It’s appropriate to inject the ansible scripts at image creation for offline implementations, but also because network configuration must happen before any scripts can be loaded dynamically.
Support automatic system ansible script updates via git. Also support custom user scripts that override the builtins, also via git. Idempotence will be a challenge if user scripts override settings by system scripts and could create a flapping behavior.
Trust will be a huge challenge here. The git branch must be protected from inadvertent and unapproved writes. All commits must be verified from pre-approved collaborators who perhaps sign agreements. All changes must be controlled through a pull request process with multiple approvers.
It’s appropriate to inject the ansible scripts at image creation for offline implementations, but also because network configuration must happen before any scripts can be loaded dynamically.
Support automatic system ansible script updates via git. Also support custom user scripts that override the builtins, also via git. Idempotence will be a challenge if user scripts override settings by system scripts and could create a flapping behavior.
Trust will be a huge challenge here. The git branch must be protected from inadvertent and unapproved writes. All commits must be verified from pre-approved collaborators who perhaps sign agreements. All changes must be controlled through a pull request process with multiple approvers.