Right, this why I liked Puppet for drift control critical things. And something I also transferred to Ansible. To avoid hard drift correction, I find you need atleast daily config reset. On developer facing systems, I have found going as often as an hour to as little as 30 min, is important to catch changes and provide predictable "soft" intervals for doing things that require temporary deviation on systems. The longer between forced true ups the harsher the drift reset becomes and the hard to diagnose what caused the drift and failure when correction of a drift cause a break..
On Tue, Jun 27, 2023 at 3:16 PM Todd Lewis <[email protected]> wrote: > I think the idea was carried over when we migrated from Puppet to Ansible, > but all our middleware projects include a "daily" playbook. Ideally they > don't do anything unless something has drifted, although a few feed into > reporting. This is separate from our patch-n-reboot process, which is more > a systems level thing. We try to keep a separation between OS config and > middleware configs, but the OS group's playbook, which follows the > mono-repo pattern, also runs on each host daily. > > On 6/27/23 3:11 PM, John Petro wrote: > > Good Afternoon, > I was wondering what you all are doing to manage configuration drift. > Are you having ansible fix the drift, are you having it notify you of the > drift, or are you doing something else. At work, we are preparing to start > having some conversations about what we want to do, and I thought this > information from you all might be helpful in our journey. > > Thanks for your time!! > > ---john > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/2802f493-fffd-4d25-a89d-3e616faee442%40gmail.com > <https://groups.google.com/d/msgid/ansible-project/2802f493-fffd-4d25-a89d-3e616faee442%40gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEcFzYz9ceBsvtnBsj9tKhb9v7L4QZErTSX3HoZGfUT3aNwwnA%40mail.gmail.com.
