Ansible Agent Option?
-
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
-
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.
I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.
MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.
In user land there are almost always special cases and exceptions - how do you deal with those with Salt?
That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.
-
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
-
One of the goals with Salt, Ansible, or presumably an MDM is to manage the machines without ever needing to log in and touch them.
-
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.
I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.
MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.
In user land there are almost always special cases and exceptions - how do you deal with those with Salt?
That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.
OK I guess I see that.
-
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
I get that you want to use it to ensure for example 7-zip is on every device you want to manage. I understand you would do that with SS/Ansible/etc.... normally. But your situation is not the design intentions, even though a specific task you want to do is.
I don't think that that is true. At least with Salt, this is the intended use case. Laptops aren't a special case, they are a one user local GUI server and should (or can) be treated as such and Salt is engineered ground up for that.
MDM isn't, it's designed for a one off task, yes, but not the general case. The thing that makes Salt powerful is that it addresses the "universal case" or as close to it as is reasonably possible and doesn't make any special cases or exceptions.
In user land there are almost always special cases and exceptions - how do you deal with those with Salt?
That users have unique configuration per user isn't the same as an infrastructure and tooling exception. Infrastructure systems like Salt I want to be uniform = all of IT uses one tool to do all tasks (obviously nothing is truly universal yet.) But the task might be to have unique users, configuration, and packages on every computer. It's a uniform, no exceptions tool, doing a unique task every time, perhaps.
OK I guess I see that.
One hammer, one kind of nail, but you can build many different houses.
-
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
-
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.
-
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.
You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.
I think the last 'new' software I deployed was Citrix-workspace.
-
@Dashrender said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.
You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.
I think the last 'new' software I deployed was Citrix-workspace.
I have people who need things changed daily, yes.
-
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.
You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.
I think the last 'new' software I deployed was Citrix-workspace.
I have people who need things changed daily, yes.
I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment.
-
@Dashrender said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.
You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.
I think the last 'new' software I deployed was Citrix-workspace.
I have people who need things changed daily, yes.
I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment.
On MAC GPO doesn't apply.
-
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
That sounds completely normal to me. Literally daily activity and doesn't at all sound extreme or abnormal.
You have people who want different settings, new mapped drives, etc daily? I definitely don't... maybe it's a matter of company size.
I think the last 'new' software I deployed was Citrix-workspace.
I have people who need things changed daily, yes.
I suppose that fact itself has little or nothing to do with the actual tool discussion though. You could just as easily use GP to push those changes if needed, or any of thousands of other tools. My bad for tangenting from Scott's comment.
On MAC GPO doesn't apply.
Did I not mention "thousands of other tools"?
-
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Dashrender said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows mobile devices with Ansible? That doesn't make much sense and not really what it's for.
Even not an MSP, why would anyone want to use anything but state machines for managing their machines?
This kinda sounds like you wanna run DeepFreeze on all machines, except for a small area of the disk the users are allowed to write to. that does actually sound awesome - as long as you can prevent execution of programs from that space.
DeepFreeze is a different concept, but could have overlapping use cases. DF is about preserving a single state. State machines are about defining and managing state, which is assumed that it will change (possibly often.)
By change often in the case of a laptop/desktop would be that you're updating software? so you want to make sure you always have the latest version? or are you meaning something else?
That's one option, but you could think of that as not being a state change "Up to date" might be a bits and bytes change, but not a state change (does that make sense?) Moreso what I mean is that a user or group might want machines tweaked with new software, different software, different settings, new mapped drives, whatever, on a regular basis.
Wow, you sound like you have groups that waste a lot of time moving people around, changing their needed access to have those types of things change on a regular basis.
How in the hell is it a waste of time for the business to realign their people's tasks (and thus tools) with the business needs as they change?
Just because you are in a place where nothing has changed in 30 years does not mean the rest of us are.
-
@Obsolesce said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@DustinB3403 said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
Why not have an Ansible server on the same network as the devices and reachable by the Ansible server?
From an MSP perspective that can get pretty inefficient and heavy.
Why is an MSP wanting to manage client user Windows devices with Ansible? That doesn't make much sense and not really what it's for.
Because they're being paid to manage them.
Then they should manage them with MDM software.
And which MDM would recommend?
How the hell do I recommend MDM software based solely on the fact he wants some unknown to me configuration on some unknown to me devices in unknown environments?
FFS, pull your head out of your ass.
