IBM-Security / isam-ansible-roles

DEPRECATED Ansible Custom Modules, Handlers and Tasks for ISAM. Requires "ibmsecurity" python package.
Apache License 2.0
24 stars 43 forks source link

inventory_hostname #18

Closed Scoi4101 closed 7 years ago

Scoi4101 commented 7 years ago

So wanted to discuss a concept:

I am looking to reduce the knowledge our developers have about out environment and am looking to create an alias for the RP instance name so that is all they need to supply to execute playbooks

hosts file would be ~ test-myapp-0024 ansible_host=localhost da_name=test-myapp-0024

So this causes an issue in that the start_confg process is hard coded to inventory_hostname.

Just wanted to put this here and see what thoughts people have.

Thanks

ram-ibm commented 7 years ago

Why not assign group names to the appliances? You could then use the group names for executing playbooks. For example, you could use a group name called "restricted" to contain all appliances with reverse proxies. Supplying "--limit restricted" will make sure that the playbook runs against just those hosts. You could even code your playbook to target appliances using that info like so:

- name: Execute against reverse proxies
  hosts: restricted
  connection: local
  roles:
    - role: set_reverseproxy_conf
      set_reverseproxy_conf_reverseproxy_id: "default"
      set_reverseproxy_conf_entries:
      - stanza_id: "authentication-levels"
        entries:
        - ["level", "unauthenticated"]
        - ["level", "ssl"]
        - ["level", "password"]
ram-ibm commented 7 years ago

Closing this - please re-open if needed.