Not much is to be said about “gather_facts”, it says don’t gather facts. But what does this exactly mean? When i was looking it up i just thought it might increase speed, which it does! Only when certain “facts” are needed, you can’t set it to ‘no’. A good indicator is for example a playbook that relies on what type of distribution the system is: ‘Redhat’,’Debian’,’CentOS’ for example. But if you have a playbook that only moves files around or does a deployment that does NOT require these type of facts i would say, disable it! Every option for more speed is always welcome.
To test it out if you need it, simply put “gather_facts: no” in your playbook and run it. If it errors, you know you need it, if not you ‘could’ remove it, taken into account you do test it properly 🙂
Overall practice would suggest that you need to install tower on your “intranet”, while this might be a good solution to some i think that if tower and Ansible do such a good job with working on ‘cloud’ provisioning then its pretty normal to place your tower setup on the internet too (depending on what line of work you are in)
This does come with some problems, getting a proper certificate for the domain is one and its open for attacks. Sure you can say you have a strong password but that doesn’t mean bad guys ‘cant’ bring it down by means of ddos or brute force on your machine which just makes it all more messy. For this issue i am using Cloudflare, some say its ‘sketchy’ but i believe it does a lot of simple jobs really well. By adding cloudflare not only do you have a proper dns setup world wide. You will also get free ssl certificate on top of it. (yes Cloudflare ‘could’ intercept stuff, but if you have so much trouble with that, get the strict ssl setup)
So, just go to cloudflare, change your dns to use theirs. Then in your settings go to the ssl setup.
And make sure you setup this one:
If you get the Flexible SSL you will go into a redirect loop, so don’t use that one!
So i am playing around with ansible these days. Only to find out that every server needs some manual work in order to work with ansible. So why not “ansible” that too? I’ve created a simple function in bash that lets me do “addserver <ipaddress>” and then it does all the default stuff for me. To check it out, just look at my gist entry on github.
Once that is done, then you run a proper playbook against it (to disable remote ssh for root) and all your other stuff 🙂
Update: added !requiretty so you can add pipelining=True in your ansible.cfg for faster running of your playbooks.