I manage patching for about 120 Alma servers using Foreman for version control and Ansible via AWX for updates. My current patching process involves running multiple playbooks sequentially for different batches through a lifecycle that consists of Canaries followed by PreProd and then into Prod. I've tried using host groups in AWX, but found it tedious and prone to mistakes. With the growth of my estate, keeping our processes manual has become too cumbersome. I want advice on how to better organize my hosts in terms of lifecycle, patching days, and efficient batch management with Ansible. I'm considering group hierarchies and host naming conventions to help automate this but would love to hear suggestions. Any tips on automating my patching schedule would also be appreciated!
3 Answers
I recommend establishing a clear group hierarchy in your Ansible inventory to streamline your patching. Look into dynamic inventory scripts or AWX's inventory plugins to automate host assignments. This will help minimize manual work and errors, plus configuring notifications for job statuses will keep you informed about any issues during patching.
I leverage dynamic inventories in my Ansible/AWX setups, and they've really made things easier. What hypervisor are you using for your Alma servers?
We're using VMWare for our virtualization.
A good starting point would be integrating your existing systems into a single CMDB model. You can create a consolidated table to auto-generate your Ansible inventory, which should simplify your life and reduce errors. Remember, each node can belong to multiple groups, allowing flexible queries at runtime. This way, you'll enhance your inventory management without over-complicating it.
That sounds like a solid approach! I'll definitely check out dynamic inventories, especially now that we've updated our Foreman setup. It seems like a time-saver over manual updates, though I want to ensure it's still manageable when adding new servers.