Closed JonTheNiceGuy closed 4 years ago
JonTheNiceGuy
commented
4 years ago This entire repository is based on the assumption that this is the path we might follow. I'm happy to extend this discussion out from there if it's elected not to follow that path!
JonTheNiceGuy
commented
4 years ago Happy to consider Puppet, Chef and Salt as alternatives.
RalphCorderoy
commented
4 years ago Stick with Ansible. It's my preference and Alasdair used it when pushing for recorded configuration on the mailing list.
gwestwood
commented
4 years ago I've no experience with these tools (although did look into Puppet for a job that I didn't get), but I agree that using using proper configuration management tools rather than SSH and poke around is likely to help avoid issues and, as you say, provide a more predictable infrastructure.
JonTheNiceGuy
commented
4 years ago Approved
I've been using Ansible for much of the past 5 years now. I've found it consistently predictable in it's results and it's reasonably self-documenting on why and how it does certain things.
With Ansible, you can also abstract secrets into "vaulted" files, such as this one (a list of the admins, plus either SSH keys or paths to where those SSH keys can be found).
It also means that, using a Vagrantfile or Terraform plan (as can be found here) you can stand up a "mock" of the environment.