Hey everyone! I've got a bunch of network appliances that we manage via Ansible. Currently, we have a repository where we store the configuration files, and every time we make changes, we manually trigger Ansible to apply those updates. I'm looking for a way to automate this process. I checked out GitHub Actions and GitLab, but they require a connection to their servers, which isn't allowed in our case. I also looked into Jenkins, but it seems like it needs to be triggered by a web hook from a remote repository, and I don't like that option. Any suggestions on how to automate the updates without any external connections?
5 Answers
You might want to clarify what types of connections are actually allowed since that seems a bit contradictory. If connections are really that restricted, you might find CI tools problematic. Instead, consider using cron jobs on the devices that can check for updates at intervals. Just ensure you have a backup plan to access the device if something goes wrong with an update. It’s generally safer to use 'pull' methods rather than 'push' for updates.
Have you thought about using ansible-pull? It might allow the appliances to configure themselves without needing Jenkins. Otherwise, you could create a scheduled job in Jenkins to run Ansible periodically, given that webhooks are off the table.
Is there a reason you can't use webhooks from your remote repo to Jenkins? That's a pretty common setup in organizations for automation.
The main issue is that we prefer not to have direct connections to external servers. Can it be done another way?
Just so you know, Jenkins pipelines can actually support manual triggers as well. You might want to look into that option to suit your needs better.
Why not set up self-hosted runners? Tools like Hedgehog Cloud could be a good fit for your needs. This way, you have more control without external dependencies.
Unfortunately, the network appliances can't run Ansible on their own. We need Ansible to log in and execute commands remotely.