That is very interesting, and helpful. Thanks.. On Tue, Jun 27, 2023 at 3:21 PM 'Rowe, Walter P. (Fed)' via Ansible Project <[email protected]> wrote:
> We have an ansible role that applies the CIS Distro Independent Linux 2 > baseline when we launch new machines. We also have an ansible tower > workflow for regularly scheduled patching. At the end of the patching > workflow we again run the CIS baseline role to ensure we are maintaining > compliance with our secure configuration baseline. > > stop machine -> snapshot -> start machine -> patch -> reboot -> test -> > snapshot -> secure config -> reboot > > if patching fails we revert to the starting snapshot. > if secure config fails we revert to the post-test snapshot. > > All of this is done via ansible automation platform. > > Walter > -- > Walter Rowe, Division Chief > Infrastructure Services, OISM > Mobile: 202.355.4123 > > On Jun 27, 2023, at 3:11 PM, John Petro <[email protected]> wrote: > > Good Afternoon, > I was wondering what you all are doing to manage configuration drift. > Are you having ansible fix the drift, are you having it notify you of the > drift, or are you doing something else. At work, we are preparing to start > having some conversations about what we want to do, and I thought this > information from you all might be helpful in our journey. > > Thanks for your time!! > > ---john > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAPAjob9NsjTGPNa_J8oeBbfZQOHjjqy7ELd6eHhodbHuTykkrQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/74E8295F-0895-4DF2-9CF2-1C363FD92C38%40nist.gov > <https://groups.google.com/d/msgid/ansible-project/74E8295F-0895-4DF2-9CF2-1C363FD92C38%40nist.gov?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPAjob8_UviH_X75AZqrPpPSyjx7BKnfX%3DvJBN0dznHZ4H%2B6ag%40mail.gmail.com.
