403 said in Ansible Agent Option?:

                                        @Dashrender said in Ansible Agent Option?:

                                        @scottalanmiller said in Ansible Agent Option?:

                                        @Dashrender said in Ansible Agent Option?:

                                        @scottalanmiller said in Ansible Agent Option?:

                                        @Dashrender said in Ansible Agent Option?:

                                        @scottalanmiller said in Ansible Agent Option?:

                                        @Obsolesce said in Ansible Agent Option?:

                                        @coliver said in Ansible Agent Option?:

                                        @Obsolesce said in Ansible Agent Option?:

                                        Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                                        From an MSP perspective that can get pretty inefficient and heavy.

                                        Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                                        Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                                        This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                                        DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                                        By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                                        That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                                        Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                                        That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

                                        You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.

                                        I think the last 'new' software I deployed was Citrix-workspace.

                                        When you have thousands of machines, absolutely there are changes daily.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @Dashrender
                                          last edited by

                                          @Dashrender said in Ansible Agent Option?:

                                          @DustinB3403 said in Ansible Agent Option?:

                                          @Dashrender said in Ansible Agent Option?:

                                          @DustinB3403 said in Ansible Agent Option?:

                                          @Dashrender said in Ansible Agent Option?:

                                          @scottalanmiller said in Ansible Agent Option?:

                                          @Dashrender said in Ansible Agent Option?:

                                          @scottalanmiller said in Ansible Agent Option?:

                                          @Dashrender said in Ansible Agent Option?:

                                          @scottalanmiller said in Ansible Agent Option?:

                                          @Obsolesce said in Ansible Agent Option?:

                                          @coliver said in Ansible Agent Option?:

                                          @Obsolesce said in Ansible Agent Option?:

                                          Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?

                                          From an MSP perspective that can get pretty inefficient and heavy.

                                          Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.

                                          Even not an MSP, why would anyone want to use anything but state machines for managing their machines?

                                          This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.

                                          DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)

                                          By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?

                                          That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.

                                          Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.

                                          That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.

                                          You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.

                                          I think the last 'new' software I deployed was Citrix-workspace.

                                          I have people who need things changed daily, yes.

                                          I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment.

                                          Those push changes, but don't verify changes. GP doesn't even begin to do what state machines do. Totally different animal.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Obsolesce
                                            last edited by

                                            @Obsolesce said in Ansible Agent Option?:

                                            @scottalanmiller said in Ansible Agent Option?:

                                            We are, but I want to give Ansible a fair shake and am asking if or how anyone is getting it to overcome this agentless limitation for accessing other machines.

                                            Then you will need to test them in a scenario that they both equally support, or take the limitation factor out of it.

                                            That's pretty silly. You don't test suitability of tools by altering the test till both products are equal. You test in plausible test cases to determine which is better.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 9
                                            • 6 / 9
                                            • First post
                                              Last post