Uses for config managment tools like salt/ansible/puppet/chef

alias454alias454 Member Posts: 648 ■■■■□□□□□□
I started using Salt last year to manage my Linux systems and gradually our windows admins became interested in what I was doing. It helped that I continually told them about all the time I was saving doing routine work. At this point, we are managing a good portion of our Windows servers and 100% of our Linux infrastructure with Salt. This has been a big win and I continue to look for ways to leverage Salt to increase its benefit. One thing I recently starting toying around with was a project to integrate CIS benchmark checking with an addon called hubblestack. I also wanted to start exploring the idea of deploying something like salt across all of our workstations and wondered what are some interesting things others are doing with their config management systems?
“I do not seek answers, but rather to understand the question.”

Comments

  • VeritiesVerities Member Posts: 1,162
    I've used Ansible to close the gap in software bugs; we have applications that are supposed to update every morning but more often than not they don't. I created a playbook that sends a manual command to check in with the centralized location of the software so it receives updates. The playbook has multiple applications that are being forced to check in but that's the most basic playbook I have. It took me about a month to automate the DISA RHEL 6 STIG benchmark, so I can run that against a newly created server and get it to 99% compliance in less than a minute. My next goal is to split it into roles, so say I want all NTP configs to to be the same (in accordance with STIG standards), I can run the playbook and get them all in line without causing interruption. The harder one to do will be getting all the Apache configurations in-line because we use JCE (WHY?!!?!?!) on some of our web servers, which require more finess when making changes like SSL certs.

    The best part is being able to centrally manage all my RHEL servers with ad-hoc commands and generate reports or run an audit on all my servers in about a minute. If you use Ansible, check out this little gem:

    https://github.com/fboender/ansible-cmdb
Sign In or Register to comment.