There was like 40 posts of nothing but you arguing something that no one fucking cared about.
MDM = Mobile Device Management.
@scottalanmiller does not want or need Mobile Device Management. He never asked for anything related to it.
He specifically asked if anyone knew about an agent or other method too use Ansible without a SDN/VPN/WTFEver LAN extension to allow roaming devices to still be managed by Ansible.
-
@Obsolesce said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
Salt will allow for essentially unlimited system management, with state which is absolutely critical, with monitoring and reporting, with LAN or without LAN, and doesn't need anything installed that can't be found in Chocolatey (not as good as needing nothing at all, but close.)
SO why are you not using SaltStack then? SaltStack and do ANYTHING to a Windows device. How? It can run PowerShell, and it can run scheduled tasks with any configuration. I can think of no case SaltStack wouldn't work for some configuration on a Windows device. SaltStack is like the only exception to the rule, so why not use it?
He is, and has for a long time. And it was even implied in an early post that you apparently didn't bother to read before you decided to go off on your little rant.
-
@scottalanmiller said in Ansible Agent Option?:
We are, but I want to give Ansible a fair shake and am asking if or how anyone is getting it to overcome this agentless limitation for accessing other machines.
Then you will need to test them in a scenario that they both equally support, or take the limitation factor out of it.
-
@scottalanmiller said in Ansible Agent Option?:
From what I've seen Ansible has more momentum and support (IBM bought them now) and more robust Windows handling. So it would be great if I am just missing a way to add an agent to it. That it is agentless by default is great, it's that it would be wonderful if it had an optional agent (native or third party) that is currently supported.
From what I seen,it's a totally different ballpark from what those who would use Ansible want to do,from what those who manage user devices want to do. Ansible works wonders in the area environment it's designed for... managing configurations of server farms, cloud resources, DevOps solutions,etc. That is big and the area of MDM and just regular ass user device management is already covered by agent based software.i mean when you think about it, there's no other way. It makes sense. That SaltStack is like Ansible and also uses an agent puts it above imo,and why that d8dnt take off better than Ansible is beyond me. I don't mind an agent,and I love SaltStack because it works so much easier. But that the big companies are more supporting Ansible for some reason we need to know both until i guess they either switch to SS, or they create a real native Ansible agent if nothing else.
Intune is all the way there now once you learn how it works and why it works the way it does. The absolute worst case scenario is that you have to do something through a powershell script on a device the same way you would using SS. That's about it,otherwise it's a built in functionality of Intune either right in the web GUI or API. That it uses Graph API is fantastic imo. This here was in reference to another reply,but too lazy to split this and find it.
-
@scottalanmiller said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@coliver said in Ansible Agent Option?:
@Obsolesce said in Ansible Agent Option?:
@scottalanmiller said in Ansible Agent Option?:
A simple test would be this.... if MDM is the right tool for your laptops, then it would also be the right tool for your servers.
Servers are not mobile devices.
Nor are Desktops but it would be nice to manage them with the same tool. Intune comes to mind it will do some state management and is getting better with time...
Intune only works because it's built to work that way. The operating systems and software that runs on them is built to work with intune so that the devices can be managed. Intune is (M)DM. Jamf is (M)DM. SaltStack, Ansible, etc is not device management. SaltStack has a big plus that it works well to manage devices due to the nature of agent based.
SaltStack and Ansible are basically the same. But Ansible lacks an agent so access is less secure and way more complicated. You can layer SDN onto Ansible to achieve it, ZeroTier for example, but that carries complexity and problems. The agent nature is so superior, by such a staggering degree. In theory you can build an Ansible agent, that shouldn't be that hard. The problem is that no one seems to have made and maintained one, it's just a theory that you could do, but beyond that, if someone made an agent it seems like it would be perfect.
I didn't read through everything yet but these kind of statements are ridiculous, so I'm hoping you're hyperbolizing.
lacks an agent so access is less secure
That's 100% false.
The agent nature is so superior, by such a staggering degree.
This is also 100% false.
but that carries complexity and problems
Care to explain the "complexity" or "problems"?
-
It's not necessarily built for that use case. I think Salt (with agents) is a step backwards when doing immutable infrastructure because you're tying things such as certificates to systems whereas with Ansible, I can build the image and either leave only SSH access if I need it, or completely disable SSH and deploy the servers from the template with no logins at all.
Each tool has it's own purpose. Ansible and Terraform overlap in areas, but that doesn't negate the fact that either should exist.
